[USN-545-1] link-grammar vulnerability

Kees Cook kees at ubuntu.com
Tue Nov 27 00:47:48 UTC 2007


=========================================================== 
Ubuntu Security Notice USN-545-1          November 26, 2007
link-grammar vulnerability
CVE-2007-5395
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 7.10:
  liblink-grammar4                4.2.2-4ubuntu0.7.10.1

After a standard system upgrade you need to restart AbiWord to effect
the necessary changes.

Details follow:

Alin Rad Pop discovered that AbiWord's Link Grammar parser did not
correctly handle overly-long words.  If a user were tricked into opening
a specially crafted document, AbiWord, or other applications using Link
Grammar, could be made to crash.


Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/l/link-grammar/link-grammar_4.2.2-4ubuntu0.7.10.1.diff.gz
      Size/MD5:     8372 9d6103a3d8b9055aeb8e9fb151c629d8
    http://security.ubuntu.com/ubuntu/pool/main/l/link-grammar/link-grammar_4.2.2-4ubuntu0.7.10.1.dsc
      Size/MD5:      771 3416e046bf63eefc9b8e185666e11b1e
    http://security.ubuntu.com/ubuntu/pool/main/l/link-grammar/link-grammar_4.2.2.orig.tar.gz
      Size/MD5:   742163 798c165b7d7f26e60925c30515c45782

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/l/link-grammar/link-grammar-dictionaries-en_4.2.2-4ubuntu0.7.10.1_all.deb
      Size/MD5:   261630 b4b9b5e5f1a9b4a04dbf4074add17867

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4ubuntu0.7.10.1_amd64.deb
      Size/MD5:   129244 0db2bc55f7c9e9f3ce1276020200d6aa
    http://security.ubuntu.com/ubuntu/pool/main/l/link-grammar/liblink-grammar4_4.2.2-4ubuntu0.7.10.1_amd64.deb
      Size/MD5:    98100 de97f8c7fa03e774b6038bd326834f7a
    http://security.ubuntu.com/ubuntu/pool/universe/l/link-grammar/link-grammar_4.2.2-4ubuntu0.7.10.1_amd64.deb
      Size/MD5:    16430 dbcd4fca4249a475abd450f7009b68de

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4ubuntu0.7.10.1_i386.deb
      Size/MD5:   111178 d619bf104ae4b3026b4ac7dd7952d5ee
    http://security.ubuntu.com/ubuntu/pool/main/l/link-grammar/liblink-grammar4_4.2.2-4ubuntu0.7.10.1_i386.deb
      Size/MD5:    90558 912431a563343836f56b20daf237c8e8
    http://security.ubuntu.com/ubuntu/pool/universe/l/link-grammar/link-grammar_4.2.2-4ubuntu0.7.10.1_i386.deb
      Size/MD5:    15706 5a72b07d1b6a825a11148193e94bc5e3

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4ubuntu0.7.10.1_powerpc.deb
      Size/MD5:   130238 7266fb1779805cf1416afb6349142532
    http://security.ubuntu.com/ubuntu/pool/main/l/link-grammar/liblink-grammar4_4.2.2-4ubuntu0.7.10.1_powerpc.deb
      Size/MD5:    97756 c23f581e5b62c6af38f08906f1f6521e
    http://security.ubuntu.com/ubuntu/pool/universe/l/link-grammar/link-grammar_4.2.2-4ubuntu0.7.10.1_powerpc.deb
      Size/MD5:    17052 c5005abc099c10b7687dd85123dc29a4

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4ubuntu0.7.10.1_sparc.deb
      Size/MD5:   118768 d88eee3ff0a918780689a72f7e14d2fa
    http://security.ubuntu.com/ubuntu/pool/main/l/link-grammar/liblink-grammar4_4.2.2-4ubuntu0.7.10.1_sparc.deb
      Size/MD5:    91400 5a14c7a0baa9f2d9ba23f7130896c332
    http://security.ubuntu.com/ubuntu/pool/universe/l/link-grammar/link-grammar_4.2.2-4ubuntu0.7.10.1_sparc.deb
      Size/MD5:    16126 6179e67b9eaaef830f1bd7d461fbee62

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20071126/04be1cc7/attachment.sig>


More information about the ubuntu-security-announce mailing list