Support / Security / Advisories / Corporate Server 3.0 / MDKSA-2006:202

Package name: wv
Date: 2006-11-07
Advisory ID: MDKSA-2006:202
Affected versions: 2006.0 i586 , 2007.0 x86_64 , 2007.0 i586 , CS3.0 x86_64 , CS3.0 i586 , 2006.0 x86_64

Problem description

Multiple integer overflows in the WV library in wvWare (formerly
mswordview) before 1.2.3, as used by AbiWord?, KWord, and possibly
other products, allow user-assisted remote attackers to execute
arbitrary code via a crafted Microsoft Word (DOC) file that produces
(1) large LFO clfolvl values in the wvGetLFO_records function or (2) a
large LFO nolfo value in the wvGetFLO_PLF function.

Updated packages have been patched to correct these issues.

Updated packages

2006.0 i586

 c176882af438f2855ad1ac719ea9fc04  2006.0/i586/libwv-1.0_3-1.0.3-3.1.20060mdk.i586.rpm
 751dc9e1689833876cb1c2a0feaa507e  2006.0/i586/libwv-1.0_3-devel-1.0.3-3.1.20060mdk.i586.rpm
 3e05943cd2ce03ddd3632ea790ad08fa  2006.0/i586/wv-1.0.3-3.1.20060mdk.i586.rpm 
 3da51e07d25e318ce98d027361ca0d38  2006.0/SRPMS/wv-1.0.3-3.1.20060mdk.src.rpm

2007.0 x86_64

 ffaa9c1620c2219f6729f42098a2f2c7  2007.0/x86_64/lib64wv-1.2_0-1.2.0-6.1mdv2007.0.x86_64.rpm
 218209af9a92f6ff5d061e6cd1004522  2007.0/x86_64/lib64wv-1.2_0-devel-1.2.0-6.1mdv2007.0.x86_64.rpm
 af48a39af76ec32a9c0bda829d3c094e  2007.0/x86_64/wv-1.2.0-6.1mdv2007.0.x86_64.rpm 
 605b61cd28794f0e2a1657286e2e9b9f  2007.0/SRPMS/wv-1.2.0-6.1mdv2007.0.src.rpm

2007.0 i586

 f99e2be25e5532910e963a46ff34a0f7  2007.0/i586/libwv-1.2_0-1.2.0-6.1mdv2007.0.i586.rpm
 f5ce02431ca181a1d8b4c66fa83fdea2  2007.0/i586/libwv-1.2_0-devel-1.2.0-6.1mdv2007.0.i586.rpm
 eae36b8ab1ffca3528154c9aaf2a1cc0  2007.0/i586/wv-1.2.0-6.1mdv2007.0.i586.rpm 
 605b61cd28794f0e2a1657286e2e9b9f  2007.0/SRPMS/wv-1.2.0-6.1mdv2007.0.src.rpm

CS3.0 x86_64

 e57570724d3d286c0f218f0be359de19  corporate/3.0/x86_64/lib64wv-1.0_0-1.0.0-1.3.C30mdk.x86_64.rpm
 f4a7a48698062e11872b962cfce782fe  corporate/3.0/x86_64/lib64wv-1.0_0-devel-1.0.0-1.3.C30mdk.x86_64.rpm
 952c83dee6c42a8d03daa063b8dd4b5d  corporate/3.0/x86_64/wv-1.0.0-1.3.C30mdk.x86_64.rpm 
 bcb4a6f8a6795ab806525a788f9aecdb  corporate/3.0/SRPMS/wv-1.0.0-1.3.C30mdk.src.rpm

CS3.0 i586

 a14668306062c5d70ab19a08cb9c292c  corporate/3.0/i586/libwv-1.0_0-1.0.0-1.3.C30mdk.i586.rpm
 d6ad018517e90969f6dd872610524a7b  corporate/3.0/i586/libwv-1.0_0-devel-1.0.0-1.3.C30mdk.i586.rpm
 c7d9681d497f4f2c48a9f97a997fc142  corporate/3.0/i586/wv-1.0.0-1.3.C30mdk.i586.rpm 
 bcb4a6f8a6795ab806525a788f9aecdb  corporate/3.0/SRPMS/wv-1.0.0-1.3.C30mdk.src.rpm

2006.0 x86_64

 d66a09a81fdc11a12fe48c1115e247ec  2006.0/x86_64/lib64wv-1.0_3-1.0.3-3.1.20060mdk.x86_64.rpm
 50a02068dcdcbf5238b619d7f22b2490  2006.0/x86_64/lib64wv-1.0_3-devel-1.0.3-3.1.20060mdk.x86_64.rpm
 fba9cbca5c8207417353fd777a1578bf  2006.0/x86_64/wv-1.0.3-3.1.20060mdk.x86_64.rpm 
 3da51e07d25e318ce98d027361ca0d38  2006.0/SRPMS/wv-1.0.3-3.1.20060mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4513