Debian Security Advisory
DSA-1100-1 wv2 -- integer overflow
- Date Reported:
- 15 Jun 2006
- Affected Packages:
- wv2
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2006-2197.
- More information:
-
A boundary checking error has been discovered in wv2, a library for accessing Microsoft Word documents, which can lead to an integer overflow induced by processing word files.
The old stable distribution (woody) does not contain wv2 packages.
For the stable distribution (sarge) this problem has been fixed in version 0.2.2-1sarge1
For the unstable distribution (sid) this problem will be fixed soon.
We recommend that you upgrade your libwv packages.
- Fixed in:
-
Debian GNU/Linux 3.1 (sarge)
- Source:
- http://security.debian.org/pool/updates/main/w/wv2/wv2_0.2.2-1sarge1.dsc
- http://security.debian.org/pool/updates/main/w/wv2/wv2_0.2.2-1sarge1.diff.gz
- http://security.debian.org/pool/updates/main/w/wv2/wv2_0.2.2.orig.tar.gz
- http://security.debian.org/pool/updates/main/w/wv2/wv2_0.2.2-1sarge1.diff.gz
- Alpha:
- http://security.debian.org/pool/updates/main/w/wv2/libwv2-1_0.2.2-1sarge1_alpha.deb
- http://security.debian.org/pool/updates/main/w/wv2/libwv2-dev_0.2.2-1sarge1_alpha.deb
- http://security.debian.org/pool/updates/main/w/wv2/libwv2-dev_0.2.2-1sarge1_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/w/wv2/libwv2-1_0.2.2-1sarge1_amd64.deb
- http://security.debian.org/pool/updates/main/w/wv2/libwv2-dev_0.2.2-1sarge1_amd64.deb
- http://security.debian.org/pool/updates/main/w/wv2/libwv2-dev_0.2.2-1sarge1_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/main/w/wv2/libwv2-1_0.2.2-1sarge1_arm.deb
- http://security.debian.org/pool/updates/main/w/wv2/libwv2-dev_0.2.2-1sarge1_arm.deb
- http://security.debian.org/pool/updates/main/w/wv2/libwv2-dev_0.2.2-1sarge1_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/w/wv2/libwv2-1_0.2.2-1sarge1_i386.deb
- http://security.debian.org/pool/updates/main/w/wv2/libwv2-dev_0.2.2-1sarge1_i386.deb
- http://security.debian.org/pool/updates/main/w/wv2/libwv2-dev_0.2.2-1sarge1_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/w/wv2/libwv2-1_0.2.2-1sarge1_ia64.deb
- http://security.debian.org/pool/updates/main/w/wv2/libwv2-dev_0.2.2-1sarge1_ia64.deb
- http://security.debian.org/pool/updates/main/w/wv2/libwv2-dev_0.2.2-1sarge1_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/w/wv2/libwv2-1_0.2.2-1sarge1_hppa.deb
- http://security.debian.org/pool/updates/main/w/wv2/libwv2-dev_0.2.2-1sarge1_hppa.deb
- http://security.debian.org/pool/updates/main/w/wv2/libwv2-dev_0.2.2-1sarge1_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/w/wv2/libwv2-1_0.2.2-1sarge1_m68k.deb
- http://security.debian.org/pool/updates/main/w/wv2/libwv2-dev_0.2.2-1sarge1_m68k.deb
- http://security.debian.org/pool/updates/main/w/wv2/libwv2-dev_0.2.2-1sarge1_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/w/wv2/libwv2-1_0.2.2-1sarge1_mips.deb
- http://security.debian.org/pool/updates/main/w/wv2/libwv2-dev_0.2.2-1sarge1_mips.deb
- http://security.debian.org/pool/updates/main/w/wv2/libwv2-dev_0.2.2-1sarge1_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/w/wv2/libwv2-1_0.2.2-1sarge1_mipsel.deb
- http://security.debian.org/pool/updates/main/w/wv2/libwv2-dev_0.2.2-1sarge1_mipsel.deb
- http://security.debian.org/pool/updates/main/w/wv2/libwv2-dev_0.2.2-1sarge1_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/w/wv2/libwv2-1_0.2.2-1sarge1_powerpc.deb
- http://security.debian.org/pool/updates/main/w/wv2/libwv2-dev_0.2.2-1sarge1_powerpc.deb
- http://security.debian.org/pool/updates/main/w/wv2/libwv2-dev_0.2.2-1sarge1_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/w/wv2/libwv2-1_0.2.2-1sarge1_s390.deb
- http://security.debian.org/pool/updates/main/w/wv2/libwv2-dev_0.2.2-1sarge1_s390.deb
- http://security.debian.org/pool/updates/main/w/wv2/libwv2-dev_0.2.2-1sarge1_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/w/wv2/libwv2-1_0.2.2-1sarge1_sparc.deb
- http://security.debian.org/pool/updates/main/w/wv2/libwv2-dev_0.2.2-1sarge1_sparc.deb
- http://security.debian.org/pool/updates/main/w/wv2/libwv2-dev_0.2.2-1sarge1_sparc.deb
MD5 checksums of the listed files are available in the original advisory.