Bug 152754

Summary: CAN-2004-0645-Abiword wv component buffer overflow
Product: [Retired] Fedora Legacy Reporter: Marc Deslauriers <marc.deslauriers>
Component: Package requestAssignee: Fedora Legacy Bugs <bugs>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: botsch, pekkas
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0645
Whiteboard: LEGACY, QA, rh73, rh90
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description David Lawrence 2005-03-30 23:26:17 UTC 
Buffer overflow in the wvHandleDateTimePicture function in wv library (wvWare)
0.7.4 through 0.7.6 and 1.0.0 allows remote attackers to execute arbitrary code
via a document with a long DateTime field.

More info:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0645
http://www.abisource.com/release-notes/2.0.9.phtml
http://www.idefense.com/application/poi/display?id=115&type=vulnerabilities&flashstatus=true
http://xforce.iss.net/xforce/xfdb/16660
http://www.redhat.com/archives/fedora-test-list/2004-July/msg00444.html

A quick check shows abiword in both rh73 and rh9 to be vulnerable.



------- Additional Comments From dwb7.edu 2004-08-31 08:01:02 ----

Created an attachment (id=824)
patch to field.c

Backported patch from the Redhat patch.



------- Additional Comments From dwb7.edu 2004-08-31 08:17:46 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Build packages for RH7.3 using included patch in the bug report:

sha1sum -b abi*
40eef3e5216dadaa9ddce796f501c8ce4227d3ac *abiword-0.99.5-2.legacy.7x.i386.rpm
bed2e0d6a1b19b03693044c792ec54f08db23961 *abiword-0.99.5-2.legacy.7x.src.rpm

download from 
http://cf.ccmr.cornell.edu/publicdownloads/fedoralegacy-testing/abiword

- -DWB
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBNMCmSY7s7uPf/IURAg9jAJ9y2E/UI3EwJN4aQT6VEbuZy8BfNACgjIOp
RWaFcOzCoGRjHsG/gpYMgiw=
=XBYr
-----END PGP SIGNATURE-----




------- Additional Comments From marcdeslauriers 2004-08-31 13:44:07 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

QA on abiword package for 7.3:

bed2e0d6a1b19b03693044c792ec54f08db23961 abiword-0.99.5-2.legacy.7x.src.rpm

- - Source files identical to previous release
- - Patch looks good
- - Spec file looks good
- - Build OK
- - Installs OK
- - Runs OK

My only comment, is it should be called:

abiword-0.99.5-3.legacy.src.rpm

+PUBLISH

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBNQ1aLMAs/0C4zNoRAnx8AKCcxlQWQ7zI0B3/Rx8gN63jkw06HwCgiFcq
aezYr7IMgnuJodRdCAzIzuQ=
=b4sC
-----END PGP SIGNATURE-----




------- Additional Comments From marcdeslauriers 2004-09-01 15:06:17 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Here are new abiword packages to QA for rh9:

50373bb8d615105d3b12ddea3bf23f189f508991  abiword-1.0.4-3.legacy.i386.rpm
3b41b9433bc0daba1ecd3e3c38fd4c0e49626a2d  abiword-1.0.4-3.legacy.src.rpm

http://www.infostrategique.com/linuxrpms/legacy/9/abiword-1.0.4-3.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/abiword-1.0.4-3.legacy.src.rpm

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBNnHbLMAs/0C4zNoRAtFkAJsGykS7FGiUKyt2W10hRamTuaKFtgCffIH5
Uv7cTLlYqozL/ckxc1wiKfI=
=SICz
-----END PGP SIGNATURE-----




------- Additional Comments From mule 2004-09-10 08:43:59 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
50373bb8d615105d3b12ddea3bf23f189f508991  abiword-1.0.4-3.legacy.i386.rpm
3b41b9433bc0daba1ecd3e3c38fd4c0e49626a2d  abiword-1.0.4-3.legacy.src.rpm
 
For Red Hat 9
* spec file looks ok
* builds from source
* installs ok
 
PUBLISH
 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
 
iD8DBQFBQfVtTsaUa9pp4VIRAtzMAJ9KnOxd5/g1MYUVkrprtJGSeNOY6ACg62Xz
2GThvyCPDbVisulIaGYTM3M=
=xW4b
-----END PGP SIGNATURE-----




------- Additional Comments From dom 2004-09-19 07:23:07 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

QA for redhat 9:

3b41b9433bc0daba1ecd3e3c38fd4c0e49626a2d  abiword-1.0.4-3.legacy.src.rpm

- - SPEC file is good
- - patch looks sane
- - other sources match previous redhat release
- - builds
- - installs

PUBLISH
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBTcBjYzuFKFF44qURAvlAAJwJilY/2Y1K+RHMRzXCDJ5nI6bqrQCg7rJU
FrIey/UcbQb4KQ2bc16Bdos=
=6Ylo
-----END PGP SIGNATURE-----




------- Additional Comments From dom 2004-09-19 07:36:34 ----

Draft advisory:
http://www-astro.physics.ox.ac.uk/~dom/legacy/advisories/1906-abiword-draft.txt



------- Additional Comments From marcdeslauriers 2004-10-05 14:59:11 ----

There is a problem with the patch we added to the rh9 package. I'll rebuild
packages with a revised patch in a few minutes.




------- Additional Comments From marcdeslauriers 2004-10-05 16:02:25 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Here are rh9 packages with an updated patch.
Please QA quickly so we can release these to updates-testing.

Changelog:
* Tue Oct 05 2004 Marc Deslauriers <marcdeslauriers> 1:1.0.4-4.legacy
- - Added a better wv security fix (CAN-2004-0645)
 
* Wed Sep 01 2004 Marc Deslauriers <marcdeslauriers> 1:1.0.4-3.legacy
- - wv security fix (CAN-2004-0645)

b22f7fdc3bfdf13d63545d000646a969b631d0ef  abiword-1.0.4-4.legacy.i386.rpm
5cbd90fab9ecf2e9762616c158f49500db18bb63  abiword-1.0.4-4.legacy.src.rpm

http://www.infostrategique.com/linuxrpms/legacy/9/abiword-1.0.4-4.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/abiword-1.0.4-4.legacy.src.rpm

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBY1I4LMAs/0C4zNoRAmAjAJ9hgC+NZcW5hioUgg7igRfbPWRlLwCbBA6Y
8RTWYfccQVZ3zvxtMxiblwM=
=I/i+
-----END PGP SIGNATURE-----




------- Additional Comments From dom 2004-10-19 07:55:01 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

QA against abiword-1.0.4-3.legacy for rh9:

5cbd90fab9ecf2e9762616c158f49500db18bb63  abiword-1.0.4-4.legacy.src.rpm

- - SOURCES match
- - patch sane
- - builds
- - runs okay, saves and rereads a simple document.

PUBLISH
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBdVSuYzuFKFF44qURAr/XAKDRnSRJ2T2zg7H+83o76Xkpu0HcQgCgt3qD
63eIPmYOF4kiB97DoawpnGA=
=RxyK
-----END PGP SIGNATURE-----



------- Additional Comments From ckelley 2004-10-20 06:06:09 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
7f1f7f8a7fd6c0e4ab2a3820c494763d1f398b78  abiword-0.99.5-3.legacy.i386.rpm
1de1739c89ad268ad00407f792d4ae587fc12519  abiword-0.99.5-3.legacy.src.rpm
 
The following files exist in abiword-0.99.5-2.i386.rpm, but not in
abiword-0.99.5-3.legacy.i386.rpm:
 
 /usr/share/AbiSuite/AbiWord/sample/impexp
 /usr/share/AbiSuite/AbiWord/sample/impexp/GNUmakefile.am
 /usr/share/AbiSuite/AbiWord/sample/impexp/README.TXT
 
I can't see anything obvious in the specfile or patches that would
explain the differences.  The same thing happens when I rebuild from
the source package on my machine.  It looks like a BuildReq is
missing...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
 
iD8DBQFBdoziyQ+yTHz+jJkRAmbZAJ9oS5s0Y371cMqiLqPvBIFFEnUaZACgvk9f
inZDvSKHcDeqPGb8uNurcic=
=G9sT
-----END PGP SIGNATURE-----




------- Additional Comments From dom 2004-11-04 12:48:23 ----

Created an attachment (id=910)
mach log for abiword-0.99.5-3.legacy

I can't see what's causing this omission. Can anyone spot anything I can't in
the build log?



------- Additional Comments From ckelley 2004-11-05 04:19:10 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
Packages for 7.3:
 
d5f778ec4983b7742f9795a745707a90e9b82587  abiword-0.99.5-4.legacy.src.rpm
82f5ae0020ff0e74950f78e1d1589ef4b96038ff  abiword-0.99.5-4.legacy.i386.rpm
 
http://www.ibnads.com/fedora-legacy/abiword
 
Please try building in mach.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
 
iD8DBQFBi4vLyQ+yTHz+jJkRAm7HAKCX6d4jR3eK+yas635DlCvAu4P4FACbBplS
2Kv6Uro/0c3vn96IcrjrWZM=
=bXYR
-----END PGP SIGNATURE-----




------- Additional Comments From pekkas 2004-12-13 08:37:14 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

fadc8f407110a121ced851d20748c7807f2f71a2  abiword-1.0.4-5.legacy.i386.rpm

Signature verified.

Works OK, opening a simple file.

Tested on RH9.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBveFDGHbTkzxSL7QRAif9AKDAMeXFqd/a7WrVG3gu5t1KqtDmsgCglBIO
xdwK3zdORrvS93otBtX9L2o=
=WBde
-----END PGP SIGNATURE-----




------- Additional Comments From pekkas 2004-12-14 10:19:36 ----

In case it wasn't clear, my message above was meant as a +VERIFY :).



------- Additional Comments From mschout 2005-02-05 14:22:42 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Redhat 7.3:

6fae7b296b25173f3c275e5b6d57e44a1e8dd453  abiword-0.99.5-5.legacy.i386.rpm

* rpm --checksig:
  abiword-0.99.5-5.legacy.i386.rpm: md5 gpg OK
* signed by secnotice with valid GPG signature.
* package installs with no errors.
* appears to work normally.  Created a new document, saved it, re-opened
  it.  Everything works as expected.

+VERIFY RHL7.3
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFCBWNC+CqvSzp9LOwRAkEOAKCbs+WtzEDu4wIzAfZeVq7/Lvz0bQCgilEy
tsOvFlwp39sDjfdMPM8qs+c=
=aLno
-----END PGP SIGNATURE-----




------- Additional Comments From dom 2005-02-09 15:42:49 ----

pushed to updates



------- Bug moved to this database by dkl 2005-03-30 18:26 -------

This bug previously known as bug 1906 at https://bugzilla.fedora.us/
https://bugzilla.fedora.us/show_bug.cgi?id=1906
Originally filed under the Fedora Legacy product and Package request component.

Attachments:
patch to field.c
https://bugzilla.fedora.us/attachment.cgi?action=view&id=824
mach log for abiword-0.99.5-3.legacy
https://bugzilla.fedora.us/attachment.cgi?action=view&id=910

Unknown priority P2. Setting to default priority "normal".
Unknown platform PC. Setting to default platform "All".
Setting qa contact to the default for this product.
   This bug either had no qa contact or an invalid one.