About Ubuntu

=========================================================== Ubuntu Security Notice USN-300-1 June 14, 2006 wv2 vulnerability CVE-2006-2197 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.04 Ubuntu 5.10 Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.04: libwv2-1 0.2.2-1ubuntu1.1 libwv2-dev 0.2.2-1ubuntu1.1 Ubuntu 5.10: libwv2-1c2 0.2.2-1ubuntu2.1 libwv2-dev 0.2.2-1ubuntu2.1 Ubuntu 6.06 LTS: libwv2-1c2 0.2.2-5ubuntu0.1 libwv2-dev 0.2.2-5ubuntu0.1 After a standard system upgrade you need to restart KWord to effect the necessary changes. Details follow: libwv2 did not sufficiently check the validity of its input. Certain invalid Word documents caused a buffer overflow. By tricking a user into opening a specially crafted Word file with an application that uses libwv2, this could be exploited to execute arbitrary code with the user's privileges. The only packaged application using this library is KWord.