Ubuntu Security Notice USN-220-1
1st December, 2005
w3c-libwww vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 5.10
- Ubuntu 5.04
- Ubuntu 4.10
Details
Sam Varshavchik discovered several buffer overflows in the
HTBoundary_put_block() function. By sending specially crafted HTTP
multipart/byteranges MIME messages, a malicious HTTP server could
trigger an out of bounds memory access in the libwww library, which
causes the program that uses the library to crash.
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 5.10:
- libwww0
- Ubuntu 5.04:
- libwww0
- Ubuntu 4.10:
- libwww0
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
None