USN-220-1: w3c-libwww vulnerability

1 December 2005

w3c-libwww vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 5.10
  • Ubuntu 5.04
  • Ubuntu 4.10

Software Description

Details

Sam Varshavchik discovered several buffer overflows in the HTBoundary_put_block() function. By sending specially crafted HTTP multipart/byteranges MIME messages, a malicious HTTP server could trigger an out of bounds memory access in the libwww library, which causes the program that uses the library to crash.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 5.10
libwww0
Ubuntu 5.04
libwww0
Ubuntu 4.10
libwww0

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

References