About Ubuntu

=========================================================== Ubuntu Security Notice USN-220-1 December 01, 2005 w3c-libwww vulnerability CVE-2005-3183 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger) The following packages are affected: libwww0 The problem can be corrected by upgrading the affected package to version 5.4.0-9ubuntu0.4.10 (for Ubuntu 4.10), 5.4.0-9ubuntu0.5.04 (for Ubuntu 5.04), or 5.4.0-9ubuntu0.5.10 (for Ubuntu 5.10). In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Sam Varshavchik discovered several buffer overflows in the HTBoundary_put_block() function. By sending specially crafted HTTP multipart/byteranges MIME messages, a malicious HTTP server could trigger an out of bounds memory access in the libwww library, which causes the program that uses the library to crash.