drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Pufferüberläufe in Dia
Name: |
Pufferüberläufe in Dia |
|
ID: |
USN-286-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 5.04, Ubuntu 5.10 |
|
Datum: |
Mi, 24. Mai 2006, 13:18 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2453
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2480 |
|
Applikationen: |
dia |
|
Originalnachricht |
--===============0230045519== Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="YiEDa0DAkWCtVeE4" Content-Disposition: inline
--YiEDa0DAkWCtVeE4 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
=========================================================== Ubuntu Security Notice USN-286-1 May 24, 2006 dia vulnerabilities CVE-2006-2453, CVE-2006-2480 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger)
The following packages are affected:
dia dia-gnome
The problem can be corrected by upgrading the affected package to version 0.94.0-5ubuntu1.3 (for Ubuntu 5.04), or 0.94.0-11ubuntu1.2 (for Ubuntu 5.10). After doing a standard system upgrade you need to restart dia to effect the necessary changes.
Details follow:
Several format string vulnerabilities have been discovered in dia. By tricking a user into opening a specially crafted dia file, or a file with a specially crafted name, this could be exploited to execute arbitrary code with the user's privileges.
Updated packages for Ubuntu 5.04:
Source archives:
dia_0.94.0-5ubuntu1.3.diff.gz Size/MD5: 17086 d5771a080f9fab65abe39fa461b0be3f http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia_0.94.0-5ubuntu1.3.dsc Size/MD5: 1408 dfca9d13543432df3ff0b89dd87694ad http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia_0.94.0.orig.tar.gz Size/MD5: 5241128 d2afdc10f55df29314250d98dbfd7a79
Architecture independent packages:
dia-common_0.94.0-5ubuntu1.3_all.deb Size/MD5: 2148748 fc6799fd655d1417c1c382992dd28ab1
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
dia-gnome_0.94.0-5ubuntu1.3_amd64.deb Size/MD5: 194954 2912894e6aa809b200c0435475a02009 dia-libs_0.94.0-5ubuntu1.3_amd64.deb Size/MD5: 659674 b318e38937352a027afd3772621566f9 dia_0.94.0-5ubuntu1.3_amd64.deb Size/MD5: 193266 cd0496cef2874ef740abafe9f28d53ec
i386 architecture (x86 compatible Intel/AMD)
dia-gnome_0.94.0-5ubuntu1.3_i386.deb Size/MD5: 176988 e9b27d3c32f4c683f9a0878f74b04df5 dia-libs_0.94.0-5ubuntu1.3_i386.deb Size/MD5: 580590 60aa194372a368dad6c15b096c74a3f4 dia_0.94.0-5ubuntu1.3_i386.deb Size/MD5: 175510 c8bdfa25f8d165aa319b91dcdaa10004
powerpc architecture (Apple Macintosh G3/G4/G5)
dia-gnome_0.94.0-5ubuntu1.3_powerpc.deb Size/MD5: 184652 a2616015be8f766ed36ba7a0fe6f1fa0 dia-libs_0.94.0-5ubuntu1.3_powerpc.deb Size/MD5: 675104 bca6250681070c0045dba899f6f11707 dia_0.94.0-5ubuntu1.3_powerpc.deb Size/MD5: 183176 38213309ad4f232332aa62b47c2286df
Updated packages for Ubuntu 5.10:
Source archives:
dia_0.94.0-11ubuntu1.2.diff.gz Size/MD5: 32541 a71619e0d5df51e905a68328c54c01d9 dia_0.94.0-11ubuntu1.2.dsc Size/MD5: 1423 8d3d29b9e45d9d53f690a15643e72e96 http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia_0.94.0.orig.tar.gz Size/MD5: 5241128 d2afdc10f55df29314250d98dbfd7a79
Architecture independent packages:
dia-common_0.94.0-11ubuntu1.2_all.deb Size/MD5: 2148928 ed8976d604e4929c85c8e9bab40406f0
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
dia-gnome_0.94.0-11ubuntu1.2_amd64.deb Size/MD5: 194656 6a830bb38a1720bd19f12e96074a9418 dia-libs_0.94.0-11ubuntu1.2_amd64.deb Size/MD5: 659118 e831effa3a3d9b2990e4b2c3f7b9d46a dia_0.94.0-11ubuntu1.2_amd64.deb Size/MD5: 193170 e7ac00a876bb8e24691a8fa3933ab0f5
i386 architecture (x86 compatible Intel/AMD)
dia-gnome_0.94.0-11ubuntu1.2_i386.deb Size/MD5: 171796 6ea1f835eb7c4315084190e8f628b6ec dia-libs_0.94.0-11ubuntu1.2_i386.deb Size/MD5: 549270 44d546e86e6c81936c1ab278a71f2ebc dia_0.94.0-11ubuntu1.2_i386.deb Size/MD5: 170448 e342deec10cef78f9f83fd8e691392d0
powerpc architecture (Apple Macintosh G3/G4/G5)
dia-gnome_0.94.0-11ubuntu1.2_powerpc.deb Size/MD5: 185366 b2d487e8a89ace311fc5b9ed29088c92 dia-libs_0.94.0-11ubuntu1.2_powerpc.deb Size/MD5: 667448 0495b9a9ff9ea8836d9c371d254005f5 dia_0.94.0-11ubuntu1.2_powerpc.deb Size/MD5: 183888 b422aa2ae4f2ad2021e4dcd27b63cfc2
--YiEDa0DAkWCtVeE4 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFEdAvtDecnbV4Fd/IRAh9yAKDYllIpsH1T9DXueF7WU4QMowlTCQCcCwmv Pf4ntPMN2nFUy5djrHN1iSE= =OMnJ -----END PGP SIGNATURE-----
--YiEDa0DAkWCtVeE4--
--===============0230045519== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============0230045519==--
|
|
|
|