Login
Newsletter
Werbung

Sicherheit: Pufferüberläufe in Dia
Aktuelle Meldungen Distributionen
Name: Pufferüberläufe in Dia
ID: USN-286-1
Distribution: Ubuntu
Plattformen: Ubuntu 5.04, Ubuntu 5.10
Datum: Mi, 24. Mai 2006, 13:18
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2453
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2480
Applikationen: dia

Originalnachricht


--===============0230045519==
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature";
boundary="YiEDa0DAkWCtVeE4"
Content-Disposition: inline


--YiEDa0DAkWCtVeE4
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

===========================================================
Ubuntu Security Notice USN-286-1 May 24, 2006
dia vulnerabilities
CVE-2006-2453, CVE-2006-2480
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

dia
dia-gnome

The problem can be corrected by upgrading the affected package to
version 0.94.0-5ubuntu1.3 (for Ubuntu 5.04), or 0.94.0-11ubuntu1.2
(for Ubuntu 5.10). After doing a standard system upgrade you need to
restart dia to effect the necessary changes.

Details follow:

Several format string vulnerabilities have been discovered in dia. By
tricking a user into opening a specially crafted dia file, or a
file with a specially crafted name, this could be exploited to execute
arbitrary code with the user's privileges.


Updated packages for Ubuntu 5.04:

Source archives:

dia_0.94.0-5ubuntu1.3.diff.gz
Size/MD5: 17086 d5771a080f9fab65abe39fa461b0be3f
http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia_0.94.0-5ubuntu1.3.dsc
Size/MD5: 1408 dfca9d13543432df3ff0b89dd87694ad
http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia_0.94.0.orig.tar.gz
Size/MD5: 5241128 d2afdc10f55df29314250d98dbfd7a79

Architecture independent packages:

dia-common_0.94.0-5ubuntu1.3_all.deb
Size/MD5: 2148748 fc6799fd655d1417c1c382992dd28ab1

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

dia-gnome_0.94.0-5ubuntu1.3_amd64.deb
Size/MD5: 194954 2912894e6aa809b200c0435475a02009
dia-libs_0.94.0-5ubuntu1.3_amd64.deb
Size/MD5: 659674 b318e38937352a027afd3772621566f9
dia_0.94.0-5ubuntu1.3_amd64.deb
Size/MD5: 193266 cd0496cef2874ef740abafe9f28d53ec

i386 architecture (x86 compatible Intel/AMD)

dia-gnome_0.94.0-5ubuntu1.3_i386.deb
Size/MD5: 176988 e9b27d3c32f4c683f9a0878f74b04df5
dia-libs_0.94.0-5ubuntu1.3_i386.deb
Size/MD5: 580590 60aa194372a368dad6c15b096c74a3f4
dia_0.94.0-5ubuntu1.3_i386.deb
Size/MD5: 175510 c8bdfa25f8d165aa319b91dcdaa10004

powerpc architecture (Apple Macintosh G3/G4/G5)

dia-gnome_0.94.0-5ubuntu1.3_powerpc.deb
Size/MD5: 184652 a2616015be8f766ed36ba7a0fe6f1fa0
dia-libs_0.94.0-5ubuntu1.3_powerpc.deb
Size/MD5: 675104 bca6250681070c0045dba899f6f11707
dia_0.94.0-5ubuntu1.3_powerpc.deb
Size/MD5: 183176 38213309ad4f232332aa62b47c2286df

Updated packages for Ubuntu 5.10:

Source archives:

dia_0.94.0-11ubuntu1.2.diff.gz
Size/MD5: 32541 a71619e0d5df51e905a68328c54c01d9
dia_0.94.0-11ubuntu1.2.dsc
Size/MD5: 1423 8d3d29b9e45d9d53f690a15643e72e96
http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia_0.94.0.orig.tar.gz
Size/MD5: 5241128 d2afdc10f55df29314250d98dbfd7a79

Architecture independent packages:

dia-common_0.94.0-11ubuntu1.2_all.deb
Size/MD5: 2148928 ed8976d604e4929c85c8e9bab40406f0

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

dia-gnome_0.94.0-11ubuntu1.2_amd64.deb
Size/MD5: 194656 6a830bb38a1720bd19f12e96074a9418
dia-libs_0.94.0-11ubuntu1.2_amd64.deb
Size/MD5: 659118 e831effa3a3d9b2990e4b2c3f7b9d46a
dia_0.94.0-11ubuntu1.2_amd64.deb
Size/MD5: 193170 e7ac00a876bb8e24691a8fa3933ab0f5

i386 architecture (x86 compatible Intel/AMD)

dia-gnome_0.94.0-11ubuntu1.2_i386.deb
Size/MD5: 171796 6ea1f835eb7c4315084190e8f628b6ec
dia-libs_0.94.0-11ubuntu1.2_i386.deb
Size/MD5: 549270 44d546e86e6c81936c1ab278a71f2ebc
dia_0.94.0-11ubuntu1.2_i386.deb
Size/MD5: 170448 e342deec10cef78f9f83fd8e691392d0

powerpc architecture (Apple Macintosh G3/G4/G5)

dia-gnome_0.94.0-11ubuntu1.2_powerpc.deb
Size/MD5: 185366 b2d487e8a89ace311fc5b9ed29088c92
dia-libs_0.94.0-11ubuntu1.2_powerpc.deb
Size/MD5: 667448 0495b9a9ff9ea8836d9c371d254005f5
dia_0.94.0-11ubuntu1.2_powerpc.deb
Size/MD5: 183888 b422aa2ae4f2ad2021e4dcd27b63cfc2

--YiEDa0DAkWCtVeE4
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEdAvtDecnbV4Fd/IRAh9yAKDYllIpsH1T9DXueF7WU4QMowlTCQCcCwmv
Pf4ntPMN2nFUy5djrHN1iSE=
=OMnJ
-----END PGP SIGNATURE-----

--YiEDa0DAkWCtVeE4--


--===============0230045519==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============0230045519==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung