Login
Newsletter
Werbung
Sicherheit: Pufferüberläufe in dia
Aktuelle Meldungen Distributionen
Name: Pufferüberläufe in dia
ID: USN-266-1
Distribution: Ubuntu
Plattformen: Ubuntu 4.10, Ubuntu 5.04, Ubuntu 5.10
Datum: Mo, 3. April 2006, 14:54
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1550
Applikationen: dia

Originalnachricht

 

--===============1824744891==
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature";
 boundary="LiQwW4YX+w4axhAx"
Content-Disposition: inline


--LiQwW4YX+w4axhAx
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

===========================================================
Ubuntu Security Notice USN-266-1	     April 03, 2006
dia vulnerabilities
CVE-2006-1550
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

dia
dia-gnome
dia-libs

The problem can be corrected by upgrading the affected package to
version 0.93-4ubuntu2.1 (for Ubuntu 4.10), 0.94.0-5ubuntu1.2 (for
Ubuntu 5.04), or 0.94.0-11ubuntu1.1 (for Ubuntu 5.10).  In general, a
standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Three buffer overflows were discovered in the Xfig file format
importer. By tricking a user into opening a specially crafted .fig
file with dia, an attacker could exploit this to execute arbitrary
code with the user's privileges.


Updated packages for Ubuntu 4.10:

  Source archives:

    dia_0.93-4ubuntu2.1.diff.gz
      Size/MD5:    61076 4b680ba5d3355b2d5b8600c609977555
    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia_0.93-4ubuntu2.1.dsc
      Size/MD5:     1405 091ce19988edd2290ad18bbe3fd82673
    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia_0.93.orig.tar.gz
      Size/MD5:  4734801 805b9f494607505c9543a1ce461c44e3

  Architecture independent packages:

    dia-common_0.93-4ubuntu2.1_all.deb
      Size/MD5:  1986932 a89fdb71f95fb7e41de153ad73f0ed93

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    dia-gnome_0.93-4ubuntu2.1_amd64.deb
      Size/MD5:   188468 72cd686a10117ad82900e76ded886bb0
    dia-libs_0.93-4ubuntu2.1_amd64.deb
      Size/MD5:   586944 df6379c86d4013fa5338616d2e9e072f
    dia_0.93-4ubuntu2.1_amd64.deb
      Size/MD5:   186756 30dd6dc0b1d32610dbbb3a7ac64b3467

  i386 architecture (x86 compatible Intel/AMD)

    dia-gnome_0.93-4ubuntu2.1_i386.deb
      Size/MD5:   172906 73f47c9405d79307485467789f2794a4
    dia-libs_0.93-4ubuntu2.1_i386.deb
      Size/MD5:   518022 8b36715e82253658f14152644abe33b9
    dia_0.93-4ubuntu2.1_i386.deb
      Size/MD5:   171668 f283709cae2c1a74987e045ab289c736

  powerpc architecture (Apple Macintosh G3/G4/G5)

    dia-gnome_0.93-4ubuntu2.1_powerpc.deb
      Size/MD5:   179432 ed167a140d4b97a669acd32bc7ed41a5
    dia-libs_0.93-4ubuntu2.1_powerpc.deb
      Size/MD5:   594926 d98f568657f7ab5e1e61493cef7c6acb
    dia_0.93-4ubuntu2.1_powerpc.deb
      Size/MD5:   178078 4bef9cf9defbfccc8bc0fd3075acfb8e

Updated packages for Ubuntu 5.04:

  Source archives:

    dia_0.94.0-5ubuntu1.2.diff.gz
      Size/MD5:    15997 6770825a81aa45f860475d38e63952b1
    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia_0.94.0-5ubuntu1.2.dsc
      Size/MD5:     1408 5328a97484e072a811d941cbb029010e
    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia_0.94.0.orig.tar.gz
      Size/MD5:  5241128 d2afdc10f55df29314250d98dbfd7a79

  Architecture independent packages:

    dia-common_0.94.0-5ubuntu1.2_all.deb
      Size/MD5:  2148732 a28a4f3b3c544c1b2fcca65bf6c169eb

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    dia-gnome_0.94.0-5ubuntu1.2_amd64.deb
      Size/MD5:   194850 1659de98de9e218301f805c2d21efe25
    dia-libs_0.94.0-5ubuntu1.2_amd64.deb
      Size/MD5:   659548 3875968694fbc4a91b6830a44e6e4025
    dia_0.94.0-5ubuntu1.2_amd64.deb
      Size/MD5:   193172 4b7d3627f6e6bdedc85cdcd128600f54

  i386 architecture (x86 compatible Intel/AMD)

    dia-gnome_0.94.0-5ubuntu1.2_i386.deb
      Size/MD5:   176894 f5ff09a951d9522b89873fc9a92c10d1
    dia-libs_0.94.0-5ubuntu1.2_i386.deb
      Size/MD5:   580438 3eb03d56d61b55350feb627ef9b4730d
    dia_0.94.0-5ubuntu1.2_i386.deb
      Size/MD5:   175418 ee01597acda7980d163a51fb038e2927

  powerpc architecture (Apple Macintosh G3/G4/G5)

    dia-gnome_0.94.0-5ubuntu1.2_powerpc.deb
      Size/MD5:   184536 b3976c35b08f08c4c7b2b0db2a15aa4e
    dia-libs_0.94.0-5ubuntu1.2_powerpc.deb
      Size/MD5:   674932 08ab56a76b254e1ccefa4b70bd199f73
    dia_0.94.0-5ubuntu1.2_powerpc.deb
      Size/MD5:   183034 fdf1dcca4147af4d627c5d18a69c2f19

Updated packages for Ubuntu 5.10:

  Source archives:

    dia_0.94.0-11ubuntu1.1.diff.gz
      Size/MD5:    31230 8ca2ee13b6ea15cf636349104f657cba
    dia_0.94.0-11ubuntu1.1.dsc
      Size/MD5:     1423 11fbc454b6a21e3c0acdcc6cb0ee50f9
    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia_0.94.0.orig.tar.gz
      Size/MD5:  5241128 d2afdc10f55df29314250d98dbfd7a79

  Architecture independent packages:

    dia-common_0.94.0-11ubuntu1.1_all.deb
      Size/MD5:  2148894 14c8ca0a772232cedf1d2413adb6f606

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    dia-gnome_0.94.0-11ubuntu1.1_amd64.deb
      Size/MD5:   194532 7a77eefd41f3141ce0298ec5b39fdef6
    dia-libs_0.94.0-11ubuntu1.1_amd64.deb
      Size/MD5:   658968 f6d9bcfc7dee2927c36bc4baa237f45c
    dia_0.94.0-11ubuntu1.1_amd64.deb
      Size/MD5:   193058 4555e3096f9f75955fc3e5374cc31b69

  i386 architecture (x86 compatible Intel/AMD)

    dia-gnome_0.94.0-11ubuntu1.1_i386.deb
      Size/MD5:   171642 a2e845971a7438ec087be7f062a320d2
    dia-libs_0.94.0-11ubuntu1.1_i386.deb
      Size/MD5:   549106 80ae19ac89137debbdbebe3f7ffe244f
    dia_0.94.0-11ubuntu1.1_i386.deb
      Size/MD5:   170302 32a1a4b69c8b43673a880b821e996f01

  powerpc architecture (Apple Macintosh G3/G4/G5)

    dia-gnome_0.94.0-11ubuntu1.1_powerpc.deb
      Size/MD5:   185150 861c67b5718eed30955c19c180960961
    dia-libs_0.94.0-11ubuntu1.1_powerpc.deb
      Size/MD5:   667318 dd65f5a8076e04eccea104c1685ae655
    dia_0.94.0-11ubuntu1.1_powerpc.deb
      Size/MD5:   183694 810e5a093e6982843c0b795218f50cb4

--LiQwW4YX+w4axhAx
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEMRYHDecnbV4Fd/IRAhLPAKDD2G2iOyvnIFNcu7EdhpDS32CmAQCfW3KO
iFOiArXJ8O8Ro+QVxg16BOw=
=gV6r
-----END PGP SIGNATURE-----

--LiQwW4YX+w4axhAx--


--===============1824744891==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============1824744891==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung