drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Pufferüberläufe in dia
Name: |
Pufferüberläufe in dia |
|
ID: |
USN-266-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 4.10, Ubuntu 5.04, Ubuntu 5.10 |
|
Datum: |
Mo, 3. April 2006, 14:54 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1550 |
|
Applikationen: |
dia |
|
Originalnachricht |
--===============1824744891== Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="LiQwW4YX+w4axhAx" Content-Disposition: inline
--LiQwW4YX+w4axhAx Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
=========================================================== Ubuntu Security Notice USN-266-1 April 03, 2006 dia vulnerabilities CVE-2006-1550 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger)
The following packages are affected:
dia dia-gnome dia-libs
The problem can be corrected by upgrading the affected package to version 0.93-4ubuntu2.1 (for Ubuntu 4.10), 0.94.0-5ubuntu1.2 (for Ubuntu 5.04), or 0.94.0-11ubuntu1.1 (for Ubuntu 5.10). In general, a standard system upgrade is sufficient to effect the necessary changes.
Details follow:
Three buffer overflows were discovered in the Xfig file format importer. By tricking a user into opening a specially crafted .fig file with dia, an attacker could exploit this to execute arbitrary code with the user's privileges.
Updated packages for Ubuntu 4.10:
Source archives:
dia_0.93-4ubuntu2.1.diff.gz Size/MD5: 61076 4b680ba5d3355b2d5b8600c609977555 http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia_0.93-4ubuntu2.1.dsc Size/MD5: 1405 091ce19988edd2290ad18bbe3fd82673 http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia_0.93.orig.tar.gz Size/MD5: 4734801 805b9f494607505c9543a1ce461c44e3
Architecture independent packages:
dia-common_0.93-4ubuntu2.1_all.deb Size/MD5: 1986932 a89fdb71f95fb7e41de153ad73f0ed93
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
dia-gnome_0.93-4ubuntu2.1_amd64.deb Size/MD5: 188468 72cd686a10117ad82900e76ded886bb0 dia-libs_0.93-4ubuntu2.1_amd64.deb Size/MD5: 586944 df6379c86d4013fa5338616d2e9e072f dia_0.93-4ubuntu2.1_amd64.deb Size/MD5: 186756 30dd6dc0b1d32610dbbb3a7ac64b3467
i386 architecture (x86 compatible Intel/AMD)
dia-gnome_0.93-4ubuntu2.1_i386.deb Size/MD5: 172906 73f47c9405d79307485467789f2794a4 dia-libs_0.93-4ubuntu2.1_i386.deb Size/MD5: 518022 8b36715e82253658f14152644abe33b9 dia_0.93-4ubuntu2.1_i386.deb Size/MD5: 171668 f283709cae2c1a74987e045ab289c736
powerpc architecture (Apple Macintosh G3/G4/G5)
dia-gnome_0.93-4ubuntu2.1_powerpc.deb Size/MD5: 179432 ed167a140d4b97a669acd32bc7ed41a5 dia-libs_0.93-4ubuntu2.1_powerpc.deb Size/MD5: 594926 d98f568657f7ab5e1e61493cef7c6acb dia_0.93-4ubuntu2.1_powerpc.deb Size/MD5: 178078 4bef9cf9defbfccc8bc0fd3075acfb8e
Updated packages for Ubuntu 5.04:
Source archives:
dia_0.94.0-5ubuntu1.2.diff.gz Size/MD5: 15997 6770825a81aa45f860475d38e63952b1 http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia_0.94.0-5ubuntu1.2.dsc Size/MD5: 1408 5328a97484e072a811d941cbb029010e http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia_0.94.0.orig.tar.gz Size/MD5: 5241128 d2afdc10f55df29314250d98dbfd7a79
Architecture independent packages:
dia-common_0.94.0-5ubuntu1.2_all.deb Size/MD5: 2148732 a28a4f3b3c544c1b2fcca65bf6c169eb
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
dia-gnome_0.94.0-5ubuntu1.2_amd64.deb Size/MD5: 194850 1659de98de9e218301f805c2d21efe25 dia-libs_0.94.0-5ubuntu1.2_amd64.deb Size/MD5: 659548 3875968694fbc4a91b6830a44e6e4025 dia_0.94.0-5ubuntu1.2_amd64.deb Size/MD5: 193172 4b7d3627f6e6bdedc85cdcd128600f54
i386 architecture (x86 compatible Intel/AMD)
dia-gnome_0.94.0-5ubuntu1.2_i386.deb Size/MD5: 176894 f5ff09a951d9522b89873fc9a92c10d1 dia-libs_0.94.0-5ubuntu1.2_i386.deb Size/MD5: 580438 3eb03d56d61b55350feb627ef9b4730d dia_0.94.0-5ubuntu1.2_i386.deb Size/MD5: 175418 ee01597acda7980d163a51fb038e2927
powerpc architecture (Apple Macintosh G3/G4/G5)
dia-gnome_0.94.0-5ubuntu1.2_powerpc.deb Size/MD5: 184536 b3976c35b08f08c4c7b2b0db2a15aa4e dia-libs_0.94.0-5ubuntu1.2_powerpc.deb Size/MD5: 674932 08ab56a76b254e1ccefa4b70bd199f73 dia_0.94.0-5ubuntu1.2_powerpc.deb Size/MD5: 183034 fdf1dcca4147af4d627c5d18a69c2f19
Updated packages for Ubuntu 5.10:
Source archives:
dia_0.94.0-11ubuntu1.1.diff.gz Size/MD5: 31230 8ca2ee13b6ea15cf636349104f657cba dia_0.94.0-11ubuntu1.1.dsc Size/MD5: 1423 11fbc454b6a21e3c0acdcc6cb0ee50f9 http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia_0.94.0.orig.tar.gz Size/MD5: 5241128 d2afdc10f55df29314250d98dbfd7a79
Architecture independent packages:
dia-common_0.94.0-11ubuntu1.1_all.deb Size/MD5: 2148894 14c8ca0a772232cedf1d2413adb6f606
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
dia-gnome_0.94.0-11ubuntu1.1_amd64.deb Size/MD5: 194532 7a77eefd41f3141ce0298ec5b39fdef6 dia-libs_0.94.0-11ubuntu1.1_amd64.deb Size/MD5: 658968 f6d9bcfc7dee2927c36bc4baa237f45c dia_0.94.0-11ubuntu1.1_amd64.deb Size/MD5: 193058 4555e3096f9f75955fc3e5374cc31b69
i386 architecture (x86 compatible Intel/AMD)
dia-gnome_0.94.0-11ubuntu1.1_i386.deb Size/MD5: 171642 a2e845971a7438ec087be7f062a320d2 dia-libs_0.94.0-11ubuntu1.1_i386.deb Size/MD5: 549106 80ae19ac89137debbdbebe3f7ffe244f dia_0.94.0-11ubuntu1.1_i386.deb Size/MD5: 170302 32a1a4b69c8b43673a880b821e996f01
powerpc architecture (Apple Macintosh G3/G4/G5)
dia-gnome_0.94.0-11ubuntu1.1_powerpc.deb Size/MD5: 185150 861c67b5718eed30955c19c180960961 dia-libs_0.94.0-11ubuntu1.1_powerpc.deb Size/MD5: 667318 dd65f5a8076e04eccea104c1685ae655 dia_0.94.0-11ubuntu1.1_powerpc.deb Size/MD5: 183694 810e5a093e6982843c0b795218f50cb4
--LiQwW4YX+w4axhAx Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFEMRYHDecnbV4Fd/IRAhLPAKDD2G2iOyvnIFNcu7EdhpDS32CmAQCfW3KO iFOiArXJ8O8Ro+QVxg16BOw= =gV6r -----END PGP SIGNATURE-----
--LiQwW4YX+w4axhAx--
--===============1824744891== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============1824744891==--
|
|
|
|