[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060403123311.GI5711@piware.de>
Date: Mon, 3 Apr 2006 14:33:11 +0200
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-266-1] dia vulnerabilities
===========================================================
Ubuntu Security Notice USN-266-1 April 03, 2006
dia vulnerabilities
CVE-2006-1550
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)
The following packages are affected:
dia
dia-gnome
dia-libs
The problem can be corrected by upgrading the affected package to
version 0.93-4ubuntu2.1 (for Ubuntu 4.10), 0.94.0-5ubuntu1.2 (for
Ubuntu 5.04), or 0.94.0-11ubuntu1.1 (for Ubuntu 5.10). In general, a
standard system upgrade is sufficient to effect the necessary changes.
Details follow:
Three buffer overflows were discovered in the Xfig file format
importer. By tricking a user into opening a specially crafted .fig
file with dia, an attacker could exploit this to execute arbitrary
code with the user's privileges.
Updated packages for Ubuntu 4.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia_0.93-4ubuntu2.1.diff.gz
Size/MD5: 61076 4b680ba5d3355b2d5b8600c609977555
http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia_0.93-4ubuntu2.1.dsc
Size/MD5: 1405 091ce19988edd2290ad18bbe3fd82673
http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia_0.93.orig.tar.gz
Size/MD5: 4734801 805b9f494607505c9543a1ce461c44e3
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-common_0.93-4ubuntu2.1_all.deb
Size/MD5: 1986932 a89fdb71f95fb7e41de153ad73f0ed93
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-gnome_0.93-4ubuntu2.1_amd64.deb
Size/MD5: 188468 72cd686a10117ad82900e76ded886bb0
http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-libs_0.93-4ubuntu2.1_amd64.deb
Size/MD5: 586944 df6379c86d4013fa5338616d2e9e072f
http://security.ubuntu.com/ubuntu/pool/universe/d/dia/dia_0.93-4ubuntu2.1_amd64.deb
Size/MD5: 186756 30dd6dc0b1d32610dbbb3a7ac64b3467
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-gnome_0.93-4ubuntu2.1_i386.deb
Size/MD5: 172906 73f47c9405d79307485467789f2794a4
http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-libs_0.93-4ubuntu2.1_i386.deb
Size/MD5: 518022 8b36715e82253658f14152644abe33b9
http://security.ubuntu.com/ubuntu/pool/universe/d/dia/dia_0.93-4ubuntu2.1_i386.deb
Size/MD5: 171668 f283709cae2c1a74987e045ab289c736
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-gnome_0.93-4ubuntu2.1_powerpc.deb
Size/MD5: 179432 ed167a140d4b97a669acd32bc7ed41a5
http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-libs_0.93-4ubuntu2.1_powerpc.deb
Size/MD5: 594926 d98f568657f7ab5e1e61493cef7c6acb
http://security.ubuntu.com/ubuntu/pool/universe/d/dia/dia_0.93-4ubuntu2.1_powerpc.deb
Size/MD5: 178078 4bef9cf9defbfccc8bc0fd3075acfb8e
Updated packages for Ubuntu 5.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia_0.94.0-5ubuntu1.2.diff.gz
Size/MD5: 15997 6770825a81aa45f860475d38e63952b1
http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia_0.94.0-5ubuntu1.2.dsc
Size/MD5: 1408 5328a97484e072a811d941cbb029010e
http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia_0.94.0.orig.tar.gz
Size/MD5: 5241128 d2afdc10f55df29314250d98dbfd7a79
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-common_0.94.0-5ubuntu1.2_all.deb
Size/MD5: 2148732 a28a4f3b3c544c1b2fcca65bf6c169eb
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-gnome_0.94.0-5ubuntu1.2_amd64.deb
Size/MD5: 194850 1659de98de9e218301f805c2d21efe25
http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-libs_0.94.0-5ubuntu1.2_amd64.deb
Size/MD5: 659548 3875968694fbc4a91b6830a44e6e4025
http://security.ubuntu.com/ubuntu/pool/universe/d/dia/dia_0.94.0-5ubuntu1.2_amd64.deb
Size/MD5: 193172 4b7d3627f6e6bdedc85cdcd128600f54
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-gnome_0.94.0-5ubuntu1.2_i386.deb
Size/MD5: 176894 f5ff09a951d9522b89873fc9a92c10d1
http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-libs_0.94.0-5ubuntu1.2_i386.deb
Size/MD5: 580438 3eb03d56d61b55350feb627ef9b4730d
http://security.ubuntu.com/ubuntu/pool/universe/d/dia/dia_0.94.0-5ubuntu1.2_i386.deb
Size/MD5: 175418 ee01597acda7980d163a51fb038e2927
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-gnome_0.94.0-5ubuntu1.2_powerpc.deb
Size/MD5: 184536 b3976c35b08f08c4c7b2b0db2a15aa4e
http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-libs_0.94.0-5ubuntu1.2_powerpc.deb
Size/MD5: 674932 08ab56a76b254e1ccefa4b70bd199f73
http://security.ubuntu.com/ubuntu/pool/universe/d/dia/dia_0.94.0-5ubuntu1.2_powerpc.deb
Size/MD5: 183034 fdf1dcca4147af4d627c5d18a69c2f19
Updated packages for Ubuntu 5.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia_0.94.0-11ubuntu1.1.diff.gz
Size/MD5: 31230 8ca2ee13b6ea15cf636349104f657cba
http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia_0.94.0-11ubuntu1.1.dsc
Size/MD5: 1423 11fbc454b6a21e3c0acdcc6cb0ee50f9
http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia_0.94.0.orig.tar.gz
Size/MD5: 5241128 d2afdc10f55df29314250d98dbfd7a79
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-common_0.94.0-11ubuntu1.1_all.deb
Size/MD5: 2148894 14c8ca0a772232cedf1d2413adb6f606
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-gnome_0.94.0-11ubuntu1.1_amd64.deb
Size/MD5: 194532 7a77eefd41f3141ce0298ec5b39fdef6
http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-libs_0.94.0-11ubuntu1.1_amd64.deb
Size/MD5: 658968 f6d9bcfc7dee2927c36bc4baa237f45c
http://security.ubuntu.com/ubuntu/pool/universe/d/dia/dia_0.94.0-11ubuntu1.1_amd64.deb
Size/MD5: 193058 4555e3096f9f75955fc3e5374cc31b69
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-gnome_0.94.0-11ubuntu1.1_i386.deb
Size/MD5: 171642 a2e845971a7438ec087be7f062a320d2
http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-libs_0.94.0-11ubuntu1.1_i386.deb
Size/MD5: 549106 80ae19ac89137debbdbebe3f7ffe244f
http://security.ubuntu.com/ubuntu/pool/universe/d/dia/dia_0.94.0-11ubuntu1.1_i386.deb
Size/MD5: 170302 32a1a4b69c8b43673a880b821e996f01
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-gnome_0.94.0-11ubuntu1.1_powerpc.deb
Size/MD5: 185150 861c67b5718eed30955c19c180960961
http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-libs_0.94.0-11ubuntu1.1_powerpc.deb
Size/MD5: 667318 dd65f5a8076e04eccea104c1685ae655
http://security.ubuntu.com/ubuntu/pool/universe/d/dia/dia_0.94.0-11ubuntu1.1_powerpc.deb
Size/MD5: 183694 810e5a093e6982843c0b795218f50cb4
Download attachment "signature.asc" of type "application/pgp-signature" (192 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists