lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060403123311.GI5711@piware.de>
Date: Mon, 3 Apr 2006 14:33:11 +0200
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-266-1] dia vulnerabilities

===========================================================
Ubuntu Security Notice USN-266-1	     April 03, 2006
dia vulnerabilities
CVE-2006-1550
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

dia
dia-gnome
dia-libs

The problem can be corrected by upgrading the affected package to
version 0.93-4ubuntu2.1 (for Ubuntu 4.10), 0.94.0-5ubuntu1.2 (for
Ubuntu 5.04), or 0.94.0-11ubuntu1.1 (for Ubuntu 5.10).  In general, a
standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Three buffer overflows were discovered in the Xfig file format
importer. By tricking a user into opening a specially crafted .fig
file with dia, an attacker could exploit this to execute arbitrary
code with the user's privileges.


Updated packages for Ubuntu 4.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia_0.93-4ubuntu2.1.diff.gz
      Size/MD5:    61076 4b680ba5d3355b2d5b8600c609977555
    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia_0.93-4ubuntu2.1.dsc
      Size/MD5:     1405 091ce19988edd2290ad18bbe3fd82673
    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia_0.93.orig.tar.gz
      Size/MD5:  4734801 805b9f494607505c9543a1ce461c44e3

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-common_0.93-4ubuntu2.1_all.deb
      Size/MD5:  1986932 a89fdb71f95fb7e41de153ad73f0ed93

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-gnome_0.93-4ubuntu2.1_amd64.deb
      Size/MD5:   188468 72cd686a10117ad82900e76ded886bb0
    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-libs_0.93-4ubuntu2.1_amd64.deb
      Size/MD5:   586944 df6379c86d4013fa5338616d2e9e072f
    http://security.ubuntu.com/ubuntu/pool/universe/d/dia/dia_0.93-4ubuntu2.1_amd64.deb
      Size/MD5:   186756 30dd6dc0b1d32610dbbb3a7ac64b3467

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-gnome_0.93-4ubuntu2.1_i386.deb
      Size/MD5:   172906 73f47c9405d79307485467789f2794a4
    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-libs_0.93-4ubuntu2.1_i386.deb
      Size/MD5:   518022 8b36715e82253658f14152644abe33b9
    http://security.ubuntu.com/ubuntu/pool/universe/d/dia/dia_0.93-4ubuntu2.1_i386.deb
      Size/MD5:   171668 f283709cae2c1a74987e045ab289c736

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-gnome_0.93-4ubuntu2.1_powerpc.deb
      Size/MD5:   179432 ed167a140d4b97a669acd32bc7ed41a5
    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-libs_0.93-4ubuntu2.1_powerpc.deb
      Size/MD5:   594926 d98f568657f7ab5e1e61493cef7c6acb
    http://security.ubuntu.com/ubuntu/pool/universe/d/dia/dia_0.93-4ubuntu2.1_powerpc.deb
      Size/MD5:   178078 4bef9cf9defbfccc8bc0fd3075acfb8e

Updated packages for Ubuntu 5.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia_0.94.0-5ubuntu1.2.diff.gz
      Size/MD5:    15997 6770825a81aa45f860475d38e63952b1
    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia_0.94.0-5ubuntu1.2.dsc
      Size/MD5:     1408 5328a97484e072a811d941cbb029010e
    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia_0.94.0.orig.tar.gz
      Size/MD5:  5241128 d2afdc10f55df29314250d98dbfd7a79

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-common_0.94.0-5ubuntu1.2_all.deb
      Size/MD5:  2148732 a28a4f3b3c544c1b2fcca65bf6c169eb

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-gnome_0.94.0-5ubuntu1.2_amd64.deb
      Size/MD5:   194850 1659de98de9e218301f805c2d21efe25
    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-libs_0.94.0-5ubuntu1.2_amd64.deb
      Size/MD5:   659548 3875968694fbc4a91b6830a44e6e4025
    http://security.ubuntu.com/ubuntu/pool/universe/d/dia/dia_0.94.0-5ubuntu1.2_amd64.deb
      Size/MD5:   193172 4b7d3627f6e6bdedc85cdcd128600f54

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-gnome_0.94.0-5ubuntu1.2_i386.deb
      Size/MD5:   176894 f5ff09a951d9522b89873fc9a92c10d1
    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-libs_0.94.0-5ubuntu1.2_i386.deb
      Size/MD5:   580438 3eb03d56d61b55350feb627ef9b4730d
    http://security.ubuntu.com/ubuntu/pool/universe/d/dia/dia_0.94.0-5ubuntu1.2_i386.deb
      Size/MD5:   175418 ee01597acda7980d163a51fb038e2927

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-gnome_0.94.0-5ubuntu1.2_powerpc.deb
      Size/MD5:   184536 b3976c35b08f08c4c7b2b0db2a15aa4e
    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-libs_0.94.0-5ubuntu1.2_powerpc.deb
      Size/MD5:   674932 08ab56a76b254e1ccefa4b70bd199f73
    http://security.ubuntu.com/ubuntu/pool/universe/d/dia/dia_0.94.0-5ubuntu1.2_powerpc.deb
      Size/MD5:   183034 fdf1dcca4147af4d627c5d18a69c2f19

Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia_0.94.0-11ubuntu1.1.diff.gz
      Size/MD5:    31230 8ca2ee13b6ea15cf636349104f657cba
    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia_0.94.0-11ubuntu1.1.dsc
      Size/MD5:     1423 11fbc454b6a21e3c0acdcc6cb0ee50f9
    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia_0.94.0.orig.tar.gz
      Size/MD5:  5241128 d2afdc10f55df29314250d98dbfd7a79

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-common_0.94.0-11ubuntu1.1_all.deb
      Size/MD5:  2148894 14c8ca0a772232cedf1d2413adb6f606

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-gnome_0.94.0-11ubuntu1.1_amd64.deb
      Size/MD5:   194532 7a77eefd41f3141ce0298ec5b39fdef6
    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-libs_0.94.0-11ubuntu1.1_amd64.deb
      Size/MD5:   658968 f6d9bcfc7dee2927c36bc4baa237f45c
    http://security.ubuntu.com/ubuntu/pool/universe/d/dia/dia_0.94.0-11ubuntu1.1_amd64.deb
      Size/MD5:   193058 4555e3096f9f75955fc3e5374cc31b69

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-gnome_0.94.0-11ubuntu1.1_i386.deb
      Size/MD5:   171642 a2e845971a7438ec087be7f062a320d2
    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-libs_0.94.0-11ubuntu1.1_i386.deb
      Size/MD5:   549106 80ae19ac89137debbdbebe3f7ffe244f
    http://security.ubuntu.com/ubuntu/pool/universe/d/dia/dia_0.94.0-11ubuntu1.1_i386.deb
      Size/MD5:   170302 32a1a4b69c8b43673a880b821e996f01

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-gnome_0.94.0-11ubuntu1.1_powerpc.deb
      Size/MD5:   185150 861c67b5718eed30955c19c180960961
    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-libs_0.94.0-11ubuntu1.1_powerpc.deb
      Size/MD5:   667318 dd65f5a8076e04eccea104c1685ae655
    http://security.ubuntu.com/ubuntu/pool/universe/d/dia/dia_0.94.0-11ubuntu1.1_powerpc.deb
      Size/MD5:   183694 810e5a093e6982843c0b795218f50cb4

Download attachment "signature.asc" of type "application/pgp-signature" (192 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ