lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060524073157.GA5275@piware.de>
Date: Wed, 24 May 2006 09:31:57 +0200
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-286-1] Dia vulnerabilities

===========================================================
Ubuntu Security Notice USN-286-1	       May 24, 2006
dia vulnerabilities
CVE-2006-2453, CVE-2006-2480
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

dia
dia-gnome

The problem can be corrected by upgrading the affected package to
version 0.94.0-5ubuntu1.3 (for Ubuntu 5.04), or 0.94.0-11ubuntu1.2
(for Ubuntu 5.10).  After doing a standard system upgrade you need to
restart dia to effect the necessary changes.

Details follow:

Several format string vulnerabilities have been discovered in dia. By
tricking a user into opening a specially crafted dia file, or a
file with a specially crafted name, this could be exploited to execute
arbitrary code with the user's privileges.


Updated packages for Ubuntu 5.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia_0.94.0-5ubuntu1.3.diff.gz
      Size/MD5:    17086 d5771a080f9fab65abe39fa461b0be3f
    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia_0.94.0-5ubuntu1.3.dsc
      Size/MD5:     1408 dfca9d13543432df3ff0b89dd87694ad
    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia_0.94.0.orig.tar.gz
      Size/MD5:  5241128 d2afdc10f55df29314250d98dbfd7a79

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-common_0.94.0-5ubuntu1.3_all.deb
      Size/MD5:  2148748 fc6799fd655d1417c1c382992dd28ab1

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-gnome_0.94.0-5ubuntu1.3_amd64.deb
      Size/MD5:   194954 2912894e6aa809b200c0435475a02009
    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-libs_0.94.0-5ubuntu1.3_amd64.deb
      Size/MD5:   659674 b318e38937352a027afd3772621566f9
    http://security.ubuntu.com/ubuntu/pool/universe/d/dia/dia_0.94.0-5ubuntu1.3_amd64.deb
      Size/MD5:   193266 cd0496cef2874ef740abafe9f28d53ec

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-gnome_0.94.0-5ubuntu1.3_i386.deb
      Size/MD5:   176988 e9b27d3c32f4c683f9a0878f74b04df5
    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-libs_0.94.0-5ubuntu1.3_i386.deb
      Size/MD5:   580590 60aa194372a368dad6c15b096c74a3f4
    http://security.ubuntu.com/ubuntu/pool/universe/d/dia/dia_0.94.0-5ubuntu1.3_i386.deb
      Size/MD5:   175510 c8bdfa25f8d165aa319b91dcdaa10004

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-gnome_0.94.0-5ubuntu1.3_powerpc.deb
      Size/MD5:   184652 a2616015be8f766ed36ba7a0fe6f1fa0
    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-libs_0.94.0-5ubuntu1.3_powerpc.deb
      Size/MD5:   675104 bca6250681070c0045dba899f6f11707
    http://security.ubuntu.com/ubuntu/pool/universe/d/dia/dia_0.94.0-5ubuntu1.3_powerpc.deb
      Size/MD5:   183176 38213309ad4f232332aa62b47c2286df

Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia_0.94.0-11ubuntu1.2.diff.gz
      Size/MD5:    32541 a71619e0d5df51e905a68328c54c01d9
    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia_0.94.0-11ubuntu1.2.dsc
      Size/MD5:     1423 8d3d29b9e45d9d53f690a15643e72e96
    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia_0.94.0.orig.tar.gz
      Size/MD5:  5241128 d2afdc10f55df29314250d98dbfd7a79

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-common_0.94.0-11ubuntu1.2_all.deb
      Size/MD5:  2148928 ed8976d604e4929c85c8e9bab40406f0

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-gnome_0.94.0-11ubuntu1.2_amd64.deb
      Size/MD5:   194656 6a830bb38a1720bd19f12e96074a9418
    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-libs_0.94.0-11ubuntu1.2_amd64.deb
      Size/MD5:   659118 e831effa3a3d9b2990e4b2c3f7b9d46a
    http://security.ubuntu.com/ubuntu/pool/universe/d/dia/dia_0.94.0-11ubuntu1.2_amd64.deb
      Size/MD5:   193170 e7ac00a876bb8e24691a8fa3933ab0f5

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-gnome_0.94.0-11ubuntu1.2_i386.deb
      Size/MD5:   171796 6ea1f835eb7c4315084190e8f628b6ec
    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-libs_0.94.0-11ubuntu1.2_i386.deb
      Size/MD5:   549270 44d546e86e6c81936c1ab278a71f2ebc
    http://security.ubuntu.com/ubuntu/pool/universe/d/dia/dia_0.94.0-11ubuntu1.2_i386.deb
      Size/MD5:   170448 e342deec10cef78f9f83fd8e691392d0

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-gnome_0.94.0-11ubuntu1.2_powerpc.deb
      Size/MD5:   185366 b2d487e8a89ace311fc5b9ed29088c92
    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-libs_0.94.0-11ubuntu1.2_powerpc.deb
      Size/MD5:   667448 0495b9a9ff9ea8836d9c371d254005f5
    http://security.ubuntu.com/ubuntu/pool/universe/d/dia/dia_0.94.0-11ubuntu1.2_powerpc.deb
      Size/MD5:   183888 b422aa2ae4f2ad2021e4dcd27b63cfc2

Download attachment "signature.asc" of type "application/pgp-signature" (192 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ