[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060524073157.GA5275@piware.de>
Date: Wed, 24 May 2006 09:31:57 +0200
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-286-1] Dia vulnerabilities
===========================================================
Ubuntu Security Notice USN-286-1 May 24, 2006
dia vulnerabilities
CVE-2006-2453, CVE-2006-2480
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)
The following packages are affected:
dia
dia-gnome
The problem can be corrected by upgrading the affected package to
version 0.94.0-5ubuntu1.3 (for Ubuntu 5.04), or 0.94.0-11ubuntu1.2
(for Ubuntu 5.10). After doing a standard system upgrade you need to
restart dia to effect the necessary changes.
Details follow:
Several format string vulnerabilities have been discovered in dia. By
tricking a user into opening a specially crafted dia file, or a
file with a specially crafted name, this could be exploited to execute
arbitrary code with the user's privileges.
Updated packages for Ubuntu 5.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia_0.94.0-5ubuntu1.3.diff.gz
Size/MD5: 17086 d5771a080f9fab65abe39fa461b0be3f
http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia_0.94.0-5ubuntu1.3.dsc
Size/MD5: 1408 dfca9d13543432df3ff0b89dd87694ad
http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia_0.94.0.orig.tar.gz
Size/MD5: 5241128 d2afdc10f55df29314250d98dbfd7a79
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-common_0.94.0-5ubuntu1.3_all.deb
Size/MD5: 2148748 fc6799fd655d1417c1c382992dd28ab1
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-gnome_0.94.0-5ubuntu1.3_amd64.deb
Size/MD5: 194954 2912894e6aa809b200c0435475a02009
http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-libs_0.94.0-5ubuntu1.3_amd64.deb
Size/MD5: 659674 b318e38937352a027afd3772621566f9
http://security.ubuntu.com/ubuntu/pool/universe/d/dia/dia_0.94.0-5ubuntu1.3_amd64.deb
Size/MD5: 193266 cd0496cef2874ef740abafe9f28d53ec
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-gnome_0.94.0-5ubuntu1.3_i386.deb
Size/MD5: 176988 e9b27d3c32f4c683f9a0878f74b04df5
http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-libs_0.94.0-5ubuntu1.3_i386.deb
Size/MD5: 580590 60aa194372a368dad6c15b096c74a3f4
http://security.ubuntu.com/ubuntu/pool/universe/d/dia/dia_0.94.0-5ubuntu1.3_i386.deb
Size/MD5: 175510 c8bdfa25f8d165aa319b91dcdaa10004
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-gnome_0.94.0-5ubuntu1.3_powerpc.deb
Size/MD5: 184652 a2616015be8f766ed36ba7a0fe6f1fa0
http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-libs_0.94.0-5ubuntu1.3_powerpc.deb
Size/MD5: 675104 bca6250681070c0045dba899f6f11707
http://security.ubuntu.com/ubuntu/pool/universe/d/dia/dia_0.94.0-5ubuntu1.3_powerpc.deb
Size/MD5: 183176 38213309ad4f232332aa62b47c2286df
Updated packages for Ubuntu 5.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia_0.94.0-11ubuntu1.2.diff.gz
Size/MD5: 32541 a71619e0d5df51e905a68328c54c01d9
http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia_0.94.0-11ubuntu1.2.dsc
Size/MD5: 1423 8d3d29b9e45d9d53f690a15643e72e96
http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia_0.94.0.orig.tar.gz
Size/MD5: 5241128 d2afdc10f55df29314250d98dbfd7a79
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-common_0.94.0-11ubuntu1.2_all.deb
Size/MD5: 2148928 ed8976d604e4929c85c8e9bab40406f0
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-gnome_0.94.0-11ubuntu1.2_amd64.deb
Size/MD5: 194656 6a830bb38a1720bd19f12e96074a9418
http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-libs_0.94.0-11ubuntu1.2_amd64.deb
Size/MD5: 659118 e831effa3a3d9b2990e4b2c3f7b9d46a
http://security.ubuntu.com/ubuntu/pool/universe/d/dia/dia_0.94.0-11ubuntu1.2_amd64.deb
Size/MD5: 193170 e7ac00a876bb8e24691a8fa3933ab0f5
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-gnome_0.94.0-11ubuntu1.2_i386.deb
Size/MD5: 171796 6ea1f835eb7c4315084190e8f628b6ec
http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-libs_0.94.0-11ubuntu1.2_i386.deb
Size/MD5: 549270 44d546e86e6c81936c1ab278a71f2ebc
http://security.ubuntu.com/ubuntu/pool/universe/d/dia/dia_0.94.0-11ubuntu1.2_i386.deb
Size/MD5: 170448 e342deec10cef78f9f83fd8e691392d0
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-gnome_0.94.0-11ubuntu1.2_powerpc.deb
Size/MD5: 185366 b2d487e8a89ace311fc5b9ed29088c92
http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-libs_0.94.0-11ubuntu1.2_powerpc.deb
Size/MD5: 667448 0495b9a9ff9ea8836d9c371d254005f5
http://security.ubuntu.com/ubuntu/pool/universe/d/dia/dia_0.94.0-11ubuntu1.2_powerpc.deb
Size/MD5: 183888 b422aa2ae4f2ad2021e4dcd27b63cfc2
Download attachment "signature.asc" of type "application/pgp-signature" (192 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists