- Issued:
- 2006-05-03
- Updated:
- 2006-05-03
RHSA-2006:0280 - Security Advisory
Synopsis
dia security update
Type/Severity
Security Advisory: Moderate
Topic
An updated Dia package that fixes several buffer overflow bugs are now
available.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Description
The Dia drawing program is designed to draw various types of diagrams.
infamous41md discovered three buffer overflow bugs in Dia's xfig file
format importer. If an attacker is able to trick a Dia user into opening a
carefully crafted xfig file, it may be possible to execute arbitrary code
as the user running Dia. (CVE-2006-1550)
Users of Dia should update to these erratum packages, which contain
backported patches and are not vulnerable to these issues.
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
Affected Products
- Red Hat Enterprise Linux Server 4 x86_64
- Red Hat Enterprise Linux Server 4 ia64
- Red Hat Enterprise Linux Server 4 i386
- Red Hat Enterprise Linux Server 2 ia64
- Red Hat Enterprise Linux Server 2 i386
- Red Hat Enterprise Linux Workstation 4 x86_64
- Red Hat Enterprise Linux Workstation 4 ia64
- Red Hat Enterprise Linux Workstation 4 i386
- Red Hat Enterprise Linux Workstation 2 ia64
- Red Hat Enterprise Linux Workstation 2 i386
- Red Hat Enterprise Linux Desktop 4 x86_64
- Red Hat Enterprise Linux Desktop 4 i386
- Red Hat Enterprise Linux for IBM z Systems 4 s390x
- Red Hat Enterprise Linux for IBM z Systems 4 s390
- Red Hat Enterprise Linux for Power, big endian 4 ppc
Fixes
- BZ - 187401 - CVE-2006-1550 Dia multiple buffer overflows
CVEs
References
Red Hat Enterprise Linux Server 4
| SRPM | |
|---|---|
| x86_64 | |
| dia-0.94-5.4.x86_64.rpm | SHA-256: 35250b4797a728adc7aabdd76ed598b6977bd30a07fd5786b1013ca1a6fac23c |
| dia-0.94-5.4.x86_64.rpm | SHA-256: 35250b4797a728adc7aabdd76ed598b6977bd30a07fd5786b1013ca1a6fac23c |
| ia64 | |
| dia-0.94-5.4.ia64.rpm | SHA-256: d775e7243acb6daed4b9345da9c46187554a4efcd3bac07977f7edf9d1d683ed |
| dia-0.94-5.4.ia64.rpm | SHA-256: d775e7243acb6daed4b9345da9c46187554a4efcd3bac07977f7edf9d1d683ed |
| i386 | |
| dia-0.94-5.4.i386.rpm | SHA-256: 63a8852e5da31d09e1e316b4377a70e2645fefabc2924fe8ed538ebe0054d706 |
| dia-0.94-5.4.i386.rpm | SHA-256: 63a8852e5da31d09e1e316b4377a70e2645fefabc2924fe8ed538ebe0054d706 |
Red Hat Enterprise Linux Workstation 4
| SRPM | |
|---|---|
| x86_64 | |
| dia-0.94-5.4.x86_64.rpm | SHA-256: 35250b4797a728adc7aabdd76ed598b6977bd30a07fd5786b1013ca1a6fac23c |
| ia64 | |
| dia-0.94-5.4.ia64.rpm | SHA-256: d775e7243acb6daed4b9345da9c46187554a4efcd3bac07977f7edf9d1d683ed |
| i386 | |
| dia-0.94-5.4.i386.rpm | SHA-256: 63a8852e5da31d09e1e316b4377a70e2645fefabc2924fe8ed538ebe0054d706 |
Red Hat Enterprise Linux Desktop 4
| SRPM | |
|---|---|
| x86_64 | |
| dia-0.94-5.4.x86_64.rpm | SHA-256: 35250b4797a728adc7aabdd76ed598b6977bd30a07fd5786b1013ca1a6fac23c |
| i386 | |
| dia-0.94-5.4.i386.rpm | SHA-256: 63a8852e5da31d09e1e316b4377a70e2645fefabc2924fe8ed538ebe0054d706 |
Red Hat Enterprise Linux for IBM z Systems 4
| SRPM | |
|---|---|
| s390x | |
| dia-0.94-5.4.s390x.rpm | SHA-256: 80f599f371a06ede5c70911b9359e4a447720125d62dd043587b4dc74c1e1b5c |
| s390 | |
| dia-0.94-5.4.s390.rpm | SHA-256: c6c8a8b65fc4ef1689ca388eca024225ca8d4abdd856264f780b8da7e6a5ee57 |
Red Hat Enterprise Linux for Power, big endian 4
| SRPM | |
|---|---|
| ppc | |
| dia-0.94-5.4.ppc.rpm | SHA-256: 2711b3d4295cf370cba15d107c9fed47e2120eeacb6c87090935030df2a1913e |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.