[40591] in bugtraq

home help back first fref pref prev next nref lref last post

[USN-193-1] dia vulnerability

daemon@ATHENA.MIT.EDU (Martin Pitt)
Tue Oct 4 16:57:14 2005

Date: Tue, 4 Oct 2005 14:20:20 +0200
From: Martin Pitt <martin.pitt@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Cc: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com
Message-ID: <20051004122020.GA18716@piware.de>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="bp/iNruPH9dso1Pn"
Content-Disposition: inline


--bp/iNruPH9dso1Pn
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

===========================================================
Ubuntu Security Notice USN-193-1	   October 04, 2005
dia vulnerability
CAN-2005-2966
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

dia-common

The problem can be corrected by upgrading the affected package to
version 0.94.0-5ubuntu1.1.  After a standard system upgrade you have
to restart dia to effect the necessary changes.

Details follow:

Joxean Koret discovered that the SVG import plugin did not properly
sanitise data read from an SVG file. By tricking an user into opening
a specially crafted SVG file, an attacker could exploit this to
execute arbitrary code with the privileges of the user.


  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia_0.94.0-5ubuntu1.1.diff.gz
      Size/MD5:    14159 e9704dd46e24cb3cd11874a499692b6e
    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia_0.94.0-5ubuntu1.1.dsc
      Size/MD5:     1408 9d47820c11fde0876377ec119bdd6a7e
    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia_0.94.0.orig.tar.gz
      Size/MD5:  5241128 d2afdc10f55df29314250d98dbfd7a79

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-common_0.94.0-5ubuntu1.1_all.deb
      Size/MD5:  2148620 255d09ecefe04651433da82730b2b17d

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-gnome_0.94.0-5ubuntu1.1_amd64.deb
      Size/MD5:   194718 c8d54ed3e5ac7a0cc006a951e08be9d0
    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-libs_0.94.0-5ubuntu1.1_amd64.deb
      Size/MD5:   658936 b80672bede2ca8081017f0a9dc70a483
    http://security.ubuntu.com/ubuntu/pool/universe/d/dia/dia_0.94.0-5ubuntu1.1_amd64.deb
      Size/MD5:   193040 ed010c5c285236d0306f3faf1a31142d

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-gnome_0.94.0-5ubuntu1.1_i386.deb
      Size/MD5:   176774 dbfd08f4eb1a3ac2c03708f642e0b669
    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-libs_0.94.0-5ubuntu1.1_i386.deb
      Size/MD5:   579934 2f8e713d629000abccb740c17e108b01
    http://security.ubuntu.com/ubuntu/pool/universe/d/dia/dia_0.94.0-5ubuntu1.1_i386.deb
      Size/MD5:   175298 2b760f4256be15ee369b300dc46d6d94

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-gnome_0.94.0-5ubuntu1.1_powerpc.deb
      Size/MD5:   184416 1f3ee515f8addd2716141de23dc66833
    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-libs_0.94.0-5ubuntu1.1_powerpc.deb
      Size/MD5:   674436 7988c9c44120c67552248aedb5129b67
    http://security.ubuntu.com/ubuntu/pool/universe/d/dia/dia_0.94.0-5ubuntu1.1_powerpc.deb
      Size/MD5:   182920 411970ed6af036ebd895b7f8659f9944

--bp/iNruPH9dso1Pn
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDQnOEDecnbV4Fd/IRAkJYAKCgm2eI4zYjaD+j5mY7/3NPjVWKbwCfeJaw
c1cv8h3F98I6NyzGU2D69/A=
=+ySx
-----END PGP SIGNATURE-----

--bp/iNruPH9dso1Pn--
home help back first fref pref prev next nref lref last post