Security Advisory dia security update

Advisory: RHSA-2006:0280-8
Type: Security Advisory
Severity: Moderate
Issued on: 2006-05-03
Last updated on: 2006-05-03
Affected Products: Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 4)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
OVAL: N/A
CVEs (cve.mitre.org): CVE-2006-1550

Details

An updated Dia package that fixes several buffer overflow bugs are now
available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

The Dia drawing program is designed to draw various types of diagrams.

infamous41md discovered three buffer overflow bugs in Dia's xfig file
format importer. If an attacker is able to trick a Dia user into opening a
carefully crafted xfig file, it may be possible to execute arbitrary code
as the user running Dia. (CVE-2006-1550)

Users of Dia should update to these erratum packages, which contain
backported patches and are not vulnerable to these issues.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Desktop (v. 4)
SRPMS:
dia-0.94-5.4.src.rpm
File outdated by:  RHBA-2007:0393		     97d5aaa13d19483c21cbc329dc00001b
 
IA-32:
dia-0.94-5.4.i386.rpm
File outdated by:  RHBA-2007:0393		     6ee8860a0ba1fb695198f9562f422473
 
x86_64:
dia-0.94-5.4.x86_64.rpm
File outdated by:  RHBA-2007:0393		     3fac8491faa94d85be7b13e9d16ad1fb
 
Red Hat Enterprise Linux AS (v. 2.1)
SRPMS:
dia-0.88.1-3.3.src.rpm     a2bcfd1db5b67912d03cc8377d0efa4e
 
IA-32:
dia-0.88.1-3.3.i386.rpm     3a1e3f98594ec1039dbcc4055d2d6426
 
IA-64:
dia-0.88.1-3.3.ia64.rpm     f0fc2b254fcabcf6aa4e8e0ea94f02f9
 
Red Hat Enterprise Linux AS (v. 4)
SRPMS:
dia-0.94-5.4.src.rpm
File outdated by:  RHBA-2007:0393		     97d5aaa13d19483c21cbc329dc00001b
 
IA-32:
dia-0.94-5.4.i386.rpm
File outdated by:  RHBA-2007:0393		     6ee8860a0ba1fb695198f9562f422473
 
IA-64:
dia-0.94-5.4.ia64.rpm
File outdated by:  RHBA-2007:0393		     03205912eecd5ae3f2d65f91769593a3
 
PPC:
dia-0.94-5.4.ppc.rpm
File outdated by:  RHBA-2007:0393		     af35c1218f2bede5aa806b8a335b2715
 
s390:
dia-0.94-5.4.s390.rpm
File outdated by:  RHBA-2007:0393		     c59cce80c5e6b5a3f0564abe61098156
 
s390x:
dia-0.94-5.4.s390x.rpm
File outdated by:  RHBA-2007:0393		     25656c7e6ab95af3f159bd25f8002627
 
x86_64:
dia-0.94-5.4.x86_64.rpm
File outdated by:  RHBA-2007:0393		     3fac8491faa94d85be7b13e9d16ad1fb
 
Red Hat Enterprise Linux ES (v. 2.1)
SRPMS:
dia-0.88.1-3.3.src.rpm     a2bcfd1db5b67912d03cc8377d0efa4e
 
IA-32:
dia-0.88.1-3.3.i386.rpm     3a1e3f98594ec1039dbcc4055d2d6426
 
Red Hat Enterprise Linux ES (v. 4)
SRPMS:
dia-0.94-5.4.src.rpm
File outdated by:  RHBA-2007:0393		     97d5aaa13d19483c21cbc329dc00001b
 
IA-32:
dia-0.94-5.4.i386.rpm
File outdated by:  RHBA-2007:0393		     6ee8860a0ba1fb695198f9562f422473
 
IA-64:
dia-0.94-5.4.ia64.rpm
File outdated by:  RHBA-2007:0393		     03205912eecd5ae3f2d65f91769593a3
 
x86_64:
dia-0.94-5.4.x86_64.rpm
File outdated by:  RHBA-2007:0393		     3fac8491faa94d85be7b13e9d16ad1fb
 
Red Hat Enterprise Linux WS (v. 2.1)
SRPMS:
dia-0.88.1-3.3.src.rpm     a2bcfd1db5b67912d03cc8377d0efa4e
 
IA-32:
dia-0.88.1-3.3.i386.rpm     3a1e3f98594ec1039dbcc4055d2d6426
 
Red Hat Enterprise Linux WS (v. 4)
SRPMS:
dia-0.94-5.4.src.rpm
File outdated by:  RHBA-2007:0393		     97d5aaa13d19483c21cbc329dc00001b
 
IA-32:
dia-0.94-5.4.i386.rpm
File outdated by:  RHBA-2007:0393		     6ee8860a0ba1fb695198f9562f422473
 
IA-64:
dia-0.94-5.4.ia64.rpm
File outdated by:  RHBA-2007:0393		     03205912eecd5ae3f2d65f91769593a3
 
x86_64:
dia-0.94-5.4.x86_64.rpm
File outdated by:  RHBA-2007:0393		     3fac8491faa94d85be7b13e9d16ad1fb
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
SRPMS:
dia-0.88.1-3.3.src.rpm     a2bcfd1db5b67912d03cc8377d0efa4e
 
IA-64:
dia-0.88.1-3.3.ia64.rpm     f0fc2b254fcabcf6aa4e8e0ea94f02f9
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

187401 - CVE-2006-1550 Dia multiple buffer overflows


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1550
http://www.redhat.com/security/updates/classification/#moderate

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/