Security Advisory dia security update

Advisory: RHSA-2006:0541-3
Type: Security Advisory
Severity: Moderate
Issued on: 2006-06-01
Last updated on: 2006-06-01
Affected Products: Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 4)
OVAL: N/A
CVEs (cve.mitre.org): CVE-2006-2453
CVE-2006-2480

Details

Updated Dia packages that fix several buffer overflow bugs are now available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

The Dia drawing program is designed to draw various types of diagrams.

Several format string flaws were found in the way dia displays certain
messages. If an attacker is able to trick a Dia user into opening a
carefully crafted file, it may be possible to execute arbitrary code as the
user running Dia. (CVE-2006-2453, CVE-2006-2480)

Users of Dia should update to these erratum packages, which contain
backported patches and are not vulnerable to these issues.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Desktop (v. 4)
SRPMS:
dia-0.94-5.7.1.src.rpm     d55df9a68f2c56a994dd8f71aee11380
 
IA-32:
dia-0.94-5.7.1.i386.rpm
File outdated by:  RHBA-2007:0393		     bc2e13813b8131cd8ea6dcdab910ed15
 
x86_64:
dia-0.94-5.7.1.x86_64.rpm
File outdated by:  RHBA-2007:0393		     8f0f6342f2c3fcb6cbd07ff8a0887ac8
 
Red Hat Enterprise Linux AS (v. 4)
SRPMS:
dia-0.94-5.7.1.src.rpm     d55df9a68f2c56a994dd8f71aee11380
 
IA-32:
dia-0.94-5.7.1.i386.rpm
File outdated by:  RHBA-2007:0393		     bc2e13813b8131cd8ea6dcdab910ed15
 
IA-64:
dia-0.94-5.7.1.ia64.rpm
File outdated by:  RHBA-2007:0393		     46e39c3112958e964d3aee06c5ec0562
 
PPC:
dia-0.94-5.7.1.ppc.rpm
File outdated by:  RHBA-2007:0393		     c468d0fda6ef02ef7ed3706701b5ef80
 
s390:
dia-0.94-5.7.1.s390.rpm
File outdated by:  RHBA-2007:0393		     fb8026ab24b596855a59552f78efcc44
 
s390x:
dia-0.94-5.7.1.s390x.rpm
File outdated by:  RHBA-2007:0393		     aa3cd319dac56c3b8f423cda410eef53
 
x86_64:
dia-0.94-5.7.1.x86_64.rpm
File outdated by:  RHBA-2007:0393		     8f0f6342f2c3fcb6cbd07ff8a0887ac8
 
Red Hat Enterprise Linux ES (v. 4)
SRPMS:
dia-0.94-5.7.1.src.rpm     d55df9a68f2c56a994dd8f71aee11380
 
IA-32:
dia-0.94-5.7.1.i386.rpm
File outdated by:  RHBA-2007:0393		     bc2e13813b8131cd8ea6dcdab910ed15
 
IA-64:
dia-0.94-5.7.1.ia64.rpm
File outdated by:  RHBA-2007:0393		     46e39c3112958e964d3aee06c5ec0562
 
x86_64:
dia-0.94-5.7.1.x86_64.rpm
File outdated by:  RHBA-2007:0393		     8f0f6342f2c3fcb6cbd07ff8a0887ac8
 
Red Hat Enterprise Linux WS (v. 4)
SRPMS:
dia-0.94-5.7.1.src.rpm     d55df9a68f2c56a994dd8f71aee11380
 
IA-32:
dia-0.94-5.7.1.i386.rpm
File outdated by:  RHBA-2007:0393		     bc2e13813b8131cd8ea6dcdab910ed15
 
IA-64:
dia-0.94-5.7.1.ia64.rpm
File outdated by:  RHBA-2007:0393		     46e39c3112958e964d3aee06c5ec0562
 
x86_64:
dia-0.94-5.7.1.x86_64.rpm
File outdated by:  RHBA-2007:0393		     8f0f6342f2c3fcb6cbd07ff8a0887ac8
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

192698 - CVE-2006-2480 Dia format string issue (CVE-2006-2453)


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2453
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2480
http://www.redhat.com/security/updates/classification/#moderate

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/