(Red Hat Issues Fix) Dia Buffer Overflows in XFig Import Plugin May Let Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1016026
|
|
SecurityTracker URL: http://securitytracker.com/id?1016026
|
|
CVE Reference: CVE-2006-1550
(Links to External Site)
|
Date: May 3 2006
|
Impact: Execution of arbitrary code via network, User access via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Advisory: Red Hat Advisory
|
Version(s): 0.87 through 0.94; also prior to 0.95-pre6
|
Description: A vulnerability was reported in Dia. A remote user can cause arbitrary code to be executed on the target user's system.
The XFig import plug-in contains several buffer overflows. A remote user can create a specially crafted XFig file that, when loaded
by the target user, can cause arbitrary code to be executed on the target user's system.
infamous41md discovered this vulnerability
during a code review.
|
Impact: A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.
|
Solution: Red Hat has released a fix.
Red Hat Enterprise Linux AS (Advanced Server) version 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/dia-0.88.1-3.3.s
rc.rpm
a2bcfd1db5b67912d03cc8377d0efa4e dia-0.88.1-3.3.src.rpm
i386:
3a1e3f98594ec1039dbcc4055d2d6426 dia-0.88.1-3.3.i386.rpm
ia64:
f0fc2b254fcabcf6aa4e8e0ea94
f02f9 dia-0.88.1-3.3.ia64.rpm
Red Hat Linux Advanced Workstation 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/dia-0.88.1-3.3.src.rpm
a2bcfd1
db5b67912d03cc8377d0efa4e dia-0.88.1-3.3.src.rpm
ia64:
f0fc2b254fcabcf6aa4e8e0ea94f02f9 dia-0.88.1-3.3.ia64.rpm
Red Hat
Enterprise Linux ES version 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/dia-0.88.1-3.3.src.rpm
a2bcfd1db5b67912d03cc8377d0efa4e
dia-0.88.1-3.3.src.rpm
i386:
3a1e3f98594ec1039dbcc4055d2d6426 dia-0.88.1-3.3.i386.rpm
Red Hat Enterprise Linux WS version
2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/dia-0.88.1-3.3.src.rpm
a2bcfd1db5b67912d03cc8377d0efa4e
dia-0.88.1-3.3.src.rpm
i386:
3a1e3f98594ec1039dbcc4055d2d6426 dia-0.88.1-3.3.i386.rpm
Red Hat Enterprise Linux AS version
4:
SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/dia-0.94-5.4.src.rpm
97d5aaa13d19483c21cbc329dc00001b dia-0.94-5.4.src.rpm
i386:
6ee8860a0ba1fb695
198f9562f422473 dia-0.94-5.4.i386.rpm
04f3ac7cb40626b4836dfd4a45135276 dia-debuginfo-0.94-5.4.i386.rpm
ia64:
03205912eecd5ae3f2d65f91769593a3
dia-0.94-5.4.ia64.rpm
e572ed6ba3b0d936cc38c0de14ebae88 dia-debuginfo-0.94-5.4.ia64.rpm
ppc:
af35c1218f2bede5aa806b8a335b2715
dia-0.94-5.4.ppc.rpm
e93f1a08b58a636e8e55a538776d2d52 dia-debuginfo-0.94-5.4.ppc.rpm
s390:
c59cce80c5e6b5a3f0564abe61098156
dia-0.94-5.4.s390.rpm
03159e17a741914c405d88ae6b5dea43 dia-debuginfo-0.94-5.4.s390.rpm
s390x:
25656c7e6ab95af3f159bd25f8002627
dia-0.94-5.4.s390x.rpm
82df44848401aa6fcb162b3a874aff55 dia-debuginfo-0.94-5.4.s390x.rpm
x86_64:
3fac8491faa94d85be7b13e9d16ad1fb
dia-0.94-5.4.x86_64.rpm
3e41ac343a6fcb2c589863020ecbe139 dia-debuginfo-0.94-5.4.x86_64.rpm
Red Hat Enterprise Linux Desktop
version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/dia-0.94-5.4.src.rpm
97d5aaa13d19483c21cbc329dc00001b
dia-0.94-5.4.src.rpm
i386:
6ee8860a0ba1fb695198f9562f422473 dia-0.94-5.4.i386.rpm
04f3ac7cb40626b4836dfd4a45135276 dia-debuginfo-0.94-5.4.i386.rpm
x86_64:
3fa
c8491faa94d85be7b13e9d16ad1fb dia-0.94-5.4.x86_64.rpm
3e41ac343a6fcb2c589863020ecbe139 dia-debuginfo-0.94-5.4.x86_64.rpm
Red
Hat Enterprise Linux ES version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/dia-0.94-5.4.src.rpm
97d5aaa13d19483c21cbc329dc00001b
dia-0.94-5.4.src.rpm
i386:
6ee8860a0ba1fb695198f9562f422473 dia-0.94-5.4.i386.rpm
04f3ac7cb40626b4836dfd4a45135276 dia-debuginfo-0.94-5.4.i386.rpm
ia64:
03205
912eecd5ae3f2d65f91769593a3 dia-0.94-5.4.ia64.rpm
e572ed6ba3b0d936cc38c0de14ebae88 dia-debuginfo-0.94-5.4.ia64.rpm
x86_64:
3fac8491faa94d85be7b13e9d16ad1fb
dia-0.94-5.4.x86_64.rpm
3e41ac343a6fcb2c589863020ecbe139 dia-debuginfo-0.94-5.4.x86_64.rpm
Red Hat Enterprise Linux WS version
4:
SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/dia-0.94-5.4.src.rpm
97d5aaa13d19483c21cbc329dc00001b dia-0.94-5.4.src.rpm
i386:
6ee8860a0ba1fb695
198f9562f422473 dia-0.94-5.4.i386.rpm
04f3ac7cb40626b4836dfd4a45135276 dia-debuginfo-0.94-5.4.i386.rpm
ia64:
03205912eecd5ae3f2d65f91769593a3
dia-0.94-5.4.ia64.rpm
e572ed6ba3b0d936cc38c0de14ebae88 dia-debuginfo-0.94-5.4.ia64.rpm
x86_64:
3fac8491faa94d85be7b13e9d16ad1fb
dia-0.94-5.4.x86_64.rpm
3e41ac343a6fcb2c589863020ecbe139 dia-debuginfo-0.94-5.4.x86_64.rpm
The Red Hat advisory is available
at:
https://rhn.redhat.com/errata/RHSA-2006-0280.html
|
Vendor URL: www.gnome.org/projects/dia/ (Links to External Site)
|
Cause: Boundary error
|
Underlying OS: Linux (Red Hat Enterprise)
|
Underlying OS Comments: 2.1, 3, 4
|
Reported By: bugzilla@redhat.com
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Wed, 3 May 2006 12:07:08 -0400
From: bugzilla@redhat.com
Subject: [RHSA-2006:0280-01] Moderate: dia security update
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Moderate: dia security update
Advisory ID: RHSA-2006:0280-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0280.html
Issue date: 2006-05-03
Updated on: 2006-05-03
Product: Red Hat Enterprise Linux
CVE Names: CVE-2006-1550
- ---------------------------------------------------------------------
1. Summary:
An updated Dia package that fixes several buffer overflow bugs are now
available.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
3. Problem description:
The Dia drawing program is designed to draw various types of diagrams.
infamous41md discovered three buffer overflow bugs in Dia's xfig file
format importer. If an attacker is able to trick a Dia user into opening a
carefully crafted xfig file, it may be possible to execute arbitrary code
as the user running Dia. (CVE-2006-1550)
Users of Dia should update to these erratum packages, which contain
backported patches and are not vulnerable to these issues.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
5. Bug IDs fixed (http://bugzilla.redhat.com/):
187401 - CVE-2006-1550 Dia multiple buffer overflows
6. RPMs required:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/dia-0.88.1-3.3.src.rpm
a2bcfd1db5b67912d03cc8377d0efa4e dia-0.88.1-3.3.src.rpm
i386:
3a1e3f98594ec1039dbcc4055d2d6426 dia-0.88.1-3.3.i386.rpm
ia64:
f0fc2b254fcabcf6aa4e8e0ea94f02f9 dia-0.88.1-3.3.ia64.rpm
Red Hat Linux Advanced Workstation 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/dia-0.88.1-3.3.src.rpm
a2bcfd1db5b67912d03cc8377d0efa4e dia-0.88.1-3.3.src.rpm
ia64:
f0fc2b254fcabcf6aa4e8e0ea94f02f9 dia-0.88.1-3.3.ia64.rpm
Red Hat Enterprise Linux ES version 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/dia-0.88.1-3.3.src.rpm
a2bcfd1db5b67912d03cc8377d0efa4e dia-0.88.1-3.3.src.rpm
i386:
3a1e3f98594ec1039dbcc4055d2d6426 dia-0.88.1-3.3.i386.rpm
Red Hat Enterprise Linux WS version 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/dia-0.88.1-3.3.src.rpm
a2bcfd1db5b67912d03cc8377d0efa4e dia-0.88.1-3.3.src.rpm
i386:
3a1e3f98594ec1039dbcc4055d2d6426 dia-0.88.1-3.3.i386.rpm
Red Hat Enterprise Linux AS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/dia-0.94-5.4.src.rpm
97d5aaa13d19483c21cbc329dc00001b dia-0.94-5.4.src.rpm
i386:
6ee8860a0ba1fb695198f9562f422473 dia-0.94-5.4.i386.rpm
04f3ac7cb40626b4836dfd4a45135276 dia-debuginfo-0.94-5.4.i386.rpm
ia64:
03205912eecd5ae3f2d65f91769593a3 dia-0.94-5.4.ia64.rpm
e572ed6ba3b0d936cc38c0de14ebae88 dia-debuginfo-0.94-5.4.ia64.rpm
ppc:
af35c1218f2bede5aa806b8a335b2715 dia-0.94-5.4.ppc.rpm
e93f1a08b58a636e8e55a538776d2d52 dia-debuginfo-0.94-5.4.ppc.rpm
s390:
c59cce80c5e6b5a3f0564abe61098156 dia-0.94-5.4.s390.rpm
03159e17a741914c405d88ae6b5dea43 dia-debuginfo-0.94-5.4.s390.rpm
s390x:
25656c7e6ab95af3f159bd25f8002627 dia-0.94-5.4.s390x.rpm
82df44848401aa6fcb162b3a874aff55 dia-debuginfo-0.94-5.4.s390x.rpm
x86_64:
3fac8491faa94d85be7b13e9d16ad1fb dia-0.94-5.4.x86_64.rpm
3e41ac343a6fcb2c589863020ecbe139 dia-debuginfo-0.94-5.4.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/dia-0.94-5.4.src.rpm
97d5aaa13d19483c21cbc329dc00001b dia-0.94-5.4.src.rpm
i386:
6ee8860a0ba1fb695198f9562f422473 dia-0.94-5.4.i386.rpm
04f3ac7cb40626b4836dfd4a45135276 dia-debuginfo-0.94-5.4.i386.rpm
x86_64:
3fac8491faa94d85be7b13e9d16ad1fb dia-0.94-5.4.x86_64.rpm
3e41ac343a6fcb2c589863020ecbe139 dia-debuginfo-0.94-5.4.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/dia-0.94-5.4.src.rpm
97d5aaa13d19483c21cbc329dc00001b dia-0.94-5.4.src.rpm
i386:
6ee8860a0ba1fb695198f9562f422473 dia-0.94-5.4.i386.rpm
04f3ac7cb40626b4836dfd4a45135276 dia-debuginfo-0.94-5.4.i386.rpm
ia64:
03205912eecd5ae3f2d65f91769593a3 dia-0.94-5.4.ia64.rpm
e572ed6ba3b0d936cc38c0de14ebae88 dia-debuginfo-0.94-5.4.ia64.rpm
x86_64:
3fac8491faa94d85be7b13e9d16ad1fb dia-0.94-5.4.x86_64.rpm
3e41ac343a6fcb2c589863020ecbe139 dia-debuginfo-0.94-5.4.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/dia-0.94-5.4.src.rpm
97d5aaa13d19483c21cbc329dc00001b dia-0.94-5.4.src.rpm
i386:
6ee8860a0ba1fb695198f9562f422473 dia-0.94-5.4.i386.rpm
04f3ac7cb40626b4836dfd4a45135276 dia-debuginfo-0.94-5.4.i386.rpm
ia64:
03205912eecd5ae3f2d65f91769593a3 dia-0.94-5.4.ia64.rpm
e572ed6ba3b0d936cc38c0de14ebae88 dia-debuginfo-0.94-5.4.ia64.rpm
x86_64:
3fac8491faa94d85be7b13e9d16ad1fb dia-0.94-5.4.x86_64.rpm
3e41ac343a6fcb2c589863020ecbe139 dia-debuginfo-0.94-5.4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1550
http://www.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2006 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQFEWNUeXlSAg2UNWIIRAq3EAKCwMzbOQUEckglx4TnoL8HBSvlOewCgvUKF
s9Jero0HmRGVDAc3Dpb9BAE=
=fOgR
-----END PGP SIGNATURE-----
--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
|
|
