dia security update

2006-05-0317:52:34

CentOS Project

lists.centos.org

7.6 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.013 Low

EPSS

Percentile

85.8%

JSON

CentOS Errata and Security Advisory CESA-2006:0280

The Dia drawing program is designed to draw various types of diagrams.

infamous41md discovered three buffer overflow bugs in Dia’s xfig file
format importer. If an attacker is able to trick a Dia user into opening a
carefully crafted xfig file, it may be possible to execute arbitrary code
as the user running Dia. (CVE-2006-1550)

Users of Dia should update to these erratum packages, which contain
backported patches and are not vulnerable to these issues.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2006-May/075026.html
https://lists.centos.org/pipermail/centos-announce/2006-May/075031.html
https://lists.centos.org/pipermail/centos-announce/2006-May/075034.html
https://lists.centos.org/pipermail/centos-announce/2006-May/075041.html
https://lists.centos.org/pipermail/centos-announce/2006-May/075042.html

Affected packages:
dia

Upstream details at:
https://access.redhat.com/errata/RHSA-2006:0280

OSVersionArchitecturePackageVersionFilename
CentOS4ia64dia< 0.94-5.4dia-0.94-5.4.ia64.rpm
CentOS4alphadia< 0.94-5.4dia-0.94-5.4.alpha.rpm
CentOS4s390dia< 0.94-5.4dia-0.94-5.4.s390.rpm
CentOS4s390xdia< 0.94-5.4dia-0.94-5.4.s390x.rpm
CentOS4x86_64dia< 0.94-5.4dia-0.94-5.4.x86_64.rpm
CentOS4i386dia< 0.94-5.4dia-0.94-5.4.i386.rpm

OS	Version	Architecture	Package	Version	Filename
CentOS	4	ia64	dia	< 0.94-5.4	dia-0.94-5.4.ia64.rpm
CentOS	4	alpha	dia	< 0.94-5.4	dia-0.94-5.4.alpha.rpm
CentOS	4	s390	dia	< 0.94-5.4	dia-0.94-5.4.s390.rpm
CentOS	4	s390x	dia	< 0.94-5.4	dia-0.94-5.4.s390x.rpm
CentOS	4	x86_64	dia	< 0.94-5.4	dia-0.94-5.4.x86_64.rpm
CentOS	4	i386	dia	< 0.94-5.4	dia-0.94-5.4.i386.rpm