MDKSA-2006:062

Package name

dia

Date

2006-04-03

Advisory ID

MDKSA-2006:062

Affected versions

CS3.0 i586 , 2006.0 i586 , 2006.0 x86_64 , CS3.0 x86_64

Problem description

Three buffer overflows were discovered by infamous41md in dia's xfig
import code. This could allow for user-complicit attackers to have
an unknown impact via a crafted xfig file, possibly involving an
invalid color index, number of points, or depth.

Updated packages have been patched to correct this issue.

Updated packages

CS3.0 i586

 0d44c1c3c4a7c966ca09a3978f3b0daa  corporate/3.0/RPMS/dia-0.92.2-2.1.C30mdk.i586.rpm
 a4e4380967348069ceb7fed48031f2ac  corporate/3.0/SRPMS/dia-0.92.2-2.1.C30mdk.src.rpm

2006.0 i586

 61ff8ad07d0c6760910233f6eee3043d  2006.0/RPMS/dia-0.94-6.2.20060mdk.i586.rpm
 b64fa9e7edd3252d653a7d97f46ed35a  2006.0/SRPMS/dia-0.94-6.2.20060mdk.src.rpm

2006.0 x86_64

 91bde989f261feaaba0e3e7a6504a17d  x86_64/2006.0/RPMS/dia-0.94-6.2.20060mdk.x86_64.rpm
 b64fa9e7edd3252d653a7d97f46ed35a  x86_64/2006.0/SRPMS/dia-0.94-6.2.20060mdk.src.rpm

CS3.0 x86_64

 3d5efe348829f4d108ff3b6132a0020b  x86_64/corporate/3.0/RPMS/dia-0.92.2-2.1.C30mdk.x86_64.rpm
 a4e4380967348069ceb7fed48031f2ac  x86_64/corporate/3.0/SRPMS/dia-0.92.2-2.1.C30mdk.src.rpm

References

• http://mail.gnome.org/archives/dia-list/2006-March/msg00149.html
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1550