MDKSA-2006:093
- Package name
- dia
- Date
- 2006-05-30
- Advisory ID
- MDKSA-2006:093
- Affected versions
- CS3.0 i586 , 2006.0 i586 , 2006.0 x86_64 , CS3.0 x86_64
Problem description
A format string vulnerability in Dia allows user-complicit
attackers to cause a denial of service (crash) and possibly execute
arbitrary code by triggering errors or warnings, as demonstrated via
format string specifiers in a .bmp filename. NOTE: the original
exploit was demonstrated through a command line argument, but there
are other mechanisms inputs that are automatically process by Dia,
such as a crafted .dia file. (CVE-2006-2480)
Multiple unspecified format string vulnerabilities in Dia have
unspecified impact and attack vectors, a different set of issues
than CVE-2006-2480. (CVE-2006-2453)
Packages have been patched to correct this issue.
Updated packages
CS3.0 i586
14773513eee38d6a2ef7c162fedfc0b9 corporate/3.0/RPMS/dia-0.92.2-2.3.C30mdk.i586.rpm 60df291bbe184fdd06564147555eb0e4 corporate/3.0/SRPMS/dia-0.92.2-2.3.C30mdk.src.rpm
2006.0 i586
25f39bc046f44931e37df109581e87b9 2006.0/RPMS/dia-0.94-6.4.20060mdk.i586.rpm f19385acd5189ebc01114fc225fd9320 2006.0/SRPMS/dia-0.94-6.4.20060mdk.src.rpm
2006.0 x86_64
924a511192a32723ccc93121694b224b x86_64/2006.0/RPMS/dia-0.94-6.4.20060mdk.x86_64.rpm f19385acd5189ebc01114fc225fd9320 x86_64/2006.0/SRPMS/dia-0.94-6.4.20060mdk.src.rpm
CS3.0 x86_64
3df4b2245403861a7b36c6acaa056ac7 x86_64/corporate/3.0/RPMS/dia-0.92.2-2.3.C30mdk.x86_64.rpm 60df291bbe184fdd06564147555eb0e4 x86_64/corporate/3.0/SRPMS/dia-0.92.2-2.3.C30mdk.src.rpm