GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Wed Jun 07, 2006 7:26 pm Post subject: [ GLSA 200606-03 ] Dia: Format string vulnerabilities |
|
|
Gentoo Linux Security Advisory
Title: Dia: Format string vulnerabilities (GLSA 200606-03)
Severity: normal
Exploitable: remote
Date: June 07, 2006
Bug(s): #133699
ID: 200606-03
Synopsis
Format string vulnerabilities in Dia may lead to the execution of arbitrary code.
Background
Dia is a GTK+ based diagram creation program.
Affected Packages
Package: app-office/dia
Vulnerable: < 0.95.1
Unaffected: >= 0.95.1
Architectures: All supported architectures
Description
KaDaL-X discovered a format string error within the handling of filenames. Hans de Goede also discovered several other format string errors in the processing of dia files.
Impact
By enticing a user to open a specially crafted file, a remote attacker could exploit these vulnerabilities to execute arbitrary code with the rights of the user running the application.
Workaround
There is no known workaround at this time.
Resolution
All Dia users should upgrade to the latest available version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=app-office/dia-0.95.1" |
References
CVE-2006-2453
CVE-2006-2480 |
|