Joined: 12 May 2004
|Posted: Wed Jun 07, 2006 7:26 pm Post subject: [ GLSA 200606-03 ] Dia: Format string vulnerabilities
|Gentoo Linux Security Advisory
Title: Dia: Format string vulnerabilities (GLSA 200606-03)
Date: June 07, 2006
Format string vulnerabilities in Dia may lead to the execution of arbitrary code.
Dia is a GTK+ based diagram creation program.
Vulnerable: < 0.95.1
Unaffected: >= 0.95.1
Architectures: All supported architectures
KaDaL-X discovered a format string error within the handling of filenames. Hans de Goede also discovered several other format string errors in the processing of dia files.
By enticing a user to open a specially crafted file, a remote attacker could exploit these vulnerabilities to execute arbitrary code with the rights of the user running the application.
There is no known workaround at this time.
All Dia users should upgrade to the latest available version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=app-office/dia-0.95.1"