Test ID:	1.3.6.1.4.1.25623.1.0.56630
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2006:0280
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory RHSA-2006:0280. The Dia drawing program is designed to draw various types of diagrams. infamous41md discovered three buffer overflow bugs in Dia's xfig file format importer. If an attacker is able to trick a Dia user into opening a carefully crafted xfig file, it may be possible to execute arbitrary code as the user running Dia. (CVE-2006-1550) Users of Dia should update to these erratum packages, which contain backported patches and are not vulnerable to these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2006-0280.html http://www.redhat.com/security/updates/classification/#moderate Risk factor : High CVSS Score: 7.6
Cross-Ref:	BugTraq ID: 17310 Common Vulnerability Exposure (CVE) ID: CVE-2006-1550 1015853 http://securitytracker.com/id?1015853 17310 http://www.securityfocus.com/bid/17310 19469 http://secunia.com/advisories/19469 19505 http://secunia.com/advisories/19505 19507 http://secunia.com/advisories/19507 19543 http://secunia.com/advisories/19543 19546 http://secunia.com/advisories/19546 19765 http://secunia.com/advisories/19765 19897 http://secunia.com/advisories/19897 19959 http://secunia.com/advisories/19959 20060329 Buffer overflows in Dia XFig import http://www.securityfocus.com/archive/1/429357/100/0/threaded DSA-1025 http://www.debian.org/security/2006/dsa-1025 FEDORA-2006-261 http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00021.html GLSA-200604-14 http://www.gentoo.org/security/en/glsa/glsa-200604-14.xml MDKSA-2006:062 http://www.mandriva.com/security/advisories?name=MDKSA-2006:062 RHSA-2006:0280 http://www.redhat.com/support/errata/RHSA-2006-0280.html SUSE-SR:2006:009 http://www.novell.com/linux/security/advisories/2006_04_28.html USN-266-1 https://usn.ubuntu.com/266-1/ [dia-list] 20060329 Vulnerability in xfig import code http://mail.gnome.org/archives/dia-list/2006-March/msg00149.html diaxfig-xfig-import-bo(25566) https://exchange.xforce.ibmcloud.com/vulnerabilities/25566 oval:org.mitre.oval:def:10361 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10361
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.