Test ID:	1.3.6.1.4.1.25623.1.0.56561
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-266-1 (dia)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to dia announced via advisory USN-266-1. A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger) The following packages are affected: dia dia-gnome dia-libs Three buffer overflows were discovered in the Xfig file format importer. By tricking a user into opening a specially crafted .fig file with dia, an attacker could exploit this to execute arbitrary code with the user's privileges. Solution: The problem can be corrected by upgrading the affected package to version 0.93-4ubuntu2.1 (for Ubuntu 4.10), 0.94.0-5ubuntu1.2 (for Ubuntu 5.04), or 0.94.0-11ubuntu1.1 (for Ubuntu 5.10). In general, a standard system upgrade is sufficient to effect the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-266-1 Risk factor : High CVSS Score: 7.6
Cross-Ref:	BugTraq ID: 17310 Common Vulnerability Exposure (CVE) ID: CVE-2006-1550 1015853 http://securitytracker.com/id?1015853 17310 http://www.securityfocus.com/bid/17310 19469 http://secunia.com/advisories/19469 19505 http://secunia.com/advisories/19505 19507 http://secunia.com/advisories/19507 19543 http://secunia.com/advisories/19543 19546 http://secunia.com/advisories/19546 19765 http://secunia.com/advisories/19765 19897 http://secunia.com/advisories/19897 19959 http://secunia.com/advisories/19959 20060329 Buffer overflows in Dia XFig import http://www.securityfocus.com/archive/1/429357/100/0/threaded DSA-1025 http://www.debian.org/security/2006/dsa-1025 FEDORA-2006-261 http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00021.html GLSA-200604-14 http://www.gentoo.org/security/en/glsa/glsa-200604-14.xml MDKSA-2006:062 http://www.mandriva.com/security/advisories?name=MDKSA-2006:062 RHSA-2006:0280 http://www.redhat.com/support/errata/RHSA-2006-0280.html SUSE-SR:2006:009 http://www.novell.com/linux/security/advisories/2006_04_28.html USN-266-1 https://usn.ubuntu.com/266-1/ [dia-list] 20060329 Vulnerability in xfig import code http://mail.gnome.org/archives/dia-list/2006-March/msg00149.html diaxfig-xfig-import-bo(25566) https://exchange.xforce.ibmcloud.com/vulnerabilities/25566 oval:org.mitre.oval:def:10361 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10361
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.