|Category:||Ubuntu Local Security Checks|
|Title:||Ubuntu USN-286-1 (dia)|
|Summary:||Ubuntu USN-286-1 (dia)|
The remote host is missing an update to dia
announced via advisory USN-286-1.
A security issue affects the following Ubuntu releases:
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)
The following packages are affected: dia dia-gnome
Several format string vulnerabilities have been discovered in dia. By
tricking a user into opening a specially crafted dia file, or a
file with a specially crafted name, this could be exploited to execute
arbitrary code with the user's privileges.
The problem can be corrected by upgrading the affected package to
version 0.94.0-5ubuntu1.3 (for Ubuntu 5.04), or 0.94.0-11ubuntu1.2
(for Ubuntu 5.10). After doing a standard system upgrade you need to
restart dia to effect the necessary changes.
Risk factor : High
Common Vulnerability Exposure (CVE) ID: CVE-2006-2453|
SuSE Security Announcement: SUSE-SR:2006:012 (Google Search)
BugTraq ID: 18166
Common Vulnerability Exposure (CVE) ID: CVE-2006-2480
BugTraq ID: 18078
|Copyright||Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com|
|This is only one of 58962 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.