Bug 190942
Summary: | CVE-2006-1550 Dia multiple buffer overflows and string format vulnerabilities (CVE-2005-2966, CVE-2006-2480, CVE-2006-2453) | ||
---|---|---|---|
Product: | [Retired] Fedora Legacy | Reporter: | Marc Deslauriers <marc.deslauriers> |
Component: | dia | Assignee: | Fedora Legacy Bugs <bugs> |
Status: | CLOSED WONTFIX | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | deisenst, pekkas |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | impact=moderate, LEGACY, rh73, rh9, 1, 2, 3, NEEDSWORK | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2007-08-30 20:00:54 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 192699, 192830 | ||
Bug Blocks: |
Description
Marc Deslauriers
2006-05-06 22:06:43 UTC
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Here are updated packages to QA. 7f2630052615cad2e86dce113fb09a8fbdf15064 7.3/dia-0.88.1-3.1.legacy.src.rpm f24bb78d953e4a818528fe582d8c985d36f5d4d4 9/dia-0.90-11.1.legacy.src.rpm 60d8615212e807dd9579317b74046483eb850496 1/dia-0.92.2-1.1.legacy.src.rpm ca3212f3c249d5ba8ed4e969428d98a38b265533 2/dia-0.92.2-3.1.1.legacy.src.rpm 0736cf8804b65194e12dcd87cd897ef446234cdb 3/dia-0.94-5.fc3.1.legacy.src.rpm Downloads: http://www.infostrategique.com/linuxrpms/legacy/7.3/dia-0.88.1-3.1.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/9/dia-0.90-11.1.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/1/dia-0.92.2-1.1.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/2/dia-0.92.2-3.1.1.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/3/dia-0.94-5.fc3.1.legacy.src.rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFEXWuALMAs/0C4zNoRAvyjAJ9ESKsU0KOTguO+uX3GHOpQwyAfFwCfXB50 OQLO9l0xn9bOq9vI1208/Ew= =YxKR -----END PGP SIGNATURE----- Two questions: - in RHL9, the patch appears to be commented out? Does this package require to be re-spun, or can this be fixed at build time? - Are we affected by CVE-2005-2966? RHEL hasn't patched it at least and bugzilla search is not working properly so I can't check whether there is bz# for it.. Other than that, looks good. Argh...thanks for noticing the commented out patch in rh9... You're right. Looks like we're affected by CVE-2005-2966. I can't find a bugzilla entry for it for RHEL either, but Debian has a patch we can use. I'll respin these. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330890 http://security.debian.org/pool/updates/main/d/dia/dia_0.94.0-7sarge3.diff.gz *** Bug 188108 has been marked as a duplicate of this bug. *** Looks like there are more potential issues with dia than the CVE-2006-1550 issue addressed by this bugzilla ticket. Hans de Goede of the Fedora Security project has fixed two format string vulnerabilities for the FE5 version of dia for two new CVE's: * CVE-2006-2480 - "Format string vulnerability in Dia 0.94 allows user-complicit attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering errors or warnings, as demonstrated via format string specifiers in a .bmp filename. NOTE: the original exploit was demonstrated through a command line argument, but there are other mechanisms inputs that are automatically process by Dia, such as a crafted .dia file." (See Bug #192535 for FE5; and Bug #192538 & Bug #192699 for FC4). * CVE-2006-2453 - Additional dia format string flaws ("** RESERVED ** This candidate has been reserved ... yada yada yada"). (See Bug #192830 for FE5, and Bug #192699 for FC4). I haven't checked the code yet, but I imagine if there are string format vulnerabilities in dia, that they've been there for a long time, and therefore fixes for CVE-2006-2453 and CVE-2006-2480 could be backported... Fedora Legacy project has ended. These will not be fixed by Fedora Legacy. |