Alerts This Week
Warning Icon 1 637
Alerts This Week
Warning Icon 1 637

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -1 articles for you...
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryfedoraFedora

Fedora 33: FEDORA-2020-1fe0e08c8d Moderate: Dia Infinite Loop Fix

- Added upstream patch to avoid infinite loop on filenames with invalid encoding (CVE-2019-19451, #1778767). --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-1fe0e08c8d 2021-01-15 01:26:10.372585 --------------------------------------------------------------------------------Name : dia Product : Fedora 33 Version : 0.97.3 Release : 16.fc33 URL : https://wiki.gnome.org/Apps/Dia Summary : Diagram drawing program Description : The Dia drawing program can be used to draw different types of diagrams, and includes support for UML static structure diagrams (class diagrams), entity relationship modeling, and network diagrams. Dia can load and save diagrams to a custom file format, can load and save in .xml format, and can export to PostScript(TM). --------------------------------------------------------------------------------Update Information: - Added upstream patch to avoid infinite loop on filenames with invalid encoding (CVE-2019-19451, #1778767) --------------------------------------------------------------------------------ChangeLog: * Thu Dec 31 2020 Robert Scheck - 1:0.97.3-16 - Added upstream patch to avoid infinite loop on filenames with invalid encoding (CVE-2019-19451, #1778767) --------------------------------------------------------------------------------References: [ 1 ] Bug #1778767 - CVE-2019-19451 dia: infinite loop on filenames with invalid encoding https://bugzilla.redhat.com/show_bug.cgi?id=1778767 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-1fe0e08c8d' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Projectcan be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . Fedora 33 updates Dia to fix infinite loops caused by invalid encoding, boosting system stability and addressing key issues.. Dia Update Fedora, Invalid Encoding Fix, Software Patch. . LinuxSecurity.com Team

Calendar 2 Jan 14, 2021 Fedora
202
Ls Advisories Opensuse Esm H240
Price Tag 1security advisorymoderatesecurity update

openSUSE: 2020:0021-1 Moderate: Fix for Endless Loop in dia Software

An update that fixes one vulnerability is now available.. openSUSE Security Update: Security update for dia ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:0021-1 Rating: moderate References: #1158194 Cross-References: CVE-2019-19451 Affected Products: openSUSE Leap 15.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for dia fixes the following issue: - CVE-2019-19451: Fixed an endless loop on filenames with invalid encoding (bsc#1158194). This update was imported from the SUSE:SLE-15:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2020-21=1 Package List: - openSUSE Leap 15.1 (noarch): dia-lang-0.97.3-lp151.4.3.1 - openSUSE Leap 15.1 (x86_64): dia-0.97.3-lp151.4.3.1 dia-debuginfo-0.97.3-lp151.4.3.1 dia-debugsource-0.97.3-lp151.4.3.1 References: https://www.suse.com/security/cve/CVE-2019-19451.html https://bugzilla.suse.com/1158194 -- . Fedora Security Update for xyz Announcement ID: FEDORA-SU-2021:0050-1 Rating: high addressing a critical buffer overflow vulnerability.. openSUSE dia update security patch CVE-2019-19451. . LinuxSecurity.com Team

Calendar 2 Jan 13, 2020 OpenSUSE
Banner 4 1028x280 1708121825 1771600306
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorymoderatedia

SUSE: 2019:3391-1 Moderate: Fix for dia Encoding Issue Stability

An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for dia ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:3391-1 Rating: moderate References: #1158194 Cross-References: CVE-2019-19451 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 SUSE Linux Enterprise Workstation Extension 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for dia fixes the following issue: - CVE-2019-19451: Fixed an endless loop on filenames with invalid encoding (bsc#1158194). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2019-3391=1 - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-3391=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): dia-0.97.3-4.3.3 dia-debuginfo-0.97.3-4.3.3 dia-debugsource-0.97.3-4.3.3 - SUSE Linux Enterprise Workstation Extension 15-SP1 (noarch): dia-lang-0.97.3-4.3.3 - SUSE Linux Enterprise Workstation Extension 15 (noarch): dia-lang-0.97.3-4.3.3 - SUSE Linux Enterprise Workstation Extension 15 (x86_64): dia-0.97.3-4.3.3 dia-debuginfo-0.97.3-4.3.3 dia-debugsource-0.97.3-4.3.3 References: https://www.suse.com/security/cve/CVE-2019-19451.html https://bugzilla.suse.com/1158194 _______________________________________________ sle-security-updates mailinglist This email address is being protected from spambots. You need JavaScript enabled to view it. http://lists.suse.com/mailman/listinfo/sle-security-updates . SUSE Security Patch for dia addresses a significant vulnerability related to improper encoding. Access the most recent update specifics here.. SUSE Update, Security Patch, dia Fix. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Dec 27, 2019 Important SuSE
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorymoderatedia

SUSE: 2019:3390-1 Moderate: Fix for dia Endless Loop Vulnerability

An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for dia ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:3390-1 Rating: moderate References: #1158194 Cross-References: CVE-2019-19451 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for dia fixes the following issue: - CVE-2019-19451: Fixed an endless loop on filenames with invalid encoding (bsc#1158194). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2019-3390=1 - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-3390=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2019-3390=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-3390=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-3390=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): dia-0.97.3-17.4.1 dia-debuginfo-0.97.3-17.4.1 dia-debugsource-0.97.3-17.4.1 - SUSE Linux Enterprise Workstation Extension 12-SP5 (noarch): dia-lang-0.97.3-17.4.1 - SUSE Linux Enterprise Workstation Extension 12-SP4 (noarch): dia-lang-0.97.3-17.4.1 - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): dia-0.97.3-17.4.1 dia-debuginfo-0.97.3-17.4.1 dia-debugsource-0.97.3-17.4.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): dia-0.97.3-17.4.1 dia-debuginfo-0.97.3-17.4.1 dia-debugsource-0.97.3-17.4.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): dia-0.97.3-17.4.1 dia-debuginfo-0.97.3-17.4.1 dia-debugsource-0.97.3-17.4.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): dia-lang-0.97.3-17.4.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): dia-0.97.3-17.4.1 dia-debuginfo-0.97.3-17.4.1 dia-debugsource-0.97.3-17.4.1 References: https://www.suse.com/security/cve/CVE-2019-19451.html https://bugzilla.suse.com/1158194 _______________________________________________ sle-security-updates mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. http://lists.suse.com/mailman/listinfo/sle-security-updates . SUSE Security Patch for dia resolves a medium severity loop vulnerability. Apply the update according to your system version.. SUSE Security, dia Update, Linux Patch, Security Advisory, Update Management. . LinuxSecurity.com Team

Calendar 2 Dec 27, 2019 SuSE
Banner 4 1028x280 1708121825 1771600306
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisorycriticalFedora

Fedora 9 FEDORA-2009-1057 Critical: Dia Python Module Risk Mitigation

Filter out untrusted python modules search path to remove the possibility to run arbitrary code on the user's system if there is a python file in dia's working directory named the same as one that dia's python scripts try to import.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2009-1057 2009-01-27 00:37:49.511337 --------------------------------------------------------------------------------Name : dia Product : Fedora 9 Version : 0.96.1 Release : 7.fc9 URL : https://wiki.gnome.org/Apps Summary : Diagram drawing program Description : The Dia drawing program is designed to be like the Windows(TM) Visio program. Dia can be used to draw different types of diagrams, and includes support for UML static structure diagrams (class diagrams), entity relationship modeling, and network diagrams. Dia can load and save diagrams to a custom file format, can load and save in .xml format, and can export to PostScript(TM). --------------------------------------------------------------------------------Update Information: Filter out untrusted python modules search path to remove the possibility to run arbitrary code on the user's system if there is a python file in dia's working directory named the same as one that dia's python scripts try to import. --------------------------------------------------------------------------------ChangeLog: * Mon Jan 26 2009 Caolán McNamara 1:0.96.1-7 - Resolves: rhbz#481551 python modules search path --------------------------------------------------------------------------------References: [ 1 ] Bug #481551 - dia: untrusted python modules search path https://bugzilla.redhat.com/show_bug.cgi?id=481551 --------------------------------------------------------------------------------This update can be installed with the "yum" update program. Use su -c 'yum update dia' at the command line. For more information, refer to "Managing Software withyum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ Fedora-package-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . The recent update for Fedora 9 addresses a vulnerability in Dia by implementing measures to filter out untrusted Python modules, effectively preventing the execution of arbitrary code.. Fedora Update, Dia Security Fix, Python Module Management. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jan 26, 2009 Critical Fedora
200
Ls Advisories Scientific Esm H240
Price Tag 1security advisorymoderatebuffer overflow

Scientific Linux: Dia Moderate Buffer Overflow Advisory CVE-2006-2480

Updated Dia packages that fix several buffer overflow bugs are . Date: Wed, 7 Jun 2006 15:51:43 -0500 Reply-To: Connie Sieh Sender: Security Errata for Scientific Linux From: Connie Sieh Subject: ERRATA for "dia" on SL 41 ia64 now available Comments: To: scientific The ERRATA for SL 41 ia64 are now available from: Synopsis: Updated Dia packages that fix several buffer overflow bugs are now available Severity: moderate Issued on: 2006-06-01 CVEs: CVE-2006-2480 CVE-2006-2453 SRPMS dia-0.94-5.7.1.src.rpm ia-64 dia-0.94-5.7.1.ia64.rpm --Connie Sieh --Jarek Polok . Recent updates to Scientific Linux introduce critical security upgrades aimed at addressing vulnerabilities associated with code execution flaws.. buffer overflow, dia package, scientific linux errata. . LinuxSecurity.com Team

Calendar 2 Jun 07, 2006 Scientific Linux
Banner 4 1028x280 1708121825 1771600306
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorysecurity updatebuffer overflow

Red Hat Enterprise Linux 4: RHSA-2006:0541-02 Moderate: Dia Buffer Overflow

Updated Dia packages that fix several buffer overflow bugs are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team.. - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: dia security update Advisory ID: RHSA-2006:0541-02 Advisory URL: https://access.redhat.com/errata/RHSA-2006:0541.html Issue date: 2006-06-01 Updated on: 2006-06-01 Product: Red Hat Enterprise Linux CVE Names: CVE-2006-2453 CVE-2006-2480 - ---------------------------------------------------------------------1. Summary: Updated Dia packages that fix several buffer overflow bugs are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: The Dia drawing program is designed to draw various types of diagrams. Several format string flaws were found in the way dia displays certain messages. If an attacker is able to trick a Dia user into opening a carefully crafted file, it may be possible to execute arbitrary code as the user running Dia. (CVE-2006-2453, CVE-2006-2480) Users of Dia should update to these erratum packages, which contain backported patches and are not vulnerable to these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in theappropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 192698 - CVE-2006-2480 Dia format string issue (CVE-2006-2453) 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: d55df9a68f2c56a994dd8f71aee11380 dia-0.94-5.7.1.src.rpm i386: bc2e13813b8131cd8ea6dcdab910ed15 dia-0.94-5.7.1.i386.rpm f0cfd596249745cce1dc26854fa2d785 dia-debuginfo-0.94-5.7.1.i386.rpm ia64: 46e39c3112958e964d3aee06c5ec0562 dia-0.94-5.7.1.ia64.rpm 32a07c762ff0f4e2b35176c9b851d33c dia-debuginfo-0.94-5.7.1.ia64.rpm ppc: c468d0fda6ef02ef7ed3706701b5ef80 dia-0.94-5.7.1.ppc.rpm 6e913ed7eb05ff1764178822ab0ea249 dia-debuginfo-0.94-5.7.1.ppc.rpm s390: fb8026ab24b596855a59552f78efcc44 dia-0.94-5.7.1.s390.rpm 4159c13dca73903490b98499c5c60eb2 dia-debuginfo-0.94-5.7.1.s390.rpm s390x: aa3cd319dac56c3b8f423cda410eef53 dia-0.94-5.7.1.s390x.rpm 579389e8483e1b94e381c2801e17d752 dia-debuginfo-0.94-5.7.1.s390x.rpm x86_64: 8f0f6342f2c3fcb6cbd07ff8a0887ac8 dia-0.94-5.7.1.x86_64.rpm 851110084403997d62847d332f07b110 dia-debuginfo-0.94-5.7.1.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: d55df9a68f2c56a994dd8f71aee11380 dia-0.94-5.7.1.src.rpm i386: bc2e13813b8131cd8ea6dcdab910ed15 dia-0.94-5.7.1.i386.rpm f0cfd596249745cce1dc26854fa2d785 dia-debuginfo-0.94-5.7.1.i386.rpm x86_64: 8f0f6342f2c3fcb6cbd07ff8a0887ac8 dia-0.94-5.7.1.x86_64.rpm 851110084403997d62847d332f07b110 dia-debuginfo-0.94-5.7.1.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: d55df9a68f2c56a994dd8f71aee11380 dia-0.94-5.7.1.src.rpm i386: bc2e13813b8131cd8ea6dcdab910ed15 dia-0.94-5.7.1.i386.rpm f0cfd596249745cce1dc26854fa2d785 dia-debuginfo-0.94-5.7.1.i386.rpm ia64: 46e39c3112958e964d3aee06c5ec0562 dia-0.94-5.7.1.ia64.rpm 32a07c762ff0f4e2b35176c9b851d33c dia-debuginfo-0.94-5.7.1.ia64.rpm x86_64: 8f0f6342f2c3fcb6cbd07ff8a0887ac8 dia-0.94-5.7.1.x86_64.rpm 851110084403997d62847d332f07b110 dia-debuginfo-0.94-5.7.1.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: d55df9a68f2c56a994dd8f71aee11380 dia-0.94-5.7.1.src.rpm i386: bc2e13813b8131cd8ea6dcdab910ed15 dia-0.94-5.7.1.i386.rpm f0cfd596249745cce1dc26854fa2d785 dia-debuginfo-0.94-5.7.1.i386.rpm ia64: 46e39c3112958e964d3aee06c5ec0562 dia-0.94-5.7.1.ia64.rpm 32a07c762ff0f4e2b35176c9b851d33c dia-debuginfo-0.94-5.7.1.ia64.rpm x86_64: 8f0f6342f2c3fcb6cbd07ff8a0887ac8 dia-0.94-5.7.1.x86_64.rpm 851110084403997d62847d332f07b110 dia-debuginfo-0.94-5.7.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://www.cve.org/CVERecord?id=CVE-2006-2453 https://www.cve.org/CVERecord?id=CVE-2006-2480 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2006 Red Hat, Inc. . Fedora releases an update for GIMP to address critical memory leaks with significant security implications. Install the update immediately to improve system safety.. Buffer Overflow Fix, Dia Security Update, Red Hat Enterprise Linux. . LinuxSecurity.com Team

Calendar 2 Jun 01, 2006 Red Hat
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorymoderatesecurity update

Red Hat: RHSA-2006:0280-01 Moderate: Dia Buffer Overflow Risk

An updated Dia package that fixes several buffer overflow bugs are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team.. - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: dia security update Advisory ID: RHSA-2006:0280-01 Advisory URL: https://access.redhat.com/errata/RHSA-2006:0280.html Issue date: 2006-05-03 Updated on: 2006-05-03 Product: Red Hat Enterprise Linux CVE Names: CVE-2006-1550 - ---------------------------------------------------------------------1. Summary: An updated Dia package that fixes several buffer overflow bugs are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: The Dia drawing program is designed to draw various types of diagrams. infamous41md discovered three buffer overflow bugs in Dia's xfig file format importer. If an attacker is able to trick a Dia user into opening a carefully crafted xfig file, it may be possible to execute arbitrary code as the user running Dia. (CVE-2006-1550) Users of Dia should update to these erratum packages, which contain backported patches and are not vulnerable to these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update isavailable via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 187401 - CVE-2006-1550 Dia multiple buffer overflows 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: a2bcfd1db5b67912d03cc8377d0efa4e dia-0.88.1-3.3.src.rpm i386: 3a1e3f98594ec1039dbcc4055d2d6426 dia-0.88.1-3.3.i386.rpm ia64: f0fc2b254fcabcf6aa4e8e0ea94f02f9 dia-0.88.1-3.3.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: a2bcfd1db5b67912d03cc8377d0efa4e dia-0.88.1-3.3.src.rpm ia64: f0fc2b254fcabcf6aa4e8e0ea94f02f9 dia-0.88.1-3.3.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: a2bcfd1db5b67912d03cc8377d0efa4e dia-0.88.1-3.3.src.rpm i386: 3a1e3f98594ec1039dbcc4055d2d6426 dia-0.88.1-3.3.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: a2bcfd1db5b67912d03cc8377d0efa4e dia-0.88.1-3.3.src.rpm i386: 3a1e3f98594ec1039dbcc4055d2d6426 dia-0.88.1-3.3.i386.rpm Red Hat Enterprise Linux AS version 4: SRPMS: 97d5aaa13d19483c21cbc329dc00001b dia-0.94-5.4.src.rpm i386: 6ee8860a0ba1fb695198f9562f422473 dia-0.94-5.4.i386.rpm 04f3ac7cb40626b4836dfd4a45135276 dia-debuginfo-0.94-5.4.i386.rpm ia64: 03205912eecd5ae3f2d65f91769593a3 dia-0.94-5.4.ia64.rpm e572ed6ba3b0d936cc38c0de14ebae88 dia-debuginfo-0.94-5.4.ia64.rpm ppc: af35c1218f2bede5aa806b8a335b2715 dia-0.94-5.4.ppc.rpm e93f1a08b58a636e8e55a538776d2d52 dia-debuginfo-0.94-5.4.ppc.rpm s390: c59cce80c5e6b5a3f0564abe61098156 dia-0.94-5.4.s390.rpm 03159e17a741914c405d88ae6b5dea43 dia-debuginfo-0.94-5.4.s390.rpm s390x: 25656c7e6ab95af3f159bd25f8002627 dia-0.94-5.4.s390x.rpm 82df44848401aa6fcb162b3a874aff55 dia-debuginfo-0.94-5.4.s390x.rpm x86_64: 3fac8491faa94d85be7b13e9d16ad1fb dia-0.94-5.4.x86_64.rpm 3e41ac343a6fcb2c589863020ecbe139 dia-debuginfo-0.94-5.4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: 97d5aaa13d19483c21cbc329dc00001b dia-0.94-5.4.src.rpm i386: 6ee8860a0ba1fb695198f9562f422473 dia-0.94-5.4.i386.rpm 04f3ac7cb40626b4836dfd4a45135276 dia-debuginfo-0.94-5.4.i386.rpm x86_64: 3fac8491faa94d85be7b13e9d16ad1fb dia-0.94-5.4.x86_64.rpm 3e41ac343a6fcb2c589863020ecbe139 dia-debuginfo-0.94-5.4.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: 97d5aaa13d19483c21cbc329dc00001b dia-0.94-5.4.src.rpm i386: 6ee8860a0ba1fb695198f9562f422473 dia-0.94-5.4.i386.rpm 04f3ac7cb40626b4836dfd4a45135276 dia-debuginfo-0.94-5.4.i386.rpm ia64: 03205912eecd5ae3f2d65f91769593a3 dia-0.94-5.4.ia64.rpm e572ed6ba3b0d936cc38c0de14ebae88 dia-debuginfo-0.94-5.4.ia64.rpm x86_64: 3fac8491faa94d85be7b13e9d16ad1fb dia-0.94-5.4.x86_64.rpm 3e41ac343a6fcb2c589863020ecbe139 dia-debuginfo-0.94-5.4.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: 97d5aaa13d19483c21cbc329dc00001b dia-0.94-5.4.src.rpm i386: 6ee8860a0ba1fb695198f9562f422473 dia-0.94-5.4.i386.rpm 04f3ac7cb40626b4836dfd4a45135276 dia-debuginfo-0.94-5.4.i386.rpm ia64: 03205912eecd5ae3f2d65f91769593a3 dia-0.94-5.4.ia64.rpm e572ed6ba3b0d936cc38c0de14ebae88 dia-debuginfo-0.94-5.4.ia64.rpm x86_64: 3fac8491faa94d85be7b13e9d16ad1fb dia-0.94-5.4.x86_64.rpm 3e41ac343a6fcb2c589863020ecbe139 dia-debuginfo-0.94-5.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://www.cve.org/CVERecord?id=CVE-2006-1550 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2006 Red Hat, Inc. . A significant security patch for the Dia software on RedHat mitigates potential buffer overflow vulnerabilities. Users are advised to perform the update.. Red Hat Security, Dia Package, Security Update. . LinuxSecurity.com Team

Calendar 2 May 03, 2006 Red Hat
Banner 4 1028x280 1708121825 1771600306
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here