Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.55562
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 847-1 (dia)
Summary:NOSUMMARY
Description:Description:
The remote host is missing an update to dia
announced via advisory DSA 847-1.

Joxean Koret discovered that the Python SVG import plugin in dia, a
vector-oriented diagram editor, does not properly sanitise data read
from an SVG file and is hence vulnerable to execute arbitrary Python
code.

The old stable distribution (woody) is not affected by this problem.

For the stable distribution (sarge) this problem has been fixed in
version 0.94.0-7sarge1.

For the unstable distribution (sid) this problem has been fixed in
version 0.94.0-15.

We recommend that you upgrade your dia package.

Solution:
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20847-1

CVSS Score:
5.1

CVSS Vector:
AV:N/AC:H/Au:N/C:P/I:P/A:P

Cross-Ref: BugTraq ID: 15000
Common Vulnerability Exposure (CVE) ID: CVE-2005-2966
http://www.securityfocus.com/bid/15000
Debian Security Information: DSA-1025 (Google Search)
http://www.debian.org/security/2006/dsa-1025
Debian Security Information: DSA-847 (Google Search)
http://www.debian.org/security/2005/dsa-847
http://www.gentoo.org/security/en/glsa/glsa-200510-06.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2005:187
http://secunia.com/advisories/17047
http://secunia.com/advisories/17059
http://secunia.com/advisories/17083
http://secunia.com/advisories/17095
http://secunia.com/advisories/17108
SuSE Security Announcement: SUSE-SR:2005:022 (Google Search)
http://www.novell.com/linux/security/advisories/2005_22_sr.html
https://usn.ubuntu.com/193-1/
http://www.vupen.com/english/advisories/2005/1950
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.