About Ubuntu

=========================================================== Ubuntu Security Notice USN-266-1 April 03, 2006 dia vulnerabilities CVE-2006-1550 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger) The following packages are affected: dia dia-gnome dia-libs The problem can be corrected by upgrading the affected package to version 0.93-4ubuntu2.1 (for Ubuntu 4.10), 0.94.0-5ubuntu1.2 (for Ubuntu 5.04), or 0.94.0-11ubuntu1.1 (for Ubuntu 5.10). In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Three buffer overflows were discovered in the Xfig file format importer. By tricking a user into opening a specially crafted .fig file with dia, an attacker could exploit this to execute arbitrary code with the user's privileges.