Upstream information

CVE-2008-5984 at MITRE

Description

Untrusted search path vulnerability in the Python plugin in Dia 0.96.1, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 6.9
Vector AV:L/AC:M/Au:N/C:C/I:C/A:C
Access Vector Local
Access Complexity Medium
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete
SUSE Bugzilla entry: 470096 [RESOLVED / UPSTREAM]

No SUSE Security Announcements cross referenced.

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 12
  • dia >= 0.97.2-13.253
  • dia-lang >= 0.97.2-13.253
Patchnames:
SUSE Linux Enterprise Desktop 12 GA dia
SUSE Linux Enterprise Desktop 12 SP1
  • dia >= 0.97.2-13.253
  • dia-lang >= 0.97.2-13.253
Patchnames:
SUSE Linux Enterprise Desktop 12 SP1 GA dia
SUSE Linux Enterprise Desktop 12 SP2
  • dia >= 0.97.3-15.63
  • dia-lang >= 0.97.3-15.63
Patchnames:
SUSE Linux Enterprise Desktop 12 SP2 GA dia
SUSE Linux Enterprise Desktop 12 SP3
  • dia >= 0.97.3-15.63
  • dia-lang >= 0.97.3-15.63
Patchnames:
SUSE Linux Enterprise Desktop 12 SP3 GA dia
SUSE Linux Enterprise Software Development Kit 12
  • dia >= 0.97.2-13.253
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 GA dia
SUSE Linux Enterprise Software Development Kit 12 SP1
  • dia >= 0.97.2-13.253
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP1 GA dia
SUSE Linux Enterprise Software Development Kit 12 SP2
  • dia >= 0.97.3-15.63
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP2 GA dia
SUSE Linux Enterprise Software Development Kit 12 SP3
  • dia >= 0.97.3-15.63
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP3 GA dia
SUSE Linux Enterprise Workstation Extension 12
  • dia >= 0.97.2-13.253
  • dia-lang >= 0.97.2-13.253
Patchnames:
SUSE Linux Enterprise Workstation Extension 12 GA dia
SUSE Linux Enterprise Workstation Extension 12 SP1
  • dia >= 0.97.2-13.253
  • dia-lang >= 0.97.2-13.253
Patchnames:
SUSE Linux Enterprise Workstation Extension 12 SP1 GA dia
SUSE Linux Enterprise Workstation Extension 12 SP2
  • dia >= 0.97.3-15.63
  • dia-lang >= 0.97.3-15.63
Patchnames:
SUSE Linux Enterprise Workstation Extension 12 SP2 GA dia
SUSE Linux Enterprise Workstation Extension 12 SP3
  • dia >= 0.97.3-15.63
  • dia-lang >= 0.97.3-15.63
Patchnames:
SUSE Linux Enterprise Workstation Extension 12 SP3 GA dia
SUSE Linux Enterprise Workstation Extension 15
  • dia >= 0.97.3-2.32
  • dia-lang >= 0.97.3-2.32
Patchnames:
SUSE Linux Enterprise Workstation Extension 15 GA dia
openSUSE Leap 42.1
  • dia >= 0.97.3-2.10
  • dia-lang >= 0.97.3-2.10
Patchnames:
openSUSE Leap 42.1 GA dia
openSUSE Leap 42.2
  • dia >= 0.97.3-3.35
  • dia-lang >= 0.97.3-3.35
Patchnames:
openSUSE Leap 42.2 GA dia
openSUSE Leap 42.3
  • dia >= 0.97.3-5.26
  • dia-lang >= 0.97.3-5.26
Patchnames:
openSUSE Leap 42.3 GA dia
openSUSE Tumbleweed
  • dia >= 0.97.3-4.13
  • dia-lang >= 0.97.3-4.13
Patchnames:
openSUSE Tumbleweed GA dia