Upstream information

CVE-2008-5984 at MITRE

Description

Untrusted search path vulnerability in the Python plugin in Dia 0.96.1, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 6.9
Vector AV:L/AC:M/Au:N/C:C/I:C/A:C
Access Vector Local
Access Complexity Medium
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete
SUSE Bugzilla entry: 470096 [RESOLVED / UPSTREAM]

No SUSE Security Announcements cross referenced.

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 12 SP1
  • dia >= 0.97.2-13.253
  • dia-lang >= 0.97.2-13.253
Patchnames:
SUSE Linux Enterprise Desktop 12 SP1 GA dia-0.97.2-13.253
SUSE Linux Enterprise Software Development Kit 12 SP1 GA dia-0.97.2-13.253
SUSE Linux Enterprise Workstation Extension 12 SP1 GA dia-0.97.2-13.253
SUSE Linux Enterprise Desktop 12 SP2
  • dia >= 0.97.3-15.63
  • dia-lang >= 0.97.3-15.63
Patchnames:
SUSE Linux Enterprise Desktop 12 SP2 GA dia-0.97.3-15.63
SUSE Linux Enterprise Software Development Kit 12 SP2 GA dia-0.97.3-15.63
SUSE Linux Enterprise Workstation Extension 12 SP2 GA dia-0.97.3-15.63
SUSE Linux Enterprise Desktop 12 SP3
  • dia >= 0.97.3-15.63
  • dia-lang >= 0.97.3-15.63
Patchnames:
SUSE Linux Enterprise Desktop 12 SP3 GA dia-0.97.3-15.63
SUSE Linux Enterprise Software Development Kit 12 SP3 GA dia-0.97.3-15.63
SUSE Linux Enterprise Workstation Extension 12 SP3 GA dia-0.97.3-15.63
SUSE Linux Enterprise Desktop 12 SP4
  • dia >= 0.97.3-15.63
  • dia-lang >= 0.97.3-15.63
Patchnames:
SUSE Linux Enterprise Desktop 12 SP4 GA dia-0.97.3-15.63
SUSE Linux Enterprise Software Development Kit 12 SP4 GA dia-0.97.3-15.63
SUSE Linux Enterprise Workstation Extension 12 SP4 GA dia-0.97.3-15.63
SUSE Linux Enterprise Desktop 12 SP5
SUSE Linux Enterprise Workstation Extension 12 SP5
  • dia >= 0.97.3-15.63
  • dia-lang >= 0.97.3-15.63
Patchnames:
SUSE Linux Enterprise Workstation Extension 12 SP5 GA dia-0.97.3-15.63
SUSE Linux Enterprise Desktop 12
  • dia >= 0.97.2-13.253
  • dia-lang >= 0.97.2-13.253
Patchnames:
SUSE Linux Enterprise Desktop 12 GA dia-0.97.2-13.253
SUSE Linux Enterprise Software Development Kit 12 GA dia-0.97.2-13.253
SUSE Linux Enterprise Workstation Extension 12 GA dia-0.97.2-13.253
SUSE Linux Enterprise Desktop 15 SP1
SUSE Linux Enterprise Server 15 SP1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
SUSE Linux Enterprise Workstation Extension 15 SP1
  • dia >= 0.97.3-2.32
  • dia-lang >= 0.97.3-2.32
Patchnames:
SUSE Linux Enterprise Workstation Extension 15 SP1 GA dia-0.97.3-2.32
SUSE Linux Enterprise Desktop 15
SUSE Linux Enterprise Server 15
SUSE Linux Enterprise Server for SAP Applications 15
SUSE Linux Enterprise Workstation Extension 15
  • dia >= 0.97.3-2.32
  • dia-lang >= 0.97.3-2.32
Patchnames:
SUSE Linux Enterprise Workstation Extension 15 GA dia-0.97.3-2.32
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
  • dia >= 0.97.2-13.253
  • dia-lang >= 0.97.2-13.253
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP1 GA dia-0.97.2-13.253
SUSE Linux Enterprise Workstation Extension 12 SP1 GA dia-0.97.2-13.253
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP2
  • dia >= 0.97.3-15.63
  • dia-lang >= 0.97.3-15.63
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP2 GA dia-0.97.3-15.63
SUSE Linux Enterprise Workstation Extension 12 SP2 GA dia-0.97.3-15.63
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server for SAP Applications 12 SP3
  • dia >= 0.97.3-15.63
  • dia-lang >= 0.97.3-15.63
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP3 GA dia-0.97.3-15.63
SUSE Linux Enterprise Workstation Extension 12 SP3 GA dia-0.97.3-15.63
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server for SAP Applications 12 SP4
  • dia >= 0.97.3-15.63
  • dia-lang >= 0.97.3-15.63
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP4 GA dia-0.97.3-15.63
SUSE Linux Enterprise Workstation Extension 12 SP4 GA dia-0.97.3-15.63
SUSE Linux Enterprise Server 12 SP5
SUSE Linux Enterprise Server for SAP Applications 12 SP5
  • dia >= 0.97.3-15.63
  • dia-lang >= 0.97.3-15.63
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP5 GA dia-0.97.3-15.63
SUSE Linux Enterprise Workstation Extension 12 SP5 GA dia-0.97.3-15.63
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server for SAP Applications 12
  • dia >= 0.97.2-13.253
  • dia-lang >= 0.97.2-13.253
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 GA dia-0.97.2-13.253
SUSE Linux Enterprise Workstation Extension 12 GA dia-0.97.2-13.253
SUSE Linux Enterprise Software Development Kit 12 SP1
  • dia >= 0.97.2-13.253
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP1 GA dia-0.97.2-13.253
SUSE Linux Enterprise Software Development Kit 12 SP2
  • dia >= 0.97.3-15.63
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP2 GA dia-0.97.3-15.63
SUSE Linux Enterprise Software Development Kit 12 SP3
  • dia >= 0.97.3-15.63
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP3 GA dia-0.97.3-15.63
SUSE Linux Enterprise Software Development Kit 12 SP4
  • dia >= 0.97.3-15.63
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP4 GA dia-0.97.3-15.63
SUSE Linux Enterprise Software Development Kit 12 SP5
  • dia >= 0.97.3-15.63
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP5 GA dia-0.97.3-15.63
SUSE Linux Enterprise Software Development Kit 12
  • dia >= 0.97.2-13.253
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 GA dia-0.97.2-13.253
SUSE Linux Enterprise Workstation Extension 12 SP1
  • dia >= 0.97.2-13.253
  • dia-lang >= 0.97.2-13.253
Patchnames:
SUSE Linux Enterprise Workstation Extension 12 SP1 GA dia-0.97.2-13.253
SUSE Linux Enterprise Workstation Extension 12 SP2
  • dia >= 0.97.3-15.63
  • dia-lang >= 0.97.3-15.63
Patchnames:
SUSE Linux Enterprise Workstation Extension 12 SP2 GA dia-0.97.3-15.63
SUSE Linux Enterprise Workstation Extension 12 SP3
  • dia >= 0.97.3-15.63
  • dia-lang >= 0.97.3-15.63
Patchnames:
SUSE Linux Enterprise Workstation Extension 12 SP3 GA dia-0.97.3-15.63
SUSE Linux Enterprise Workstation Extension 12 SP4
  • dia >= 0.97.3-15.63
  • dia-lang >= 0.97.3-15.63
Patchnames:
SUSE Linux Enterprise Workstation Extension 12 SP4 GA dia-0.97.3-15.63
SUSE Linux Enterprise Workstation Extension 12
  • dia >= 0.97.2-13.253
  • dia-lang >= 0.97.2-13.253
Patchnames:
SUSE Linux Enterprise Workstation Extension 12 GA dia-0.97.2-13.253
openSUSE Tumbleweed
  • dia >= 0.97.3-4.13
  • dia-lang >= 0.97.3-4.13
Patchnames:
openSUSE Tumbleweed GA dia-0.97.3-4.13