BugTraq
[ MDVSA-2009:254 ] graphviz Oct 01 2009 06:26PM
security mandriva com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2009:254
http://www.mandriva.com/security/
_______________________________________________________________________

Package : graphviz
Date : October 1, 2009
Affected: 2008.1, 2009.0, Corporate 4.0, Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

A vulnerability was discovered and corrected in graphviz:

Stack-based buffer overflow in the push_subg function in parser.y
(lib/graph/parser.c) in Graphviz 2.20.2, and possibly earlier versions,
allows user-assisted remote attackers to cause a denial of service
(memory corruption) or execute arbitrary code via a DOT file with a
large number of Agraph_t elements (CVE-2008-4555).

This update provides a fix for this vulnerability.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4555
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2008.1:
438c0a99edd76117c5f8f414483ba2cf 2008.1/i586/graphviz-2.16.1-3.2mdv2008.1.i586.rpm
dfb121bb5029b7e9d7a4695bf76a1413 2008.1/i586/graphviz-doc-2.16.1-3.2mdv2008.1.i586.rpm
549ac8639eb441968824a737825bbbfd 2008.1/i586/libgraphviz4-2.16.1-3.2mdv2008.1.i586.rpm
055b0a9ea5a6d9c2bb52cdd24736466c 2008.1/i586/libgraphviz-devel-2.16.1-3.2mdv2008.1.i586.rpm
0a4d296f3280eed23ee466df6e491068 2008.1/i586/libgraphvizlua0-2.16.1-3.2mdv2008.1.i586.rpm
969e8bcb8e2fd7dbd0dc18e1bba81a12 2008.1/i586/libgraphvizocaml0-2.16.1-3.2mdv2008.1.i586.rpm
1502294cefc214c5303d62f08f3dd79e 2008.1/i586/libgraphvizperl0-2.16.1-3.2mdv2008.1.i586.rpm
3512049a131159102e2bc613496c189f 2008.1/i586/libgraphvizphp0-2.16.1-3.2mdv2008.1.i586.rpm
f1dd75279c2deddec3bac08f787148a6 2008.1/i586/libgraphvizpython0-2.16.1-3.2mdv2008.1.i586.rpm
e4cc9bfd988204f3cda765d9b2b5f6b4 2008.1/i586/libgraphvizr0-2.16.1-3.2mdv2008.1.i586.rpm
07b0369439dfbfdf13e1f81333053330 2008.1/i586/libgraphvizruby0-2.16.1-3.2mdv2008.1.i586.rpm
b2da0ab31141bac72991913b2ba5af11 2008.1/i586/libgraphviz-static-devel-2.16.1-3.2mdv2008.1.i586.rpm
17c5d030e390edeaa499afb227c2a918 2008.1/i586/libgraphviztcl0-2.16.1-3.2mdv2008.1.i586.rpm
e1ec78ea74f83f3a76bf3a2840634612 2008.1/SRPMS/graphviz-2.16.1-3.2mdv2008.1.src.rpm

Mandriva Linux 2008.1/X86_64:
1d03179cba939f845767e5c53f55a3ac 2008.1/x86_64/graphviz-2.16.1-3.2mdv2008.1.x86_64.rpm
7f909c2527993dfc6fb52a99ba7d40bf 2008.1/x86_64/graphviz-doc-2.16.1-3.2mdv2008.1.x86_64.rpm
3a7a535f08e5d452c00615970ef681f4 2008.1/x86_64/lib64graphviz4-2.16.1-3.2mdv2008.1.x86_64.rpm
1031c334336b37483bd78743ac996d31 2008.1/x86_64/lib64graphviz-devel-2.16.1-3.2mdv2008.1.x86_64.rpm
aeb9e97aef30819f6900ad0ac36ff7ba 2008.1/x86_64/lib64graphvizlua0-2.16.1-3.2mdv2008.1.x86_64.rpm
52a9857f11e80c8003e41c6e5a38327e 2008.1/x86_64/lib64graphvizocaml0-2.16.1-3.2mdv2008.1.x86_64.rpm
a9c4f5f562e98bd643650a3c47405c5a 2008.1/x86_64/lib64graphvizperl0-2.16.1-3.2mdv2008.1.x86_64.rpm
0085b4658e8a92da42d40fcd06bce41f 2008.1/x86_64/lib64graphvizphp0-2.16.1-3.2mdv2008.1.x86_64.rpm
cb6596d38d763038ba3b6fd1b8f988d5 2008.1/x86_64/lib64graphvizpython0-2.16.1-3.2mdv2008.1.x86_64.rpm
c50a7ea57991f13a11fb193d90bd1dad 2008.1/x86_64/lib64graphvizr0-2.16.1-3.2mdv2008.1.x86_64.rpm
448f2265d11265818ad703724c0b5c77 2008.1/x86_64/lib64graphvizruby0-2.16.1-3.2mdv2008.1.x86_64.rpm
b03474eba03405827cca9ab99a77f517 2008.1/x86_64/lib64graphviz-static-devel-2.16.1-3.2mdv2008.1.x86_64.rpm
ac8c9dacf5f7d8262de0e7d9a803a38a 2008.1/x86_64/lib64graphviztcl0-2.16.1-3.2mdv2008.1.x86_64.rpm
e1ec78ea74f83f3a76bf3a2840634612 2008.1/SRPMS/graphviz-2.16.1-3.2mdv2008.1.src.rpm

Mandriva Linux 2009.0:
cd40ad7b987be4017fc17321ef2d9db3 2009.0/i586/graphviz-2.20.2-3.1mdv2009.0.i586.rpm
16f9bf10cf8fc2703fa9c545501a60f3 2009.0/i586/graphviz-doc-2.20.2-3.1mdv2009.0.i586.rpm
bbd99a51776c7635cc2fb1e6504ab660 2009.0/i586/libgraphviz4-2.20.2-3.1mdv2009.0.i586.rpm
4c51fd7007ad75990da2326a9be1f79b 2009.0/i586/libgraphviz-devel-2.20.2-3.1mdv2009.0.i586.rpm
1ced8591094aa6383aace1dc597c1b31 2009.0/i586/libgraphvizlua0-2.20.2-3.1mdv2009.0.i586.rpm
58c7888f5b8f6753fe8b9ecd2e96263c 2009.0/i586/libgraphvizocaml0-2.20.2-3.1mdv2009.0.i586.rpm
04e0d0f072c05a00c88d58ad773ae71f 2009.0/i586/libgraphvizperl0-2.20.2-3.1mdv2009.0.i586.rpm
fd140078c0bd81fb7a91840626e6d73b 2009.0/i586/libgraphvizphp0-2.20.2-3.1mdv2009.0.i586.rpm
846a760fa83a380d433efec24e5029a3 2009.0/i586/libgraphvizpython0-2.20.2-3.1mdv2009.0.i586.rpm
0f700d07ec8319159a1547817774bce8 2009.0/i586/libgraphvizr0-2.20.2-3.1mdv2009.0.i586.rpm
a00118be4bd5394a3bcf31a50032d7a3 2009.0/i586/libgraphvizruby0-2.20.2-3.1mdv2009.0.i586.rpm
3a47386cf382a64de356a16bd0a3b7fb 2009.0/i586/libgraphviz-static-devel-2.20.2-3.1mdv2009.0.i586.rpm
d24a69b5d1960562e621c4618f98e072 2009.0/i586/libgraphviztcl0-2.20.2-3.1mdv2009.0.i586.rpm
24fccd7d4adb0a5625e71bc5437355aa 2009.0/SRPMS/graphviz-2.20.2-3.1mdv2009.0.src.rpm

Mandriva Linux 2009.0/X86_64:
b430e14520a0f51eb0a95b5e33701741 2009.0/x86_64/graphviz-2.20.2-3.1mdv2009.0.x86_64.rpm
341a88027fdc05164c91afc9bbc457c2 2009.0/x86_64/graphviz-doc-2.20.2-3.1mdv2009.0.x86_64.rpm
4e27716eb9de736e0bec24b4531bcd15 2009.0/x86_64/lib64graphviz4-2.20.2-3.1mdv2009.0.x86_64.rpm
3b4e1362f89ca92e6f33a5967c8f56e3 2009.0/x86_64/lib64graphviz-devel-2.20.2-3.1mdv2009.0.x86_64.rpm
a809b129e4d25356c43fa0149cdab5f7 2009.0/x86_64/lib64graphvizlua0-2.20.2-3.1mdv2009.0.x86_64.rpm
eeb3736d03ab2c010d1475383c3bdb45 2009.0/x86_64/lib64graphvizocaml0-2.20.2-3.1mdv2009.0.x86_64.rpm
65a02975aec2bdd4e7a7a15348fbb91b 2009.0/x86_64/lib64graphvizperl0-2.20.2-3.1mdv2009.0.x86_64.rpm
ae97101a210b04b42bdd6528ed9f3ccc 2009.0/x86_64/lib64graphvizphp0-2.20.2-3.1mdv2009.0.x86_64.rpm
cb6690c8c20d614a4efc95b4938bcc1d 2009.0/x86_64/lib64graphvizpython0-2.20.2-3.1mdv2009.0.x86_64.rpm
60fd79709c361adc99a994046183e808 2009.0/x86_64/lib64graphvizr0-2.20.2-3.1mdv2009.0.x86_64.rpm
17d52b449c8cb552b07d9ec8b7546dab 2009.0/x86_64/lib64graphvizruby0-2.20.2-3.1mdv2009.0.x86_64.rpm
2107cfc119bf716592cde2d9ccb5a278 2009.0/x86_64/lib64graphviz-static-devel-2.20.2-3.1mdv2009.0.x86_64.rpm
22d50187ae34b3fe4fc6e5a56e03cf6e 2009.0/x86_64/lib64graphviztcl0-2.20.2-3.1mdv2009.0.x86_64.rpm
24fccd7d4adb0a5625e71bc5437355aa 2009.0/SRPMS/graphviz-2.20.2-3.1mdv2009.0.src.rpm

Corporate 4.0:
220a090c70ece0be9301c7fbba8eeafb corporate/4.0/i586/graphviz-2.2.1-3.2.20060mdk.i586.rpm
0306b02d2da0dcf568eda62d161c05a3 corporate/4.0/i586/libgraphviz7-2.2.1-3.2.20060mdk.i586.rpm
2a81ab84c226d920922b83e0008c0639 corporate/4.0/i586/libgraphviz7-devel-2.2.1-3.2.20060mdk.i586.rpm
28a0cc74c0741472ad13972e7e37b0fb corporate/4.0/i586/libgraphviztcl7-2.2.1-3.2.20060mdk.i586.rpm
8da2d3fa3550dfedcbdf0a9eca17ce23 corporate/4.0/i586/libgraphviztcl7-devel-2.2.1-3.2.20060mdk.i586.rpm
b6944d7913771bce2e3e8c2fb7175747 corporate/4.0/SRPMS/graphviz-2.2.1-3.2.20060mdk.src.rpm

Corporate 4.0/X86_64:
9b8bb3fc39eb7c4019d93adabb9f32b7 corporate/4.0/x86_64/graphviz-2.2.1-3.2.20060mdk.x86_64.rpm
b4217c99d65439f37ce74bb396379d26 corporate/4.0/x86_64/lib64graphviz7-2.2.1-3.2.20060mdk.x86_64.rpm
cc3677da3e06a39066d940e69f71169a corporate/4.0/x86_64/lib64graphviz7-devel-2.2.1-3.2.20060mdk.x86_64.rpm
a20c4bc6c864d1ec2f2e1df0c0c6bb52 corporate/4.0/x86_64/lib64graphviztcl7-2.2.1-3.2.20060mdk.x86_64.rpm
98f1e52d3b1cc53f18bb50b2d026f177 corporate/4.0/x86_64/lib64graphviztcl7-devel-2.2.1-3.2.20060mdk.x86_64.r
pm
b6944d7913771bce2e3e8c2fb7175747 corporate/4.0/SRPMS/graphviz-2.2.1-3.2.20060mdk.src.rpm

Mandriva Enterprise Server 5:
62ee712cf5d3db3cdc3d89cbaea5a8ef mes5/i586/graphviz-2.20.2-3.1mdvmes5.i586.rpm
cc53ce2980bbc9230c47e9f577dc96e6 mes5/i586/graphviz-doc-2.20.2-3.1mdvmes5.i586.rpm
9c3280147b3ed5269eb8f3639b3797ac mes5/i586/libgraphviz4-2.20.2-3.1mdvmes5.i586.rpm
4d76154866151b9e1c9950bd9e696079 mes5/i586/libgraphviz-devel-2.20.2-3.1mdvmes5.i586.rpm
290871c8685f212d550630883d21a3c1 mes5/i586/libgraphvizlua0-2.20.2-3.1mdvmes5.i586.rpm
75da3b25645fd179cd1b09c7f7f5b1a6 mes5/i586/libgraphvizocaml0-2.20.2-3.1mdvmes5.i586.rpm
c7fa737414c85c02f1b1773bd9251123 mes5/i586/libgraphvizperl0-2.20.2-3.1mdvmes5.i586.rpm
5f6e94e5805938ae3db0a0f40352bbc8 mes5/i586/libgraphvizphp0-2.20.2-3.1mdvmes5.i586.rpm
70bcd1a23e310ec99243f01fbd961580 mes5/i586/libgraphvizpython0-2.20.2-3.1mdvmes5.i586.rpm
bd47754ee30d40320747d3f49e0e7379 mes5/i586/libgraphvizr0-2.20.2-3.1mdvmes5.i586.rpm
0c958b24c47c0490dcef2f02f14b9dfc mes5/i586/libgraphvizruby0-2.20.2-3.1mdvmes5.i586.rpm
8d7fc25bbe7bae9b6f3a30e804e194ca mes5/i586/libgraphviz-static-devel-2.20.2-3.1mdvmes5.i586.rpm
504ba285c05399aed39bfd3e073efef3 mes5/i586/libgraphviztcl0-2.20.2-3.1mdvmes5.i586.rpm
deab8d3cf3d3385681981ddcae6f27f5 mes5/SRPMS/graphviz-2.20.2-3.1mdvmes5.src.rpm

Mandriva Enterprise Server 5/X86_64:
52e6de0a8fed5ea15100f9db0fa89165 mes5/x86_64/graphviz-2.20.2-3.1mdvmes5.x86_64.rpm
a41a1b7184b99e6cf39cbe4c472869d3 mes5/x86_64/graphviz-doc-2.20.2-3.1mdvmes5.x86_64.rpm
20aec37af8e1e0ed35252c0946146bb4 mes5/x86_64/lib64graphviz4-2.20.2-3.1mdvmes5.x86_64.rpm
f64c7fbba5f6013bf85d7fc0cbe08b8e mes5/x86_64/lib64graphviz-devel-2.20.2-3.1mdvmes5.x86_64.rpm
9231a34114cd21170548ad956dbceac8 mes5/x86_64/lib64graphvizlua0-2.20.2-3.1mdvmes5.x86_64.rpm
35decda2e828878b50e89412abec4452 mes5/x86_64/lib64graphvizocaml0-2.20.2-3.1mdvmes5.x86_64.rpm
cc55ea4aeebbb1407c0545396c13e690 mes5/x86_64/lib64graphvizperl0-2.20.2-3.1mdvmes5.x86_64.rpm
b44aaa3e7b0815a977c1ec2baab022fe mes5/x86_64/lib64graphvizphp0-2.20.2-3.1mdvmes5.x86_64.rpm
b5b201cafa894a5cfcd52591d69f5a5e mes5/x86_64/lib64graphvizpython0-2.20.2-3.1mdvmes5.x86_64.rpm
ae7c9ddf53031238aad61102d988d0c0 mes5/x86_64/lib64graphvizr0-2.20.2-3.1mdvmes5.x86_64.rpm
14ee645f24b5a73245bb956b225731ec mes5/x86_64/lib64graphvizruby0-2.20.2-3.1mdvmes5.x86_64.rpm
2c9bc7399ef37e5ea4166a43bb595ffe mes5/x86_64/lib64graphviz-static-devel-2.20.2-3.1mdvmes5.x86_64.rpm
b238a236ff9db01dca40e37e87c30304 mes5/x86_64/lib64graphviztcl0-2.20.2-3.1mdvmes5.x86_64.rpm
deab8d3cf3d3385681981ddcae6f27f5 mes5/SRPMS/graphviz-2.20.2-3.1mdvmes5.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFKxMaAmqjQ0CJFipgRAuQlAJoDTqDq5rg6FU+iVE7+f+dbzyAzFACeLU5Z
bKt0b1Yn9jvoKvPVqNAjk28=
=i+6O
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus