BugTraq
[ MDVSA-2014:248 ] graphviz Dec 14 2014 07:31PM
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:248
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : graphviz
Date : December 14, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Updated graphviz packages fix security vulnerability:

Format string vulnerability in the yyerror function in
lib/cgraph/scan.l in Graphviz allows remote attackers to have
unspecified impact via format string specifiers in unknown vector,
which are not properly handled in an error string (CVE-2014-9157).
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9157
http://advisories.mageia.org/MGASA-2014-0520.html
_______________________________________________________________________

Updated Packages:

Mandriva Business Server 1/X86_64:
3914f2ea0cc964221c07b6b27246fad0 mbs1/x86_64/graphviz-2.28.0-6.2.mbs1.x86_64.rpm
5853ee99ae3bd2ae77a39ee5fc2b3aec mbs1/x86_64/graphviz-doc-2.28.0-6.2.mbs1.noarch.rpm
3e546dc38c33ea1fc6fb88cfdda74421 mbs1/x86_64/java-graphviz-2.28.0-6.2.mbs1.x86_64.rpm
865e9476539dd9aaf8d6dfc9ee21458a mbs1/x86_64/lib64cdt5-2.28.0-6.2.mbs1.x86_64.rpm
b0c036687d1ce1e5e097a04811fe86b1 mbs1/x86_64/lib64cgraph6-2.28.0-6.2.mbs1.x86_64.rpm
a206f4a2af9a68e39e0fd878b0cd15d0 mbs1/x86_64/lib64graph5-2.28.0-6.2.mbs1.x86_64.rpm
63f512422c8364f59b21b6b3f8699a06 mbs1/x86_64/lib64graphviz-devel-2.28.0-6.2.mbs1.x86_64.rpm
99d0ef333690abdb5b315c1a08bd9859 mbs1/x86_64/lib64graphviz-static-devel-2.28.0-6.2.mbs1.x86_64.rpm
ae0e7e1a9553301f5ca95823e94c33f8 mbs1/x86_64/lib64gvc6-2.28.0-6.2.mbs1.x86_64.rpm
8a7b1e6cf323707b4c33c1658c1a29de mbs1/x86_64/lib64gvpr2-2.28.0-6.2.mbs1.x86_64.rpm
696ba1406e68c5b3de15749e4f0e782b mbs1/x86_64/lib64pathplan4-2.28.0-6.2.mbs1.x86_64.rpm
c68073de72515035ac978922ec8fa873 mbs1/x86_64/lib64xdot4-2.28.0-6.2.mbs1.x86_64.rpm
27338fd7e937793c97fb02fdd76828fc mbs1/x86_64/lua-graphviz-2.28.0-6.2.mbs1.x86_64.rpm
265496551e62b78ffc7bb762b75c3ea2 mbs1/x86_64/ocaml-graphviz-2.28.0-6.2.mbs1.x86_64.rpm
3c76c71d55bae5c89fde5e8cdd5871ae mbs1/x86_64/perl-graphviz-2.28.0-6.2.mbs1.x86_64.rpm
ad084e55bdfa51c4ad3e83853fa155e6 mbs1/x86_64/php-graphviz-2.28.0-6.2.mbs1.x86_64.rpm
27dee6a16934bcf15f78d20ebaa93607 mbs1/x86_64/python-graphviz-2.28.0-6.2.mbs1.x86_64.rpm
ae7e2f8ba356f47776705930554a96ba mbs1/x86_64/ruby-graphviz-2.28.0-6.2.mbs1.x86_64.rpm
f0a96b284ef58704ce38ea485f2efae7 mbs1/x86_64/tcl-graphviz-2.28.0-6.2.mbs1.x86_64.rpm
34624e4bc4febcf4a08933e1a29a097c mbs1/SRPMS/graphviz-2.28.0-6.2.mbs1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFUjddumqjQ0CJFipgRAiVYAJ4sWiM8q/sTVXAdPzadDfIQKPx5BwCg5y2D
wmueGlkke8nwFiDHQWCewvw=
=4Qhs
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus