lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Thu, 02 Apr 2015 09:27:00 +0200
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2015:187 ] graphviz

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:187
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : graphviz
 Date    : April 1, 2015
 Affected: Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Updated graphviz packages fix security vulnerability:
 
 Format string vulnerability in the yyerror function in
 lib/cgraph/scan.l in Graphviz allows remote attackers to have
 unspecified impact via format string specifiers in unknown vector,
 which are not properly handled in an error string (CVE-2014-9157).
 
 Additionally the gtkglarea2 and gtkglext packages were missing and
 was required for graphviz to build, these packages are also being
 provided with this advisory.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9157
 http://advisories.mageia.org/MGASA-2014-0520.html
 _______________________________________________________________________

 Updated Packages:

 Mandriva Business Server 2/X86_64:
 9bafda1801998f26c9de8715a5b4f229  mbs2/x86_64/graphviz-2.34.0-7.1.mbs2.x86_64.rpm
 69d0e786218156bda6ce3ae386ce7ece  mbs2/x86_64/java-graphviz-2.34.0-7.1.mbs2.x86_64.rpm
 970a121e1ad3396d744b729ccf0ae80c  mbs2/x86_64/lib64cdt5-2.34.0-7.1.mbs2.x86_64.rpm
 2defc0a9c1b055d4c8aeddbb30d29212  mbs2/x86_64/lib64cgraph6-2.34.0-7.1.mbs2.x86_64.rpm
 517a130b8db8d596acc58c67889bbb2a  mbs2/x86_64/lib64graphviz-devel-2.34.0-7.1.mbs2.x86_64.rpm
 b622bf72651687ff76529d5c79416057  mbs2/x86_64/lib64gtkgl2.0_1-2.0.1-6.mbs2.x86_64.rpm
 e697fb1ccf65f78abed726a76baa8bd3  mbs2/x86_64/lib64gtkgl-devel-2.0.1-6.mbs2.x86_64.rpm
 3c736ee01ead6eca0ee34dd4144c5bcb  mbs2/x86_64/lib64gtkglext-1.0_0-1.2.0-17.mbs2.x86_64.rpm
 ad99471421e44c95c0e88520eabf6368  mbs2/x86_64/lib64gtkglext-devel-1.2.0-17.mbs2.x86_64.rpm
 2a6b3ed54c0bbf4ce7657a7295baf5af  mbs2/x86_64/lib64gvc6-2.34.0-7.1.mbs2.x86_64.rpm
 affcfec0d5c47c4d7f40b6433afb9e3a  mbs2/x86_64/lib64gvpr2-2.34.0-7.1.mbs2.x86_64.rpm
 b3d9803dc5be936b4977fcd07fd8c286  mbs2/x86_64/lib64pathplan4-2.34.0-7.1.mbs2.x86_64.rpm
 281a1f3ecbcc2936040a964884a022a9  mbs2/x86_64/lib64xdot4-2.34.0-7.1.mbs2.x86_64.rpm
 ce23e49e1b648587fe6b7ea091b1dce8  mbs2/x86_64/lua-graphviz-2.34.0-7.1.mbs2.x86_64.rpm
 ada3a4bc05689b2e99ffedb93adf3376  mbs2/x86_64/ocaml-graphviz-2.34.0-7.1.mbs2.x86_64.rpm
 a53d3cefebcaaccd64733ecd44b5acc7  mbs2/x86_64/perl-graphviz-2.34.0-7.1.mbs2.x86_64.rpm
 acfac83dc5cfe4e6dd36d8d93833424e  mbs2/x86_64/php-graphviz-2.34.0-7.1.mbs2.x86_64.rpm
 908183bccda9074dd050d2db15ec3aea  mbs2/x86_64/python-graphviz-2.34.0-7.1.mbs2.x86_64.rpm
 5310a33b0b1366631f627314264eee6a  mbs2/x86_64/ruby-graphviz-2.34.0-7.1.mbs2.x86_64.rpm
 ed47d6081c39dfa6ca44aabb09c6b44e  mbs2/x86_64/tcl-graphviz-2.34.0-7.1.mbs2.x86_64.rpm 
 6c1cbbd3de624c944dc68d353d9eda8d  mbs2/SRPMS/graphviz-2.34.0-7.1.mbs2.src.rpm
 c59bd68ec8a4cbc245c931cc066f2b08  mbs2/SRPMS/gtkglarea2-2.0.1-6.mbs2.src.rpm
 493dd7182d4bfc70d0844ecd5fdd8cfc  mbs2/SRPMS/gtkglext-1.2.0-17.mbs2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFVHOFhmqjQ0CJFipgRAp3wAKC/nwsWD2XGCGzHzr43aX2s2WtZXgCfUYv1
tJI66Kv6DodNHXOLJHD0Iag=
=x1Q3
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ