lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1Xz6Z4-0002ke-Qr@master.debian.org>
Date: Thu, 11 Dec 2014 16:26:06 +0000
From: Salvatore Bonaccorso <carnil@...ian.org>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 3098-1] graphviz security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3098-1                   security@...ian.org
http://www.debian.org/security/                      Salvatore Bonaccorso
December 11, 2014                      http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : graphviz
CVE ID         : CVE-2014-9157
Debian Bug     : 772648

Joshua Rogers discovered a format string vulnerability in the yyerror
function in lib/cgraph/scan.l in Graphviz, a rich set of graph drawing
tools. An attacker could use this flaw to cause graphviz to crash or
possibly execute arbitrary code.

For the stable distribution (wheezy), this problem has been fixed in
version 2.26.3-14+deb7u2.

For the upcoming stable distribution (jessie), this problem will be
fixed soon in version 2.38.0-7.

For the unstable distribution (sid), this problem has been fixed in
version 2.38.0-7.

We recommend that you upgrade your graphviz packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@...ts.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJUicMWAAoJEAVMuPMTQ89EdygP/iTwBisnJ13s+afAineui04Z
hJrj41+Wb7GQ7zkX1NZXC7e6JgD4S7GiZ0AQnoAG1dKv9yuXDc8Rk2MThP9VuSnl
RR+sT6aTAf5rhFO342EgcTdf7H/PWz2NOVR+xHMKqd3PkwA22GmjUX9cRBeiW4Mv
uYd6Jaq2rM5OALksebUr81zONtKbBz5jV22LtfyF4nkv+4RkzefqyJZspEbXGN2M
ElDAkBHq3uQDeaGrzW4Xd+dlxnIJD2/KHGnCDv4YFOgX2X9dd80Txt3W51st8tgt
TzkNPpiNUT+Izruuo772oOgQdvtCEY/reRJJw0SAP2cu2oMD/poMkbbCJ3aBlv35
kR79MseJBigdgpzatF1MUtgpQT+Fm2T6lyszGaViEJ2rWAFBV7x7cX7nZke2vZb2
Nrt+/w1hwnsFG0TsGCTD6k7HF+gVkva+OMhNje396dsHhtQHWQmOQfOuVRDpqRfI
1ijvXGXomOCE9iXm/rDaEq2MsuyjB6QPaIGfD7oZun8seH0Cv+U1f7Hp7e7kn6Cf
0uIYHG2NRSkaUrdbDWfnms6X882JFm1LHe2GdoPo64nCrOs67xwfOn+78GaYFyRN
QBT78lyFv4SDlrwiawPKxeTFg6eAxrSXeqdJuuy4flPIUV4k613EeJ3lMMsdmrY3
YhL3IpIOCaeow6VZDNjP
=J1ug
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ