lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1MtQLo-000390-PL@titan.mandriva.com>
Date: Thu, 01 Oct 2009 20:26:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2009:254 ] graphviz


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:254
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : graphviz
 Date    : October 1, 2009
 Affected: 2008.1, 2009.0, Corporate 4.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability was discovered and corrected in graphviz:
 
 Stack-based buffer overflow in the push_subg function in parser.y
 (lib/graph/parser.c) in Graphviz 2.20.2, and possibly earlier versions,
 allows user-assisted remote attackers to cause a denial of service
 (memory corruption) or execute arbitrary code via a DOT file with a
 large number of Agraph_t elements (CVE-2008-4555).
 
 This update provides a fix for this vulnerability.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4555
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.1:
 438c0a99edd76117c5f8f414483ba2cf  2008.1/i586/graphviz-2.16.1-3.2mdv2008.1.i586.rpm
 dfb121bb5029b7e9d7a4695bf76a1413  2008.1/i586/graphviz-doc-2.16.1-3.2mdv2008.1.i586.rpm
 549ac8639eb441968824a737825bbbfd  2008.1/i586/libgraphviz4-2.16.1-3.2mdv2008.1.i586.rpm
 055b0a9ea5a6d9c2bb52cdd24736466c  2008.1/i586/libgraphviz-devel-2.16.1-3.2mdv2008.1.i586.rpm
 0a4d296f3280eed23ee466df6e491068  2008.1/i586/libgraphvizlua0-2.16.1-3.2mdv2008.1.i586.rpm
 969e8bcb8e2fd7dbd0dc18e1bba81a12  2008.1/i586/libgraphvizocaml0-2.16.1-3.2mdv2008.1.i586.rpm
 1502294cefc214c5303d62f08f3dd79e  2008.1/i586/libgraphvizperl0-2.16.1-3.2mdv2008.1.i586.rpm
 3512049a131159102e2bc613496c189f  2008.1/i586/libgraphvizphp0-2.16.1-3.2mdv2008.1.i586.rpm
 f1dd75279c2deddec3bac08f787148a6  2008.1/i586/libgraphvizpython0-2.16.1-3.2mdv2008.1.i586.rpm
 e4cc9bfd988204f3cda765d9b2b5f6b4  2008.1/i586/libgraphvizr0-2.16.1-3.2mdv2008.1.i586.rpm
 07b0369439dfbfdf13e1f81333053330  2008.1/i586/libgraphvizruby0-2.16.1-3.2mdv2008.1.i586.rpm
 b2da0ab31141bac72991913b2ba5af11  2008.1/i586/libgraphviz-static-devel-2.16.1-3.2mdv2008.1.i586.rpm
 17c5d030e390edeaa499afb227c2a918  2008.1/i586/libgraphviztcl0-2.16.1-3.2mdv2008.1.i586.rpm 
 e1ec78ea74f83f3a76bf3a2840634612  2008.1/SRPMS/graphviz-2.16.1-3.2mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 1d03179cba939f845767e5c53f55a3ac  2008.1/x86_64/graphviz-2.16.1-3.2mdv2008.1.x86_64.rpm
 7f909c2527993dfc6fb52a99ba7d40bf  2008.1/x86_64/graphviz-doc-2.16.1-3.2mdv2008.1.x86_64.rpm
 3a7a535f08e5d452c00615970ef681f4  2008.1/x86_64/lib64graphviz4-2.16.1-3.2mdv2008.1.x86_64.rpm
 1031c334336b37483bd78743ac996d31  2008.1/x86_64/lib64graphviz-devel-2.16.1-3.2mdv2008.1.x86_64.rpm
 aeb9e97aef30819f6900ad0ac36ff7ba  2008.1/x86_64/lib64graphvizlua0-2.16.1-3.2mdv2008.1.x86_64.rpm
 52a9857f11e80c8003e41c6e5a38327e  2008.1/x86_64/lib64graphvizocaml0-2.16.1-3.2mdv2008.1.x86_64.rpm
 a9c4f5f562e98bd643650a3c47405c5a  2008.1/x86_64/lib64graphvizperl0-2.16.1-3.2mdv2008.1.x86_64.rpm
 0085b4658e8a92da42d40fcd06bce41f  2008.1/x86_64/lib64graphvizphp0-2.16.1-3.2mdv2008.1.x86_64.rpm
 cb6596d38d763038ba3b6fd1b8f988d5  2008.1/x86_64/lib64graphvizpython0-2.16.1-3.2mdv2008.1.x86_64.rpm
 c50a7ea57991f13a11fb193d90bd1dad  2008.1/x86_64/lib64graphvizr0-2.16.1-3.2mdv2008.1.x86_64.rpm
 448f2265d11265818ad703724c0b5c77  2008.1/x86_64/lib64graphvizruby0-2.16.1-3.2mdv2008.1.x86_64.rpm
 b03474eba03405827cca9ab99a77f517  2008.1/x86_64/lib64graphviz-static-devel-2.16.1-3.2mdv2008.1.x86_64.rpm
 ac8c9dacf5f7d8262de0e7d9a803a38a  2008.1/x86_64/lib64graphviztcl0-2.16.1-3.2mdv2008.1.x86_64.rpm 
 e1ec78ea74f83f3a76bf3a2840634612  2008.1/SRPMS/graphviz-2.16.1-3.2mdv2008.1.src.rpm

 Mandriva Linux 2009.0:
 cd40ad7b987be4017fc17321ef2d9db3  2009.0/i586/graphviz-2.20.2-3.1mdv2009.0.i586.rpm
 16f9bf10cf8fc2703fa9c545501a60f3  2009.0/i586/graphviz-doc-2.20.2-3.1mdv2009.0.i586.rpm
 bbd99a51776c7635cc2fb1e6504ab660  2009.0/i586/libgraphviz4-2.20.2-3.1mdv2009.0.i586.rpm
 4c51fd7007ad75990da2326a9be1f79b  2009.0/i586/libgraphviz-devel-2.20.2-3.1mdv2009.0.i586.rpm
 1ced8591094aa6383aace1dc597c1b31  2009.0/i586/libgraphvizlua0-2.20.2-3.1mdv2009.0.i586.rpm
 58c7888f5b8f6753fe8b9ecd2e96263c  2009.0/i586/libgraphvizocaml0-2.20.2-3.1mdv2009.0.i586.rpm
 04e0d0f072c05a00c88d58ad773ae71f  2009.0/i586/libgraphvizperl0-2.20.2-3.1mdv2009.0.i586.rpm
 fd140078c0bd81fb7a91840626e6d73b  2009.0/i586/libgraphvizphp0-2.20.2-3.1mdv2009.0.i586.rpm
 846a760fa83a380d433efec24e5029a3  2009.0/i586/libgraphvizpython0-2.20.2-3.1mdv2009.0.i586.rpm
 0f700d07ec8319159a1547817774bce8  2009.0/i586/libgraphvizr0-2.20.2-3.1mdv2009.0.i586.rpm
 a00118be4bd5394a3bcf31a50032d7a3  2009.0/i586/libgraphvizruby0-2.20.2-3.1mdv2009.0.i586.rpm
 3a47386cf382a64de356a16bd0a3b7fb  2009.0/i586/libgraphviz-static-devel-2.20.2-3.1mdv2009.0.i586.rpm
 d24a69b5d1960562e621c4618f98e072  2009.0/i586/libgraphviztcl0-2.20.2-3.1mdv2009.0.i586.rpm 
 24fccd7d4adb0a5625e71bc5437355aa  2009.0/SRPMS/graphviz-2.20.2-3.1mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 b430e14520a0f51eb0a95b5e33701741  2009.0/x86_64/graphviz-2.20.2-3.1mdv2009.0.x86_64.rpm
 341a88027fdc05164c91afc9bbc457c2  2009.0/x86_64/graphviz-doc-2.20.2-3.1mdv2009.0.x86_64.rpm
 4e27716eb9de736e0bec24b4531bcd15  2009.0/x86_64/lib64graphviz4-2.20.2-3.1mdv2009.0.x86_64.rpm
 3b4e1362f89ca92e6f33a5967c8f56e3  2009.0/x86_64/lib64graphviz-devel-2.20.2-3.1mdv2009.0.x86_64.rpm
 a809b129e4d25356c43fa0149cdab5f7  2009.0/x86_64/lib64graphvizlua0-2.20.2-3.1mdv2009.0.x86_64.rpm
 eeb3736d03ab2c010d1475383c3bdb45  2009.0/x86_64/lib64graphvizocaml0-2.20.2-3.1mdv2009.0.x86_64.rpm
 65a02975aec2bdd4e7a7a15348fbb91b  2009.0/x86_64/lib64graphvizperl0-2.20.2-3.1mdv2009.0.x86_64.rpm
 ae97101a210b04b42bdd6528ed9f3ccc  2009.0/x86_64/lib64graphvizphp0-2.20.2-3.1mdv2009.0.x86_64.rpm
 cb6690c8c20d614a4efc95b4938bcc1d  2009.0/x86_64/lib64graphvizpython0-2.20.2-3.1mdv2009.0.x86_64.rpm
 60fd79709c361adc99a994046183e808  2009.0/x86_64/lib64graphvizr0-2.20.2-3.1mdv2009.0.x86_64.rpm
 17d52b449c8cb552b07d9ec8b7546dab  2009.0/x86_64/lib64graphvizruby0-2.20.2-3.1mdv2009.0.x86_64.rpm
 2107cfc119bf716592cde2d9ccb5a278  2009.0/x86_64/lib64graphviz-static-devel-2.20.2-3.1mdv2009.0.x86_64.rpm
 22d50187ae34b3fe4fc6e5a56e03cf6e  2009.0/x86_64/lib64graphviztcl0-2.20.2-3.1mdv2009.0.x86_64.rpm 
 24fccd7d4adb0a5625e71bc5437355aa  2009.0/SRPMS/graphviz-2.20.2-3.1mdv2009.0.src.rpm

 Corporate 4.0:
 220a090c70ece0be9301c7fbba8eeafb  corporate/4.0/i586/graphviz-2.2.1-3.2.20060mdk.i586.rpm
 0306b02d2da0dcf568eda62d161c05a3  corporate/4.0/i586/libgraphviz7-2.2.1-3.2.20060mdk.i586.rpm
 2a81ab84c226d920922b83e0008c0639  corporate/4.0/i586/libgraphviz7-devel-2.2.1-3.2.20060mdk.i586.rpm
 28a0cc74c0741472ad13972e7e37b0fb  corporate/4.0/i586/libgraphviztcl7-2.2.1-3.2.20060mdk.i586.rpm
 8da2d3fa3550dfedcbdf0a9eca17ce23  corporate/4.0/i586/libgraphviztcl7-devel-2.2.1-3.2.20060mdk.i586.rpm 
 b6944d7913771bce2e3e8c2fb7175747  corporate/4.0/SRPMS/graphviz-2.2.1-3.2.20060mdk.src.rpm

 Corporate 4.0/X86_64:
 9b8bb3fc39eb7c4019d93adabb9f32b7  corporate/4.0/x86_64/graphviz-2.2.1-3.2.20060mdk.x86_64.rpm
 b4217c99d65439f37ce74bb396379d26  corporate/4.0/x86_64/lib64graphviz7-2.2.1-3.2.20060mdk.x86_64.rpm
 cc3677da3e06a39066d940e69f71169a  corporate/4.0/x86_64/lib64graphviz7-devel-2.2.1-3.2.20060mdk.x86_64.rpm
 a20c4bc6c864d1ec2f2e1df0c0c6bb52  corporate/4.0/x86_64/lib64graphviztcl7-2.2.1-3.2.20060mdk.x86_64.rpm
 98f1e52d3b1cc53f18bb50b2d026f177  corporate/4.0/x86_64/lib64graphviztcl7-devel-2.2.1-3.2.20060mdk.x86_64.rpm 
 b6944d7913771bce2e3e8c2fb7175747  corporate/4.0/SRPMS/graphviz-2.2.1-3.2.20060mdk.src.rpm

 Mandriva Enterprise Server 5:
 62ee712cf5d3db3cdc3d89cbaea5a8ef  mes5/i586/graphviz-2.20.2-3.1mdvmes5.i586.rpm
 cc53ce2980bbc9230c47e9f577dc96e6  mes5/i586/graphviz-doc-2.20.2-3.1mdvmes5.i586.rpm
 9c3280147b3ed5269eb8f3639b3797ac  mes5/i586/libgraphviz4-2.20.2-3.1mdvmes5.i586.rpm
 4d76154866151b9e1c9950bd9e696079  mes5/i586/libgraphviz-devel-2.20.2-3.1mdvmes5.i586.rpm
 290871c8685f212d550630883d21a3c1  mes5/i586/libgraphvizlua0-2.20.2-3.1mdvmes5.i586.rpm
 75da3b25645fd179cd1b09c7f7f5b1a6  mes5/i586/libgraphvizocaml0-2.20.2-3.1mdvmes5.i586.rpm
 c7fa737414c85c02f1b1773bd9251123  mes5/i586/libgraphvizperl0-2.20.2-3.1mdvmes5.i586.rpm
 5f6e94e5805938ae3db0a0f40352bbc8  mes5/i586/libgraphvizphp0-2.20.2-3.1mdvmes5.i586.rpm
 70bcd1a23e310ec99243f01fbd961580  mes5/i586/libgraphvizpython0-2.20.2-3.1mdvmes5.i586.rpm
 bd47754ee30d40320747d3f49e0e7379  mes5/i586/libgraphvizr0-2.20.2-3.1mdvmes5.i586.rpm
 0c958b24c47c0490dcef2f02f14b9dfc  mes5/i586/libgraphvizruby0-2.20.2-3.1mdvmes5.i586.rpm
 8d7fc25bbe7bae9b6f3a30e804e194ca  mes5/i586/libgraphviz-static-devel-2.20.2-3.1mdvmes5.i586.rpm
 504ba285c05399aed39bfd3e073efef3  mes5/i586/libgraphviztcl0-2.20.2-3.1mdvmes5.i586.rpm 
 deab8d3cf3d3385681981ddcae6f27f5  mes5/SRPMS/graphviz-2.20.2-3.1mdvmes5.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 52e6de0a8fed5ea15100f9db0fa89165  mes5/x86_64/graphviz-2.20.2-3.1mdvmes5.x86_64.rpm
 a41a1b7184b99e6cf39cbe4c472869d3  mes5/x86_64/graphviz-doc-2.20.2-3.1mdvmes5.x86_64.rpm
 20aec37af8e1e0ed35252c0946146bb4  mes5/x86_64/lib64graphviz4-2.20.2-3.1mdvmes5.x86_64.rpm
 f64c7fbba5f6013bf85d7fc0cbe08b8e  mes5/x86_64/lib64graphviz-devel-2.20.2-3.1mdvmes5.x86_64.rpm
 9231a34114cd21170548ad956dbceac8  mes5/x86_64/lib64graphvizlua0-2.20.2-3.1mdvmes5.x86_64.rpm
 35decda2e828878b50e89412abec4452  mes5/x86_64/lib64graphvizocaml0-2.20.2-3.1mdvmes5.x86_64.rpm
 cc55ea4aeebbb1407c0545396c13e690  mes5/x86_64/lib64graphvizperl0-2.20.2-3.1mdvmes5.x86_64.rpm
 b44aaa3e7b0815a977c1ec2baab022fe  mes5/x86_64/lib64graphvizphp0-2.20.2-3.1mdvmes5.x86_64.rpm
 b5b201cafa894a5cfcd52591d69f5a5e  mes5/x86_64/lib64graphvizpython0-2.20.2-3.1mdvmes5.x86_64.rpm
 ae7c9ddf53031238aad61102d988d0c0  mes5/x86_64/lib64graphvizr0-2.20.2-3.1mdvmes5.x86_64.rpm
 14ee645f24b5a73245bb956b225731ec  mes5/x86_64/lib64graphvizruby0-2.20.2-3.1mdvmes5.x86_64.rpm
 2c9bc7399ef37e5ea4166a43bb595ffe  mes5/x86_64/lib64graphviz-static-devel-2.20.2-3.1mdvmes5.x86_64.rpm
 b238a236ff9db01dca40e37e87c30304  mes5/x86_64/lib64graphviztcl0-2.20.2-3.1mdvmes5.x86_64.rpm 
 deab8d3cf3d3385681981ddcae6f27f5  mes5/SRPMS/graphviz-2.20.2-3.1mdvmes5.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFKxMaAmqjQ0CJFipgRAuQlAJoDTqDq5rg6FU+iVE7+f+dbzyAzFACeLU5Z
bKt0b1Yn9jvoKvPVqNAjk28=
=i+6O
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ