lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1NGxtQ-0007O7-UU@titan.mandriva.com>
Date: Sat, 05 Dec 2009 17:54:00 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2009:254-1 ] graphviz


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                       MDVSA-2009:254-1
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : graphviz
 Date    : December 5, 2009
 Affected: 2008.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability was discovered and corrected in graphviz:
 
 Stack-based buffer overflow in the push_subg function in parser.y
 (lib/graph/parser.c) in Graphviz 2.20.2, and possibly earlier versions,
 allows user-assisted remote attackers to cause a denial of service
 (memory corruption) or execute arbitrary code via a DOT file with a
 large number of Agraph_t elements (CVE-2008-4555).
 
 This update provides a fix for this vulnerability.

 Update:

 Packages for 2008.0 are being provided due to extended support for
 Corporate products.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4555
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.0:
 66513a7de994941334cb9978ef45b7d4  2008.0/i586/graphviz-2.12-6.1mdv2008.0.i586.rpm
 15389ed7995925ff6259431515b243a2  2008.0/i586/graphviz-doc-2.12-6.1mdv2008.0.i586.rpm
 b396a868cf088e657346e71b031f44e4  2008.0/i586/libgraphviz3-2.12-6.1mdv2008.0.i586.rpm
 1425b473e0dedb8c932789d650e0c422  2008.0/i586/libgraphviz-devel-2.12-6.1mdv2008.0.i586.rpm
 688e71bbf9e31c4dabcb949cf837d7db  2008.0/i586/libgraphvizlua0-2.12-6.1mdv2008.0.i586.rpm
 4951fc7c6b55c6bd1d43ad155f8237de  2008.0/i586/libgraphvizperl0-2.12-6.1mdv2008.0.i586.rpm
 05909fd4aab2819a71b34a6c2f3a3fc8  2008.0/i586/libgraphvizphp0-2.12-6.1mdv2008.0.i586.rpm
 d4592f3bc8999d959b2ed6aa876dbc68  2008.0/i586/libgraphvizpython0-2.12-6.1mdv2008.0.i586.rpm
 97c611b99148ce0dcde376848d934242  2008.0/i586/libgraphvizruby0-2.12-6.1mdv2008.0.i586.rpm
 9c380373a067793f37f79d90bd0c3748  2008.0/i586/libgraphviz-static-devel-2.12-6.1mdv2008.0.i586.rpm
 d83afe7a2cbbf72d495b231bdf6c64ab  2008.0/i586/libgraphviztcl0-2.12-6.1mdv2008.0.i586.rpm 
 fea4aca29cfaaceffc5f99ffd3e6e52e  2008.0/SRPMS/graphviz-2.12-6.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 e0cd3f43cd6022b37c65b32a44edcbec  2008.0/x86_64/graphviz-2.12-6.1mdv2008.0.x86_64.rpm
 1c297b2eaadcd86a12ddbe010868be62  2008.0/x86_64/graphviz-doc-2.12-6.1mdv2008.0.x86_64.rpm
 2d4f853e7e19d0b6adbe2daa91c0ae25  2008.0/x86_64/lib64graphviz3-2.12-6.1mdv2008.0.x86_64.rpm
 50d617d1c796dd1a09c551b95246eb1f  2008.0/x86_64/lib64graphviz-devel-2.12-6.1mdv2008.0.x86_64.rpm
 ef79a36bba2c3591dab7b6eb49ac7079  2008.0/x86_64/lib64graphvizlua0-2.12-6.1mdv2008.0.x86_64.rpm
 7584dd077e94340d5fbb70a01d67e256  2008.0/x86_64/lib64graphvizperl0-2.12-6.1mdv2008.0.x86_64.rpm
 37cc9f451193e4cf3160169890c43fa5  2008.0/x86_64/lib64graphvizphp0-2.12-6.1mdv2008.0.x86_64.rpm
 d7c0a823e05da80dc2686d08573157b3  2008.0/x86_64/lib64graphvizpython0-2.12-6.1mdv2008.0.x86_64.rpm
 b6c220c08353bc544a1f51d9dd722277  2008.0/x86_64/lib64graphvizruby0-2.12-6.1mdv2008.0.x86_64.rpm
 ce066b8e7d6906cf5010b6f7ce795246  2008.0/x86_64/lib64graphviz-static-devel-2.12-6.1mdv2008.0.x86_64.rpm
 7f13f94606b95405faca672feea36f16  2008.0/x86_64/lib64graphviztcl0-2.12-6.1mdv2008.0.x86_64.rpm 
 fea4aca29cfaaceffc5f99ffd3e6e52e  2008.0/SRPMS/graphviz-2.12-6.1mdv2008.0.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFLGmTmmqjQ0CJFipgRAvUIAKCUvzm24mw9PvCsXoDnW5mfvqpBOgCfYpQD
52KII6WS0xXBcNmzCerF8Vo=
=MDeI
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ