[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1NGxtQ-0007O7-UU@titan.mandriva.com>
Date: Sat, 05 Dec 2009 17:54:00 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2009:254-1 ] graphviz
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:254-1
http://www.mandriva.com/security/
_______________________________________________________________________
Package : graphviz
Date : December 5, 2009
Affected: 2008.0
_______________________________________________________________________
Problem Description:
A vulnerability was discovered and corrected in graphviz:
Stack-based buffer overflow in the push_subg function in parser.y
(lib/graph/parser.c) in Graphviz 2.20.2, and possibly earlier versions,
allows user-assisted remote attackers to cause a denial of service
(memory corruption) or execute arbitrary code via a DOT file with a
large number of Agraph_t elements (CVE-2008-4555).
This update provides a fix for this vulnerability.
Update:
Packages for 2008.0 are being provided due to extended support for
Corporate products.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4555
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
66513a7de994941334cb9978ef45b7d4 2008.0/i586/graphviz-2.12-6.1mdv2008.0.i586.rpm
15389ed7995925ff6259431515b243a2 2008.0/i586/graphviz-doc-2.12-6.1mdv2008.0.i586.rpm
b396a868cf088e657346e71b031f44e4 2008.0/i586/libgraphviz3-2.12-6.1mdv2008.0.i586.rpm
1425b473e0dedb8c932789d650e0c422 2008.0/i586/libgraphviz-devel-2.12-6.1mdv2008.0.i586.rpm
688e71bbf9e31c4dabcb949cf837d7db 2008.0/i586/libgraphvizlua0-2.12-6.1mdv2008.0.i586.rpm
4951fc7c6b55c6bd1d43ad155f8237de 2008.0/i586/libgraphvizperl0-2.12-6.1mdv2008.0.i586.rpm
05909fd4aab2819a71b34a6c2f3a3fc8 2008.0/i586/libgraphvizphp0-2.12-6.1mdv2008.0.i586.rpm
d4592f3bc8999d959b2ed6aa876dbc68 2008.0/i586/libgraphvizpython0-2.12-6.1mdv2008.0.i586.rpm
97c611b99148ce0dcde376848d934242 2008.0/i586/libgraphvizruby0-2.12-6.1mdv2008.0.i586.rpm
9c380373a067793f37f79d90bd0c3748 2008.0/i586/libgraphviz-static-devel-2.12-6.1mdv2008.0.i586.rpm
d83afe7a2cbbf72d495b231bdf6c64ab 2008.0/i586/libgraphviztcl0-2.12-6.1mdv2008.0.i586.rpm
fea4aca29cfaaceffc5f99ffd3e6e52e 2008.0/SRPMS/graphviz-2.12-6.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
e0cd3f43cd6022b37c65b32a44edcbec 2008.0/x86_64/graphviz-2.12-6.1mdv2008.0.x86_64.rpm
1c297b2eaadcd86a12ddbe010868be62 2008.0/x86_64/graphviz-doc-2.12-6.1mdv2008.0.x86_64.rpm
2d4f853e7e19d0b6adbe2daa91c0ae25 2008.0/x86_64/lib64graphviz3-2.12-6.1mdv2008.0.x86_64.rpm
50d617d1c796dd1a09c551b95246eb1f 2008.0/x86_64/lib64graphviz-devel-2.12-6.1mdv2008.0.x86_64.rpm
ef79a36bba2c3591dab7b6eb49ac7079 2008.0/x86_64/lib64graphvizlua0-2.12-6.1mdv2008.0.x86_64.rpm
7584dd077e94340d5fbb70a01d67e256 2008.0/x86_64/lib64graphvizperl0-2.12-6.1mdv2008.0.x86_64.rpm
37cc9f451193e4cf3160169890c43fa5 2008.0/x86_64/lib64graphvizphp0-2.12-6.1mdv2008.0.x86_64.rpm
d7c0a823e05da80dc2686d08573157b3 2008.0/x86_64/lib64graphvizpython0-2.12-6.1mdv2008.0.x86_64.rpm
b6c220c08353bc544a1f51d9dd722277 2008.0/x86_64/lib64graphvizruby0-2.12-6.1mdv2008.0.x86_64.rpm
ce066b8e7d6906cf5010b6f7ce795246 2008.0/x86_64/lib64graphviz-static-devel-2.12-6.1mdv2008.0.x86_64.rpm
7f13f94606b95405faca672feea36f16 2008.0/x86_64/lib64graphviztcl0-2.12-6.1mdv2008.0.x86_64.rpm
fea4aca29cfaaceffc5f99ffd3e6e52e 2008.0/SRPMS/graphviz-2.12-6.1mdv2008.0.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFLGmTmmqjQ0CJFipgRAvUIAKCUvzm24mw9PvCsXoDnW5mfvqpBOgCfYpQD
52KII6WS0xXBcNmzCerF8Vo=
=MDeI
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists