Login
Login-Name Passwort


 
Newsletter
Werbung

Sicherheit: Pufferüberlauf in Graphviz
Aktuelle Meldungen Distributionen
Name: Pufferüberlauf in Graphviz
ID: MDVSA-2015:187
Distribution: Mandriva
Plattformen: Mandriva Business Server 2.0
Datum: Do, 2. April 2015, 09:41
Referenzen: http://advisories.mageia.org/MGASA-2014-0520.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9157

Originalnachricht

This is a multi-part message in MIME format...

------------=_1427959827-10938-0

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:187
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : graphviz
Date : April 1, 2015
Affected: Business Server 2.0
_______________________________________________________________________

Problem Description:

Updated graphviz packages fix security vulnerability:

Format string vulnerability in the yyerror function in
lib/cgraph/scan.l in Graphviz allows remote attackers to have
unspecified impact via format string specifiers in unknown vector,
which are not properly handled in an error string (CVE-2014-9157).

Additionally the gtkglarea2 and gtkglext packages were missing and
was required for graphviz to build, these packages are also being
provided with this advisory.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9157
http://advisories.mageia.org/MGASA-2014-0520.html
_______________________________________________________________________

Updated Packages:

Mandriva Business Server 2/X86_64:
9bafda1801998f26c9de8715a5b4f229
mbs2/x86_64/graphviz-2.34.0-7.1.mbs2.x86_64.rpm
69d0e786218156bda6ce3ae386ce7ece
mbs2/x86_64/java-graphviz-2.34.0-7.1.mbs2.x86_64.rpm
970a121e1ad3396d744b729ccf0ae80c
mbs2/x86_64/lib64cdt5-2.34.0-7.1.mbs2.x86_64.rpm
2defc0a9c1b055d4c8aeddbb30d29212
mbs2/x86_64/lib64cgraph6-2.34.0-7.1.mbs2.x86_64.rpm
517a130b8db8d596acc58c67889bbb2a
mbs2/x86_64/lib64graphviz-devel-2.34.0-7.1.mbs2.x86_64.rpm
b622bf72651687ff76529d5c79416057
mbs2/x86_64/lib64gtkgl2.0_1-2.0.1-6.mbs2.x86_64.rpm
e697fb1ccf65f78abed726a76baa8bd3
mbs2/x86_64/lib64gtkgl-devel-2.0.1-6.mbs2.x86_64.rpm
3c736ee01ead6eca0ee34dd4144c5bcb
mbs2/x86_64/lib64gtkglext-1.0_0-1.2.0-17.mbs2.x86_64.rpm
ad99471421e44c95c0e88520eabf6368
mbs2/x86_64/lib64gtkglext-devel-1.2.0-17.mbs2.x86_64.rpm
2a6b3ed54c0bbf4ce7657a7295baf5af
mbs2/x86_64/lib64gvc6-2.34.0-7.1.mbs2.x86_64.rpm
affcfec0d5c47c4d7f40b6433afb9e3a
mbs2/x86_64/lib64gvpr2-2.34.0-7.1.mbs2.x86_64.rpm
b3d9803dc5be936b4977fcd07fd8c286
mbs2/x86_64/lib64pathplan4-2.34.0-7.1.mbs2.x86_64.rpm
281a1f3ecbcc2936040a964884a022a9
mbs2/x86_64/lib64xdot4-2.34.0-7.1.mbs2.x86_64.rpm
ce23e49e1b648587fe6b7ea091b1dce8
mbs2/x86_64/lua-graphviz-2.34.0-7.1.mbs2.x86_64.rpm
ada3a4bc05689b2e99ffedb93adf3376
mbs2/x86_64/ocaml-graphviz-2.34.0-7.1.mbs2.x86_64.rpm
a53d3cefebcaaccd64733ecd44b5acc7
mbs2/x86_64/perl-graphviz-2.34.0-7.1.mbs2.x86_64.rpm
acfac83dc5cfe4e6dd36d8d93833424e
mbs2/x86_64/php-graphviz-2.34.0-7.1.mbs2.x86_64.rpm
908183bccda9074dd050d2db15ec3aea
mbs2/x86_64/python-graphviz-2.34.0-7.1.mbs2.x86_64.rpm
5310a33b0b1366631f627314264eee6a
mbs2/x86_64/ruby-graphviz-2.34.0-7.1.mbs2.x86_64.rpm
ed47d6081c39dfa6ca44aabb09c6b44e
mbs2/x86_64/tcl-graphviz-2.34.0-7.1.mbs2.x86_64.rpm
6c1cbbd3de624c944dc68d353d9eda8d mbs2/SRPMS/graphviz-2.34.0-7.1.mbs2.src.rpm
c59bd68ec8a4cbc245c931cc066f2b08 mbs2/SRPMS/gtkglarea2-2.0.1-6.mbs2.src.rpm
493dd7182d4bfc70d0844ecd5fdd8cfc mbs2/SRPMS/gtkglext-1.2.0-17.mbs2.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFVHOFhmqjQ0CJFipgRAp3wAKC/nwsWD2XGCGzHzr43aX2s2WtZXgCfUYv1
tJI66Kv6DodNHXOLJHD0Iag=
=x1Q3
-----END PGP SIGNATURE-----


------------=_1427959827-10938-0
Content-Type: text/plain; charset="UTF-8";
name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://store.mandriva.com
_______________________________________________________


------------=_1427959827-10938-0--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung