Login
Newsletter
Werbung

Sicherheit: Pufferüberlauf in graphviz
Aktuelle Meldungen Distributionen
Name: Pufferüberlauf in graphviz
ID: MDVSA-2009:254-1
Distribution: Mandriva
Plattformen: Mandriva 2008.0
Datum: Sa, 5. Dezember 2009, 17:57
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4555
Applikationen: Graphviz

Originalnachricht

This is a multi-part message in MIME format...

------------=_1260032250-24326-1666


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2009:254-1
http://www.mandriva.com/security/
_______________________________________________________________________

Package : graphviz
Date : December 5, 2009
Affected: 2008.0
_______________________________________________________________________

Problem Description:

A vulnerability was discovered and corrected in graphviz:

Stack-based buffer overflow in the push_subg function in parser.y
(lib/graph/parser.c) in Graphviz 2.20.2, and possibly earlier versions,
allows user-assisted remote attackers to cause a denial of service
(memory corruption) or execute arbitrary code via a DOT file with a
large number of Agraph_t elements (CVE-2008-4555).

This update provides a fix for this vulnerability.

Update:

Packages for 2008.0 are being provided due to extended support for
Corporate products.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4555
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2008.0:
66513a7de994941334cb9978ef45b7d4
2008.0/i586/graphviz-2.12-6.1mdv2008.0.i586.rpm
15389ed7995925ff6259431515b243a2
2008.0/i586/graphviz-doc-2.12-6.1mdv2008.0.i586.rpm
b396a868cf088e657346e71b031f44e4
2008.0/i586/libgraphviz3-2.12-6.1mdv2008.0.i586.rpm
1425b473e0dedb8c932789d650e0c422
2008.0/i586/libgraphviz-devel-2.12-6.1mdv2008.0.i586.rpm
688e71bbf9e31c4dabcb949cf837d7db
2008.0/i586/libgraphvizlua0-2.12-6.1mdv2008.0.i586.rpm
4951fc7c6b55c6bd1d43ad155f8237de
2008.0/i586/libgraphvizperl0-2.12-6.1mdv2008.0.i586.rpm
05909fd4aab2819a71b34a6c2f3a3fc8
2008.0/i586/libgraphvizphp0-2.12-6.1mdv2008.0.i586.rpm
d4592f3bc8999d959b2ed6aa876dbc68
2008.0/i586/libgraphvizpython0-2.12-6.1mdv2008.0.i586.rpm
97c611b99148ce0dcde376848d934242
2008.0/i586/libgraphvizruby0-2.12-6.1mdv2008.0.i586.rpm
9c380373a067793f37f79d90bd0c3748
2008.0/i586/libgraphviz-static-devel-2.12-6.1mdv2008.0.i586.rpm
d83afe7a2cbbf72d495b231bdf6c64ab
2008.0/i586/libgraphviztcl0-2.12-6.1mdv2008.0.i586.rpm
fea4aca29cfaaceffc5f99ffd3e6e52e
2008.0/SRPMS/graphviz-2.12-6.1mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
e0cd3f43cd6022b37c65b32a44edcbec
2008.0/x86_64/graphviz-2.12-6.1mdv2008.0.x86_64.rpm
1c297b2eaadcd86a12ddbe010868be62
2008.0/x86_64/graphviz-doc-2.12-6.1mdv2008.0.x86_64.rpm
2d4f853e7e19d0b6adbe2daa91c0ae25
2008.0/x86_64/lib64graphviz3-2.12-6.1mdv2008.0.x86_64.rpm
50d617d1c796dd1a09c551b95246eb1f
2008.0/x86_64/lib64graphviz-devel-2.12-6.1mdv2008.0.x86_64.rpm
ef79a36bba2c3591dab7b6eb49ac7079
2008.0/x86_64/lib64graphvizlua0-2.12-6.1mdv2008.0.x86_64.rpm
7584dd077e94340d5fbb70a01d67e256
2008.0/x86_64/lib64graphvizperl0-2.12-6.1mdv2008.0.x86_64.rpm
37cc9f451193e4cf3160169890c43fa5
2008.0/x86_64/lib64graphvizphp0-2.12-6.1mdv2008.0.x86_64.rpm
d7c0a823e05da80dc2686d08573157b3
2008.0/x86_64/lib64graphvizpython0-2.12-6.1mdv2008.0.x86_64.rpm
b6c220c08353bc544a1f51d9dd722277
2008.0/x86_64/lib64graphvizruby0-2.12-6.1mdv2008.0.x86_64.rpm
ce066b8e7d6906cf5010b6f7ce795246
2008.0/x86_64/lib64graphviz-static-devel-2.12-6.1mdv2008.0.x86_64.rpm
7f13f94606b95405faca672feea36f16
2008.0/x86_64/lib64graphviztcl0-2.12-6.1mdv2008.0.x86_64.rpm
fea4aca29cfaaceffc5f99ffd3e6e52e
2008.0/SRPMS/graphviz-2.12-6.1mdv2008.0.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFLGmTmmqjQ0CJFipgRAvUIAKCUvzm24mw9PvCsXoDnW5mfvqpBOgCfYpQD
52KII6WS0xXBcNmzCerF8Vo=
=MDeI
-----END PGP SIGNATURE-----


------------=_1260032250-24326-1666
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1260032250-24326-1666--
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung