Login
Newsletter
Werbung
Sicherheit: Pufferüberlauf in Graphviz
Aktuelle Meldungen Distributionen
Name: Pufferüberlauf in Graphviz
ID: MDVSA-2014:248
Distribution: Mandriva
Plattformen: Mandriva Business Server 1.0
Datum: Di, 16. Dezember 2014, 17:49
Referenzen: http://advisories.mageia.org/MGASA-2014-0520.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9157
Applikationen: Graphviz

Originalnachricht

 
This is a multi-part message in MIME format...

------------=_1418585588-5600-9

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2014:248
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : graphviz
 Date    : December 14, 2014
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated graphviz packages fix security vulnerability:
 
 Format string vulnerability in the yyerror function in
 lib/cgraph/scan.l in Graphviz allows remote attackers to have
 unspecified impact via format string specifiers in unknown vector,
 which are not properly handled in an error string (CVE-2014-9157).
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9157
 http://advisories.mageia.org/MGASA-2014-0520.html
 _______________________________________________________________________

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 3914f2ea0cc964221c07b6b27246fad0 
 mbs1/x86_64/graphviz-2.28.0-6.2.mbs1.x86_64.rpm
 5853ee99ae3bd2ae77a39ee5fc2b3aec 
 mbs1/x86_64/graphviz-doc-2.28.0-6.2.mbs1.noarch.rpm
 3e546dc38c33ea1fc6fb88cfdda74421 
 mbs1/x86_64/java-graphviz-2.28.0-6.2.mbs1.x86_64.rpm
 865e9476539dd9aaf8d6dfc9ee21458a 
 mbs1/x86_64/lib64cdt5-2.28.0-6.2.mbs1.x86_64.rpm
 b0c036687d1ce1e5e097a04811fe86b1 
 mbs1/x86_64/lib64cgraph6-2.28.0-6.2.mbs1.x86_64.rpm
 a206f4a2af9a68e39e0fd878b0cd15d0 
 mbs1/x86_64/lib64graph5-2.28.0-6.2.mbs1.x86_64.rpm
 63f512422c8364f59b21b6b3f8699a06 
 mbs1/x86_64/lib64graphviz-devel-2.28.0-6.2.mbs1.x86_64.rpm
 99d0ef333690abdb5b315c1a08bd9859 
 mbs1/x86_64/lib64graphviz-static-devel-2.28.0-6.2.mbs1.x86_64.rpm
 ae0e7e1a9553301f5ca95823e94c33f8 
 mbs1/x86_64/lib64gvc6-2.28.0-6.2.mbs1.x86_64.rpm
 8a7b1e6cf323707b4c33c1658c1a29de 
 mbs1/x86_64/lib64gvpr2-2.28.0-6.2.mbs1.x86_64.rpm
 696ba1406e68c5b3de15749e4f0e782b 
 mbs1/x86_64/lib64pathplan4-2.28.0-6.2.mbs1.x86_64.rpm
 c68073de72515035ac978922ec8fa873 
 mbs1/x86_64/lib64xdot4-2.28.0-6.2.mbs1.x86_64.rpm
 27338fd7e937793c97fb02fdd76828fc 
 mbs1/x86_64/lua-graphviz-2.28.0-6.2.mbs1.x86_64.rpm
 265496551e62b78ffc7bb762b75c3ea2 
 mbs1/x86_64/ocaml-graphviz-2.28.0-6.2.mbs1.x86_64.rpm
 3c76c71d55bae5c89fde5e8cdd5871ae 
 mbs1/x86_64/perl-graphviz-2.28.0-6.2.mbs1.x86_64.rpm
 ad084e55bdfa51c4ad3e83853fa155e6 
 mbs1/x86_64/php-graphviz-2.28.0-6.2.mbs1.x86_64.rpm
 27dee6a16934bcf15f78d20ebaa93607 
 mbs1/x86_64/python-graphviz-2.28.0-6.2.mbs1.x86_64.rpm
 ae7e2f8ba356f47776705930554a96ba 
 mbs1/x86_64/ruby-graphviz-2.28.0-6.2.mbs1.x86_64.rpm
 f0a96b284ef58704ce38ea485f2efae7 
 mbs1/x86_64/tcl-graphviz-2.28.0-6.2.mbs1.x86_64.rpm 
 34624e4bc4febcf4a08933e1a29a097c  mbs1/SRPMS/graphviz-2.28.0-6.2.mbs1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFUjddumqjQ0CJFipgRAiVYAJ4sWiM8q/sTVXAdPzadDfIQKPx5BwCg5y2D
wmueGlkke8nwFiDHQWCewvw=
=4Qhs
-----END PGP SIGNATURE-----


------------=_1418585588-5600-9
Content-Type: text/plain; charset="UTF-8";
 name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva? 
Go to http://store.mandriva.com
_______________________________________________________


------------=_1418585588-5600-9--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung