drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Denial of Service in Graphviz
Name: |
Denial of Service in Graphviz |
|
ID: |
USN-6708-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 16.04 LTS (Available with Ubuntu Pro), Ubuntu 14.04 LTS (Available with Ubuntu Pro), Ubuntu 22.04 LTS (Available with Ubuntu Pro), Ubuntu 20.04 LTS (Available with Ubuntu Pro), Ubuntu 18.04 LTS (Available with Ubuntu Pro) |
|
Datum: |
Fr, 22. März 2024, 18:54 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46045
https://ubuntu.com/security/notices/USN-6708-1 |
|
Applikationen: |
Graphviz |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============3743123589201587962== Content-Language: en-US Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------ZwTnPIc2o0ZX2WM9yqvXA4Ex"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------ZwTnPIc2o0ZX2WM9yqvXA4Ex Content-Type: multipart/mixed; boundary="------------MgsElOibcHiVC4HTyCbo3ZSS"; protected-headers="v1" From: Chrisa Oikonomou <chrisa.oikonomou@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <992e5d15-b386-436f-86e6-8cae8da05847@canonical.com> Subject: [USN-6708-1] Graphviz vulnerability
--------------MgsElOibcHiVC4HTyCbo3ZSS Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64
========================================================================== Ubuntu Security Notice USN-6708-1 March 21, 2024
graphviz vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS (Available with Ubuntu Pro) - Ubuntu 20.04 LTS (Available with Ubuntu Pro) - Ubuntu 18.04 LTS (Available with Ubuntu Pro) - Ubuntu 16.04 LTS (Available with Ubuntu Pro) - Ubuntu 14.04 LTS (Available with Ubuntu Pro)
Summary:
Graphviz could be made to crash if it opened a specially crafted config6a file.
Software Description: - graphviz: rich set of graph drawing tools
Details:
It was discovered that Graphviz incorrectly handled certain config6a files. An attacker could possibly use this issue to cause a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04 LTS (Available with Ubuntu Pro): graphviz 2.42.2-6ubuntu0.1~esm1
Ubuntu 20.04 LTS (Available with Ubuntu Pro): graphviz 2.42.2-3ubuntu0.1~esm2
Ubuntu 18.04 LTS (Available with Ubuntu Pro): graphviz 2.40.1-2ubuntu0.1~esm2
Ubuntu 16.04 LTS (Available with Ubuntu Pro): graphviz 2.38.0-12ubuntu2.1+esm2
Ubuntu 14.04 LTS (Available with Ubuntu Pro): graphviz 2.36.0-0ubuntu3.2+esm2
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-6708-1 CVE-2023-46045
--------------MgsElOibcHiVC4HTyCbo3ZSS--
--------------ZwTnPIc2o0ZX2WM9yqvXA4Ex Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature.asc"
-----BEGIN PGP SIGNATURE-----
wsD5BAABCAAjFiEE26yozGlLvY8PLmS9C+du+fOjiEwFAmX9gOYFAwAAAAAACgkQC+du+fOjiEyX 3gv+Nz1LRsHFBNv1sPA0c0fTcGb7g57GphenhwUf7mD5szGCta93dTaHCpmI1PTlKfdpt5TSNp6c MQL3xhc6ysDw9DT5hR+K+Pc1Ia1Hc8O4bCRAN/ivcYbsgQPgcbTiNSjL160xckMtxq6nm0BEFfFw dUGmboW5fllIi+LFYa/a6901RXW7m37f5dvI6q21hktjBzF//QsMrFs3m25UQ5OdO8MXjZCF2YHq IL47CDoE4X/NlPVgI5sZJqrTr/045Ywo6KJrs39WWb4ZcH6ClN5Eip+UOmpKL5hNYCgYYd3s7O4O jgaA9ePIPjahFHSKNcRdvchPb399lYzv+9/2+/QVJFGL2WmpA6MqqZy15kWWIoHtJzsvq4MR9FPr /uTMiDdzH2AvYG3DOoa3ier6gnllZ0u9s8WJZZkToz0soqKiAFsPqKcpptfYaTWuQzthPtZWCSdw 46ivDTTxdp/5Cj8HbdnNi853CpPIZxNWUHYXkgEWH1ZsWno8uI9hzpWkxSr8 =kvve -----END PGP SIGNATURE-----
--------------ZwTnPIc2o0ZX2WM9yqvXA4Ex--
--===============3743123589201587962== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
Cg==
--===============3743123589201587962==--
|
|
|
|