Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

Debian 8: DLA-1597-1 Critical: gnuplot Code Execution Overflow

debian lts
Calendar Grey November 26, 2018
Dist Debian Esm H88
Major patch released for gnuplot addressing several buffer overflow vulnerabilities that could permit arbitrary code execution. Users are encouraged to upgrade promptly.
gnuplot, a command-line driven interactive plotting program, has been examined with fuzzing by Tim Blazytko, Cornelius Aschermann, Sergej Schumilo and Nils Bars

Summary

Due to special toolchain hardening in Debian, CVE-2018-19492 is not
security relevant, but it is a bug and the patch was applied for the sake
of completeness. Probably some downstream project does not have the same
toolchain settings.


For Debian 8 "Jessie", these problems have been fixed in version
4.6.6-2+deb8u1.

We recommend that you upgrade your gnuplot packages.



Severity
critical
Lowest
Low
Medium
High
Critical

Package: gnuplot
Version: 4.6.6-2+deb8u1
CVE ID: CVE-2018-19490 CVE-2018-19491 CVE-2018-19492

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.