Alerts This Week
Warning Icon 1 566
Alerts This Week
Warning Icon 1 566

Gentoo: GLSA-201702-06 Normal Severity: Graphviz Multiple Threats

gentoo
Calendar Grey February 11, 2017
Dist Gentoo Esm H88
Uncover several security weaknesses in Graphviz impacting Gentoo installations, along with detailed steps for updating to boost security.
Multiple vulnerabilities have been found in Graphviz and the extent of these vulnerabilities are unspecified.

Summary

Multiple vulnerabilities in Graphviz were discovered. Please review the CVE identifiers referenced below for details.

Topics%20covered

Topics Covered

security advisory gentoo remote attack software issue multiple threats graphviz normal severity

Resolution

All Graphviz users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-gfx/graphviz-2.36.0"

References

[ 1 ] CVE-2014-0978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0978 [ 2 ] CVE-2014-1235 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1235 [ 3 ] CVE-2014-1236 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1236

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201702-06
style>.gentoo_availability{display:block;}

Concerns

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

Severity: Normal
Title: Graphviz: Multiple vulnerabilities
Date: February 10, 2017
Bugs: #497274
ID: 201702-06

Topics%20covered

Topics Covered

security advisory gentoo remote attack software issue multiple threats graphviz normal severity

Synopsis

Multiple vulnerabilities have been found in Graphviz and the extent of these vulnerabilities are unspecified.

Background

Graphviz is an open source graph visualization software.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-gfx/graphviz < 2.36.0 >= 2.36.0

Impact

===== A remote attacker, able to control input matched against a regular expression or by enticing a user to process a specially crafted file, could cause unspecified impacts.

Workaround

There is no known workaround at this time.

Related News

Your message here