What Are You Looking For?

Sign Up
Date:         Wed, 11 Nov 2009 15:48:53 -0600
Reply-To:     Troy Dawson 
Sender:       Security Errata for Scientific Linux
              
From:         Troy Dawson 
Subject:      Security ERRATA Medium: graphviz on SL5.x i386/x86_64
Comments: To: "scientific-linux-errata@fnal.gov"
          

Synopsis:	Medium: graphviz security, bug fix, and enhancement update
CVE Names:	CVE-2008-4555

Stack-based buffer overflow in the push_subg function in parser.y 
(lib/graph/parser.c) in Graphviz 2.20.2, and possibly earlier versions, 
allows user-assisted remote attackers to cause a denial of service 
(memory corruption) or execute arbitrary code via a DOT file with a 
large number of Agraph_t elements. (CVE-2008-4555)

Note: graphviz-ocaml is no longer supported in the SL version of 
graphiviz.  This is because ocaml was never included.  If you do have 
graphviz-ocaml installed, you will have to remove it before doing this 
update.

Note: This update is already in SL 5.4

SL 5.x

     SRPMS:
graphviz-2.24.0-1.el5.sl.src.rpm
     i386:
graphviz-2.24.0-1.el5.sl.i386.rpm
graphviz-devel-2.24.0-1.el5.sl.i386.rpm
graphviz-doc-2.24.0-1.el5.sl.i386.rpm
graphviz-gd-2.24.0-1.el5.sl.i386.rpm
graphviz-graphs-2.24.0-1.el5.sl.i386.rpm
graphviz-guile-2.24.0-1.el5.sl.i386.rpm
graphviz-java-2.24.0-1.el5.sl.i386.rpm
graphviz-lua-2.24.0-1.el5.sl.i386.rpm
graphviz-perl-2.24.0-1.el5.sl.i386.rpm
graphviz-php-2.24.0-1.el5.sl.i386.rpm
graphviz-python-2.24.0-1.el5.sl.i386.rpm
graphviz-ruby-2.24.0-1.el5.sl.i386.rpm
graphviz-tcl-2.24.0-1.el5.sl.i386.rpm
lua-5.1.2-1.el5.i386.rpm
lua-devel-5.1.2-1.el5.i386.rpm
     x86_64:
graphviz-2.24.0-1.el5.sl.x86_64.rpm
graphviz-devel-2.24.0-1.el5.sl.x86_64.rpm
graphviz-doc-2.24.0-1.el5.sl.x86_64.rpm
graphviz-gd-2.24.0-1.el5.sl.x86_64.rpm
graphviz-graphs-2.24.0-1.el5.sl.x86_64.rpm
graphviz-guile-2.24.0-1.el5.sl.x86_64.rpm
graphviz-java-2.24.0-1.el5.sl.x86_64.rpm
graphviz-lua-2.24.0-1.el5.sl.x86_64.rpm
graphviz-perl-2.24.0-1.el5.sl.x86_64.rpm
graphviz-php-2.24.0-1.el5.sl.x86_64.rpm
graphviz-python-2.24.0-1.el5.sl.x86_64.rpm
graphviz-ruby-2.24.0-1.el5.sl.x86_64.rpm
graphviz-tcl-2.24.0-1.el5.sl.x86_64.rpm
lua-5.1.2-1.el5.x86_64.rpm
lua-devel-5.1.2-1.el5.x86_64.rpm

-Connie Sieh
-Troy Dawson

SciLinux: CVE-2008-4555 Medium: graphviz SL5.x i386/x86_64

Medium: graphviz security, bug fix, and enhancement update

Summary

Date:         Wed, 11 Nov 2009 15:48:53 -0600Reply-To:     Troy Dawson Sender:       Security Errata for Scientific Linux              From:         Troy Dawson Subject:      Security ERRATA Medium: graphviz on SL5.x i386/x86_64Comments: To: "scientific-linux-errata@fnal.gov"          Synopsis:	Medium: graphviz security, bug fix, and enhancement updateCVE Names:	CVE-2008-4555Stack-based buffer overflow in the push_subg function in parser.y (lib/graph/parser.c) in Graphviz 2.20.2, and possibly earlier versions, allows user-assisted remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a DOT file with a large number of Agraph_t elements. (CVE-2008-4555)Note: graphviz-ocaml is no longer supported in the SL version of graphiviz.  This is because ocaml was never included.  If you do have graphviz-ocaml installed, you will have to remove it before doing this update.Note: This update is already in SL 5.4SL 5.x     SRPMS:graphviz-2.24.0-1.el5.sl.src.rpm     i386:graphviz-2.24.0-1.el5.sl.i386.rpmgraphviz-devel-2.24.0-1.el5.sl.i386.rpmgraphviz-doc-2.24.0-1.el5.sl.i386.rpmgraphviz-gd-2.24.0-1.el5.sl.i386.rpmgraphviz-graphs-2.24.0-1.el5.sl.i386.rpmgraphviz-guile-2.24.0-1.el5.sl.i386.rpmgraphviz-java-2.24.0-1.el5.sl.i386.rpmgraphviz-lua-2.24.0-1.el5.sl.i386.rpmgraphviz-perl-2.24.0-1.el5.sl.i386.rpmgraphviz-php-2.24.0-1.el5.sl.i386.rpmgraphviz-python-2.24.0-1.el5.sl.i386.rpmgraphviz-ruby-2.24.0-1.el5.sl.i386.rpmgraphviz-tcl-2.24.0-1.el5.sl.i386.rpmlua-5.1.2-1.el5.i386.rpmlua-devel-5.1.2-1.el5.i386.rpm     x86_64:graphviz-2.24.0-1.el5.sl.x86_64.rpmgraphviz-devel-2.24.0-1.el5.sl.x86_64.rpmgraphviz-doc-2.24.0-1.el5.sl.x86_64.rpmgraphviz-gd-2.24.0-1.el5.sl.x86_64.rpmgraphviz-graphs-2.24.0-1.el5.sl.x86_64.rpmgraphviz-guile-2.24.0-1.el5.sl.x86_64.rpmgraphviz-java-2.24.0-1.el5.sl.x86_64.rpmgraphviz-lua-2.24.0-1.el5.sl.x86_64.rpmgraphviz-perl-2.24.0-1.el5.sl.x86_64.rpmgraphviz-php-2.24.0-1.el5.sl.x86_64.rpmgraphviz-python-2.24.0-1.el5.sl.x86_64.rpmgraphviz-ruby-2.24.0-1.el5.sl.x86_64.rpmgraphviz-tcl-2.24.0-1.el5.sl.x86_64.rpmlua-5.1.2-1.el5.x86_64.rpmlua-devel-5.1.2-1.el5.x86_64.rpm-Connie Sieh-Troy Dawson



Security Fixes

Severity

Related News

Security Highlights from KubeCon + CloudNativeCon 2023

Nov 18, 2023

Kubernetes Security on AWS: A Practical Guide

Nov 18, 2023

Nitrux 3.2.0 Linux Distro Released with Enhanced Security and New Features

Nov 28, 2023

Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits

Nov 25, 2023

News

Advisories

HOWTOs

Features

Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses
Scanning and Defending Networks with Nmap
CISA Issues Urgent Warning Over Active Exploitation of Looney Tunables glibc Bug

About Us

Powered By

Footer Logo