Explore top 10 tips to secure your open-source projects now. Read More
×gnuplot5, a command-line driven interactive plotting program, has been examined with fuzzing by Tim Blazytko, Cornelius Aschermann, Sergej Schumilo and Nils Bars. . Package : gnuplot5 Version : 5.0.0~rc+dfsg2-1+deb8u1 CVE ID : CVE-2018-19490 CVE-2018-19491 CVE-2018-19492 gnuplot5, a command-line driven interactive plotting program, has been examined with fuzzing by Tim Blazytko, Cornelius Aschermann, Sergej Schumilo and Nils Bars. They found various overflow cases which might lead to the execution of arbitrary code. Due to special toolchain hardening in Debian, CVE-2018-19492 is not security relevant, but it is a bug and the patch was applied for the sake of completeness. Probably some downstream project does not have the same toolchain settings. For Debian 8 "Jessie", these problems have been fixed in version 5.0.0~rc+dfsg2-1+deb8u1. We recommend that you upgrade your gnuplot5 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Package : gnuplot5 Version : 5.0.0~rc+dfsg2-1+deb8u1 CVE ID : CVE-2018-19490 CVE-2018-19491 CVE-2018. gnuplot5, command-line, driven, interactive, plotting, program, examined, fuzzing. . LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.