4.Lock AbstractDigital

Several security vulnerabilities were recently addressed by Canonical in both Graphviz and the Linux kernel of Ubuntu.

Recent discoveries include null pointer dereference vulnerabilities in Graphviz and improper handling of indirect branch prediction isolation between L1 and L2 VMs in the KVM VMX implementation of the Linux kernel.

Graphviz is susceptible to being exploited via a specially crafted input file, which could cause problems like denial of service.

Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and 14.04 ESM are the only versions affected by this issue. The graphviz software was discovered to be a victim of vulnerabilities related to a null pointer dereference.

A buffer overflow vulnerability has also been discovered in graphviz that could lead to arbitrary code execution.