- Detalji os-a: WN7
- Važnost: IMP
- Operativni sustavi: L
- Kategorije: LUB
==========================================================================
Ubuntu Security Notice USN-2083-1
January 16, 2014
graphviz vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 13.10
– Ubuntu 13.04
– Ubuntu 12.10
– Ubuntu 12.04 LTS
– Ubuntu 10.04 LTS
Summary:
Graphviz could be made to crash or run programs as your login if it opened
a specially crafted file.
Software Description:
– graphviz: rich set of graph drawing tools
Details:
It was discovered that Graphviz incorrectly handled memory in the yyerror
function. If a user were tricked into opening a specially crafted dot file,
an attacker could cause Graphviz to crash, or possibly execute arbitrary
code. (CVE-2014-0978, CVE-2014-1235)
It was discovered that Graphviz incorrectly handled memory in the chkNum
function. If a user were tricked into opening a specially crafted dot file,
an attacker could cause Graphviz to crash, or possibly execute arbitrary
code. (CVE-2014-1236)
The default compiler options for affected releases should reduce the
vulnerability to a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 13.10:
graphviz 2.26.3-15ubuntu4.1
Ubuntu 13.04:
graphviz 2.26.3-14ubuntu1.1
Ubuntu 12.10:
graphviz 2.26.3-12ubuntu1.1
Ubuntu 12.04 LTS:
graphviz 2.26.3-10ubuntu1.1
Ubuntu 10.04 LTS:
graphviz 2.20.2-8ubuntu3.1
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2083-1
CVE-2014-0978, CVE-2014-1235, CVE-2014-1236
Package Information:
https://launchpad.net/ubuntu/+source/graphviz/2.26.3-15ubuntu4.1
https://launchpad.net/ubuntu/+source/graphviz/2.26.3-14ubuntu1.1
https://launchpad.net/ubuntu/+source/graphviz/2.26.3-12ubuntu1.1
https://launchpad.net/ubuntu/+source/graphviz/2.26.3-10ubuntu1.1
https://launchpad.net/ubuntu/+source/graphviz/2.20.2-8ubuntu3.1
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird – http://www.enigmail.net/
iQIcBAEBCgAGBQJS19++AAoJEGVp2FWnRL6T7oMP/0cHOmhl0A+NZ2fjO6vB5ATS
rdHBH7XHp3N4PenM72AnCdmOfhTz0DiM2cSFZi28tDqpjmoKI6hUNttKdhAgDm66
Ggi24YmtxaBEGvKzuIBkGoR9Dd6ZqAV7vZEPjvqGm7ZywBH0XI/i6jPgqhTsvr0O
+HCiGDCcIsJGGyOB4GGl9yhsWbL7osx70SICVIGLKyn7Cs7GFtCE7GxFWivhiF/d
7Jhnpw2fRu49s+2jGdLej84JFnIROR17zxgA7xt4eSYCr78njKR0nKNl6fnPvPNm
1Qb6h7aKGYubFBLZ7N2BBwQCeM7GoviX6OKYHDANyKL3TxCv8gJ7ypaYN5qiBfmh
/BeDZDk4nR5UzXCW7pAkN8IjAL4vOr229X88xSdmSXXu8D83AnCZYukJKGUYY8Xj
9Y4T+CtKWw3EWQFqWztEE34twXUL4eVjbtO7CjGmeZJdVk9Da6Bq6ru9JGJCFG1b
4Y/3ZLFwHwVdSzAbZqDqN0/RI1c6yy4qZ3+HRmnBhCXU4/FyQVb7VMBiuzWPGCdA
hsx/ObEkukkcaNZtJmq4mJAc/Pnk+RndRxpUR4JDeT4cez9QulAvJeYfQO2PIKf+
h7w3S3u7sTnP8MTxy6BomPflZ5nLcaAYAtNTYqNkUAUpRn5P08aRtV5BLh4tvRJX
9yNZ5Oe84fr0VgzEG5Ms
=MZoQ
—–END PGP SIGNATURE—–
—
| Autor | Marko Stanec |
| Cert id | NCERT-REF-2014-01-0019-ADV |
| Cve | CERT-CVE-DUMMY |
| ID izvornika | CERT-ORIGID-DUMMY |
| Proizvod | CERT-DUMMY-PRODUCT |
| Izvor | http://www.adobe.com/ |
