You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa graphviz

Sigurnosni nedostaci programskog paketa graphviz

==========================================================================
Ubuntu Security Notice USN-2083-1
January 16, 2014

graphviz vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 13.10
– Ubuntu 13.04
– Ubuntu 12.10
– Ubuntu 12.04 LTS
– Ubuntu 10.04 LTS

Summary:

Graphviz could be made to crash or run programs as your login if it opened
a specially crafted file.

Software Description:
– graphviz: rich set of graph drawing tools

Details:

It was discovered that Graphviz incorrectly handled memory in the yyerror
function. If a user were tricked into opening a specially crafted dot file,
an attacker could cause Graphviz to crash, or possibly execute arbitrary
code. (CVE-2014-0978, CVE-2014-1235)

It was discovered that Graphviz incorrectly handled memory in the chkNum
function. If a user were tricked into opening a specially crafted dot file,
an attacker could cause Graphviz to crash, or possibly execute arbitrary
code. (CVE-2014-1236)

The default compiler options for affected releases should reduce the
vulnerability to a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 13.10:
graphviz 2.26.3-15ubuntu4.1

Ubuntu 13.04:
graphviz 2.26.3-14ubuntu1.1

Ubuntu 12.10:
graphviz 2.26.3-12ubuntu1.1

Ubuntu 12.04 LTS:
graphviz 2.26.3-10ubuntu1.1

Ubuntu 10.04 LTS:
graphviz 2.20.2-8ubuntu3.1

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2083-1
CVE-2014-0978, CVE-2014-1235, CVE-2014-1236

Package Information:
https://launchpad.net/ubuntu/+source/graphviz/2.26.3-15ubuntu4.1
https://launchpad.net/ubuntu/+source/graphviz/2.26.3-14ubuntu1.1
https://launchpad.net/ubuntu/+source/graphviz/2.26.3-12ubuntu1.1
https://launchpad.net/ubuntu/+source/graphviz/2.26.3-10ubuntu1.1
https://launchpad.net/ubuntu/+source/graphviz/2.20.2-8ubuntu3.1

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird – http://www.enigmail.net/

iQIcBAEBCgAGBQJS19++AAoJEGVp2FWnRL6T7oMP/0cHOmhl0A+NZ2fjO6vB5ATS
rdHBH7XHp3N4PenM72AnCdmOfhTz0DiM2cSFZi28tDqpjmoKI6hUNttKdhAgDm66
Ggi24YmtxaBEGvKzuIBkGoR9Dd6ZqAV7vZEPjvqGm7ZywBH0XI/i6jPgqhTsvr0O
+HCiGDCcIsJGGyOB4GGl9yhsWbL7osx70SICVIGLKyn7Cs7GFtCE7GxFWivhiF/d
7Jhnpw2fRu49s+2jGdLej84JFnIROR17zxgA7xt4eSYCr78njKR0nKNl6fnPvPNm
1Qb6h7aKGYubFBLZ7N2BBwQCeM7GoviX6OKYHDANyKL3TxCv8gJ7ypaYN5qiBfmh
/BeDZDk4nR5UzXCW7pAkN8IjAL4vOr229X88xSdmSXXu8D83AnCZYukJKGUYY8Xj
9Y4T+CtKWw3EWQFqWztEE34twXUL4eVjbtO7CjGmeZJdVk9Da6Bq6ru9JGJCFG1b
4Y/3ZLFwHwVdSzAbZqDqN0/RI1c6yy4qZ3+HRmnBhCXU4/FyQVb7VMBiuzWPGCdA
hsx/ObEkukkcaNZtJmq4mJAc/Pnk+RndRxpUR4JDeT4cez9QulAvJeYfQO2PIKf+
h7w3S3u7sTnP8MTxy6BomPflZ5nLcaAYAtNTYqNkUAUpRn5P08aRtV5BLh4tvRJX
9yNZ5Oe84fr0VgzEG5Ms
=MZoQ
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostaci programskog paketa Drupal

Otkriveni su sigurnosni nedostaci u programskom paketu Drupal. Otkriveni nedostaci se javljaju u modulima OpenID i Taxonomy, te u komponenti...

Close