news 28 Posted October 1, 2009 This is a multi-part message in MIME format... ------------=_1254421652-13155-2242 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:254 http://www.mandriva.com/security/ _______________________________________________________________________ Package : graphviz Date : October 1, 2009 Affected: 2008.1, 2009.0, Corporate 4.0, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: A vulnerability was discovered and corrected in graphviz: Stack-based buffer overflow in the push_subg function in parser.y (lib/graph/parser.c) in Graphviz 2.20.2, and possibly earlier versions, allows user-assisted remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a DOT file with a large number of Agraph_t elements (CVE-2008-4555). This update provides a fix for this vulnerability. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4555 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.1: 438c0a99edd76117c5f8f414483ba2cf 2008.1/i586/graphviz-2.16.1-3.2mdv2008.1.i586.rpm dfb121bb5029b7e9d7a4695bf76a1413 2008.1/i586/graphviz-doc-2.16.1-3.2mdv2008.1.i586.rpm 549ac8639eb441968824a737825bbbfd 2008.1/i586/libgraphviz4-2.16.1-3.2mdv2008.1.i586.rpm 055b0a9ea5a6d9c2bb52cdd24736466c 2008.1/i586/libgraphviz-devel-2.16.1-3.2mdv2008.1.i586.rpm 0a4d296f3280eed23ee466df6e491068 2008.1/i586/libgraphvizlua0-2.16.1-3.2mdv2008.1.i586.rpm 969e8bcb8e2fd7dbd0dc18e1bba81a12 2008.1/i586/libgraphvizocaml0-2.16.1-3.2mdv2008.1.i586.rpm 1502294cefc214c5303d62f08f3dd79e 2008.1/i586/libgraphvizperl0-2.16.1-3.2mdv2008.1.i586.rpm 3512049a131159102e2bc613496c189f 2008.1/i586/libgraphvizphp0-2.16.1-3.2mdv2008.1.i586.rpm f1dd75279c2deddec3bac08f787148a6 2008.1/i586/libgraphvizpython0-2.16.1-3.2mdv2008.1.i586.rpm e4cc9bfd988204f3cda765d9b2b5f6b4 2008.1/i586/libgraphvizr0-2.16.1-3.2mdv2008.1.i586.rpm 07b0369439dfbfdf13e1f81333053330 2008.1/i586/libgraphvizruby0-2.16.1-3.2mdv2008.1.i586.rpm b2da0ab31141bac72991913b2ba5af11 2008.1/i586/libgraphviz-static-devel-2.16.1-3.2mdv2008.1.i586.rpm 17c5d030e390edeaa499afb227c2a918 2008.1/i586/libgraphviztcl0-2.16.1-3.2mdv2008.1.i586.rpm e1ec78ea74f83f3a76bf3a2840634612 2008.1/SRPMS/graphviz-2.16.1-3.2mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: 1d03179cba939f845767e5c53f55a3ac 2008.1/x86_64/graphviz-2.16.1-3.2mdv2008.1.x86_64.rpm 7f909c2527993dfc6fb52a99ba7d40bf 2008.1/x86_64/graphviz-doc-2.16.1-3.2mdv2008.1.x86_64.rpm 3a7a535f08e5d452c00615970ef681f4 2008.1/x86_64/lib64graphviz4-2.16.1-3.2mdv2008.1.x86_64.rpm 1031c334336b37483bd78743ac996d31 2008.1/x86_64/lib64graphviz-devel-2.16.1-3.2mdv2008.1.x86_64.rpm aeb9e97aef30819f6900ad0ac36ff7ba 2008.1/x86_64/lib64graphvizlua0-2.16.1-3.2mdv2008.1.x86_64.rpm 52a9857f11e80c8003e41c6e5a38327e 2008.1/x86_64/lib64graphvizocaml0-2.16.1-3.2mdv2008.1.x86_64.rpm a9c4f5f562e98bd643650a3c47405c5a 2008.1/x86_64/lib64graphvizperl0-2.16.1-3.2mdv2008.1.x86_64.rpm 0085b4658e8a92da42d40fcd06bce41f 2008.1/x86_64/lib64graphvizphp0-2.16.1-3.2mdv2008.1.x86_64.rpm cb6596d38d763038ba3b6fd1b8f988d5 2008.1/x86_64/lib64graphvizpython0-2.16.1-3.2mdv2008.1.x86_64.rpm c50a7ea57991f13a11fb193d90bd1dad 2008.1/x86_64/lib64graphvizr0-2.16.1-3.2mdv2008.1.x86_64.rpm 448f2265d11265818ad703724c0b5c77 2008.1/x86_64/lib64graphvizruby0-2.16.1-3.2mdv2008.1.x86_64.rpm b03474eba03405827cca9ab99a77f517 2008.1/x86_64/lib64graphviz-static-devel-2.16.1-3.2mdv2008.1.x86_64.rpm ac8c9dacf5f7d8262de0e7d9a803a38a 2008.1/x86_64/lib64graphviztcl0-2.16.1-3.2mdv2008.1.x86_64.rpm e1ec78ea74f83f3a76bf3a2840634612 2008.1/SRPMS/graphviz-2.16.1-3.2mdv2008.1.src.rpm Mandriva Linux 2009.0: cd40ad7b987be4017fc17321ef2d9db3 2009.0/i586/graphviz-2.20.2-3.1mdv2009.0.i586.rpm 16f9bf10cf8fc2703fa9c545501a60f3 2009.0/i586/graphviz-doc-2.20.2-3.1mdv2009.0.i586.rpm bbd99a51776c7635cc2fb1e6504ab660 2009.0/i586/libgraphviz4-2.20.2-3.1mdv2009.0.i586.rpm 4c51fd7007ad75990da2326a9be1f79b 2009.0/i586/libgraphviz-devel-2.20.2-3.1mdv2009.0.i586.rpm 1ced8591094aa6383aace1dc597c1b31 2009.0/i586/libgraphvizlua0-2.20.2-3.1mdv2009.0.i586.rpm 58c7888f5b8f6753fe8b9ecd2e96263c 2009.0/i586/libgraphvizocaml0-2.20.2-3.1mdv2009.0.i586.rpm 04e0d0f072c05a00c88d58ad773ae71f 2009.0/i586/libgraphvizperl0-2.20.2-3.1mdv2009.0.i586.rpm fd140078c0bd81fb7a91840626e6d73b 2009.0/i586/libgraphvizphp0-2.20.2-3.1mdv2009.0.i586.rpm 846a760fa83a380d433efec24e5029a3 2009.0/i586/libgraphvizpython0-2.20.2-3.1mdv2009.0.i586.rpm 0f700d07ec8319159a1547817774bce8 2009.0/i586/libgraphvizr0-2.20.2-3.1mdv2009.0.i586.rpm a00118be4bd5394a3bcf31a50032d7a3 2009.0/i586/libgraphvizruby0-2.20.2-3.1mdv2009.0.i586.rpm 3a47386cf382a64de356a16bd0a3b7fb 2009.0/i586/libgraphviz-static-devel-2.20.2-3.1mdv2009.0.i586.rpm d24a69b5d1960562e621c4618f98e072 2009.0/i586/libgraphviztcl0-2.20.2-3.1mdv2009.0.i586.rpm 24fccd7d4adb0a5625e71bc5437355aa 2009.0/SRPMS/graphviz-2.20.2-3.1mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: b430e14520a0f51eb0a95b5e33701741 2009.0/x86_64/graphviz-2.20.2-3.1mdv2009.0.x86_64.rpm 341a88027fdc05164c91afc9bbc457c2 2009.0/x86_64/graphviz-doc-2.20.2-3.1mdv2009.0.x86_64.rpm 4e27716eb9de736e0bec24b4531bcd15 2009.0/x86_64/lib64graphviz4-2.20.2-3.1mdv2009.0.x86_64.rpm 3b4e1362f89ca92e6f33a5967c8f56e3 2009.0/x86_64/lib64graphviz-devel-2.20.2-3.1mdv2009.0.x86_64.rpm a809b129e4d25356c43fa0149cdab5f7 2009.0/x86_64/lib64graphvizlua0-2.20.2-3.1mdv2009.0.x86_64.rpm eeb3736d03ab2c010d1475383c3bdb45 2009.0/x86_64/lib64graphvizocaml0-2.20.2-3.1mdv2009.0.x86_64.rpm 65a02975aec2bdd4e7a7a15348fbb91b 2009.0/x86_64/lib64graphvizperl0-2.20.2-3.1mdv2009.0.x86_64.rpm ae97101a210b04b42bdd6528ed9f3ccc 2009.0/x86_64/lib64graphvizphp0-2.20.2-3.1mdv2009.0.x86_64.rpm cb6690c8c20d614a4efc95b4938bcc1d 2009.0/x86_64/lib64graphvizpython0-2.20.2-3.1mdv2009.0.x86_64.rpm 60fd79709c361adc99a994046183e808 2009.0/x86_64/lib64graphvizr0-2.20.2-3.1mdv2009.0.x86_64.rpm 17d52b449c8cb552b07d9ec8b7546dab 2009.0/x86_64/lib64graphvizruby0-2.20.2-3.1mdv2009.0.x86_64.rpm 2107cfc119bf716592cde2d9ccb5a278 2009.0/x86_64/lib64graphviz-static-devel-2.20.2-3.1mdv2009.0.x86_64.rpm 22d50187ae34b3fe4fc6e5a56e03cf6e 2009.0/x86_64/lib64graphviztcl0-2.20.2-3.1mdv2009.0.x86_64.rpm 24fccd7d4adb0a5625e71bc5437355aa 2009.0/SRPMS/graphviz-2.20.2-3.1mdv2009.0.src.rpm Corporate 4.0: 220a090c70ece0be9301c7fbba8eeafb corporate/4.0/i586/graphviz-2.2.1-3.2.20060mdk.i586.rpm 0306b02d2da0dcf568eda62d161c05a3 corporate/4.0/i586/libgraphviz7-2.2.1-3.2.20060mdk.i586.rpm 2a81ab84c226d920922b83e0008c0639 corporate/4.0/i586/libgraphviz7-devel-2.2.1-3.2.20060mdk.i586.rpm 28a0cc74c0741472ad13972e7e37b0fb corporate/4.0/i586/libgraphviztcl7-2.2.1-3.2.20060mdk.i586.rpm 8da2d3fa3550dfedcbdf0a9eca17ce23 corporate/4.0/i586/libgraphviztcl7-devel-2.2.1-3.2.20060mdk.i586.rpm b6944d7913771bce2e3e8c2fb7175747 corporate/4.0/SRPMS/graphviz-2.2.1-3.2.20060mdk.src.rpm Corporate 4.0/X86_64: 9b8bb3fc39eb7c4019d93adabb9f32b7 corporate/4.0/x86_64/graphviz-2.2.1-3.2.20060mdk.x86_64.rpm b4217c99d65439f37ce74bb396379d26 corporate/4.0/x86_64/lib64graphviz7-2.2.1-3.2.20060mdk.x86_64.rpm cc3677da3e06a39066d940e69f71169a corporate/4.0/x86_64/lib64graphviz7-devel-2.2.1-3.2.20060mdk.x86_64.rpm a20c4bc6c864d1ec2f2e1df0c0c6bb52 corporate/4.0/x86_64/lib64graphviztcl7-2.2.1-3.2.20060mdk.x86_64.rpm 98f1e52d3b1cc53f18bb50b2d026f177 corporate/4.0/x86_64/lib64graphviztcl7-devel-2.2.1-3.2.20060mdk.x86_64.rpm b6944d7913771bce2e3e8c2fb7175747 corporate/4.0/SRPMS/graphviz-2.2.1-3.2.20060mdk.src.rpm Mandriva Enterprise Server 5: 62ee712cf5d3db3cdc3d89cbaea5a8ef mes5/i586/graphviz-2.20.2-3.1mdvmes5.i586.rpm cc53ce2980bbc9230c47e9f577dc96e6 mes5/i586/graphviz-doc-2.20.2-3.1mdvmes5.i586.rpm 9c3280147b3ed5269eb8f3639b3797ac mes5/i586/libgraphviz4-2.20.2-3.1mdvmes5.i586.rpm 4d76154866151b9e1c9950bd9e696079 mes5/i586/libgraphviz-devel-2.20.2-3.1mdvmes5.i586.rpm 290871c8685f212d550630883d21a3c1 mes5/i586/libgraphvizlua0-2.20.2-3.1mdvmes5.i586.rpm 75da3b25645fd179cd1b09c7f7f5b1a6 mes5/i586/libgraphvizocaml0-2.20.2-3.1mdvmes5.i586.rpm c7fa737414c85c02f1b1773bd9251123 mes5/i586/libgraphvizperl0-2.20.2-3.1mdvmes5.i586.rpm 5f6e94e5805938ae3db0a0f40352bbc8 mes5/i586/libgraphvizphp0-2.20.2-3.1mdvmes5.i586.rpm 70bcd1a23e310ec99243f01fbd961580 mes5/i586/libgraphvizpython0-2.20.2-3.1mdvmes5.i586.rpm bd47754ee30d40320747d3f49e0e7379 mes5/i586/libgraphvizr0-2.20.2-3.1mdvmes5.i586.rpm 0c958b24c47c0490dcef2f02f14b9dfc mes5/i586/libgraphvizruby0-2.20.2-3.1mdvmes5.i586.rpm 8d7fc25bbe7bae9b6f3a30e804e194ca mes5/i586/libgraphviz-static-devel-2.20.2-3.1mdvmes5.i586.rpm 504ba285c05399aed39bfd3e073efef3 mes5/i586/libgraphviztcl0-2.20.2-3.1mdvmes5.i586.rpm deab8d3cf3d3385681981ddcae6f27f5 mes5/SRPMS/graphviz-2.20.2-3.1mdvmes5.src.rpm Mandriva Enterprise Server 5/X86_64: 52e6de0a8fed5ea15100f9db0fa89165 mes5/x86_64/graphviz-2.20.2-3.1mdvmes5.x86_64.rpm a41a1b7184b99e6cf39cbe4c472869d3 mes5/x86_64/graphviz-doc-2.20.2-3.1mdvmes5.x86_64.rpm 20aec37af8e1e0ed35252c0946146bb4 mes5/x86_64/lib64graphviz4-2.20.2-3.1mdvmes5.x86_64.rpm f64c7fbba5f6013bf85d7fc0cbe08b8e mes5/x86_64/lib64graphviz-devel-2.20.2-3.1mdvmes5.x86_64.rpm 9231a34114cd21170548ad956dbceac8 mes5/x86_64/lib64graphvizlua0-2.20.2-3.1mdvmes5.x86_64.rpm 35decda2e828878b50e89412abec4452 mes5/x86_64/lib64graphvizocaml0-2.20.2-3.1mdvmes5.x86_64.rpm cc55ea4aeebbb1407c0545396c13e690 mes5/x86_64/lib64graphvizperl0-2.20.2-3.1mdvmes5.x86_64.rpm b44aaa3e7b0815a977c1ec2baab022fe mes5/x86_64/lib64graphvizphp0-2.20.2-3.1mdvmes5.x86_64.rpm b5b201cafa894a5cfcd52591d69f5a5e mes5/x86_64/lib64graphvizpython0-2.20.2-3.1mdvmes5.x86_64.rpm ae7c9ddf53031238aad61102d988d0c0 mes5/x86_64/lib64graphvizr0-2.20.2-3.1mdvmes5.x86_64.rpm 14ee645f24b5a73245bb956b225731ec mes5/x86_64/lib64graphvizruby0-2.20.2-3.1mdvmes5.x86_64.rpm 2c9bc7399ef37e5ea4166a43bb595ffe mes5/x86_64/lib64graphviz-static-devel-2.20.2-3.1mdvmes5.x86_64.rpm b238a236ff9db01dca40e37e87c30304 mes5/x86_64/lib64graphviztcl0-2.20.2-3.1mdvmes5.x86_64.rpm deab8d3cf3d3385681981ddcae6f27f5 mes5/SRPMS/graphviz-2.20.2-3.1mdvmes5.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKxMaAmqjQ0CJFipgRAuQlAJoDTqDq5rg6FU+iVE7+f+dbzyAzFACeLU5Z bKt0b1Yn9jvoKvPVqNAjk28= =i+6O -----END PGP SIGNATURE----- ------------=_1254421652-13155-2242 Content-Type: text/plain; name="message-footer.txt" Content-Disposition: inline; filename="message-footer.txt" Content-Transfer-Encoding: 8bit To unsubscribe, send a email to sympa ( -at -) mandrivalinux.org with this subject : unsubscribe security-announce _______________________________________________________ Want to buy your Pack or Services from Mandriva? Go to http://www.mandrivastore.com Join the Club : http://www.mandrivaclub.com _______________________________________________________ ------------=_1254421652-13155-2242-- Share this post Link to post
