-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2014:248 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : graphviz Date : December 14, 2014 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated graphviz packages fix security vulnerability: Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vector, which are not properly handled in an error string (CVE-2014-9157). _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9157 http://advisories.mageia.org/MGASA-2014-0520.html _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: 3914f2ea0cc964221c07b6b27246fad0 mbs1/x86_64/graphviz-2.28.0-6.2.mbs1.x86_64.rpm 5853ee99ae3bd2ae77a39ee5fc2b3aec mbs1/x86_64/graphviz-doc-2.28.0-6.2.mbs1.noarch.rpm 3e546dc38c33ea1fc6fb88cfdda74421 mbs1/x86_64/java-graphviz-2.28.0-6.2.mbs1.x86_64.rpm 865e9476539dd9aaf8d6dfc9ee21458a mbs1/x86_64/lib64cdt5-2.28.0-6.2.mbs1.x86_64.rpm b0c036687d1ce1e5e097a04811fe86b1 mbs1/x86_64/lib64cgraph6-2.28.0-6.2.mbs1.x86_64.rpm a206f4a2af9a68e39e0fd878b0cd15d0 mbs1/x86_64/lib64graph5-2.28.0-6.2.mbs1.x86_64.rpm 63f512422c8364f59b21b6b3f8699a06 mbs1/x86_64/lib64graphviz-devel-2.28.0-6.2.mbs1.x86_64.rpm 99d0ef333690abdb5b315c1a08bd9859 mbs1/x86_64/lib64graphviz-static-devel-2.28.0-6.2.mbs1.x86_64.rpm ae0e7e1a9553301f5ca95823e94c33f8 mbs1/x86_64/lib64gvc6-2.28.0-6.2.mbs1.x86_64.rpm 8a7b1e6cf323707b4c33c1658c1a29de mbs1/x86_64/lib64gvpr2-2.28.0-6.2.mbs1.x86_64.rpm 696ba1406e68c5b3de15749e4f0e782b mbs1/x86_64/lib64pathplan4-2.28.0-6.2.mbs1.x86_64.rpm c68073de72515035ac978922ec8fa873 mbs1/x86_64/lib64xdot4-2.28.0-6.2.mbs1.x86_64.rpm 27338fd7e937793c97fb02fdd76828fc mbs1/x86_64/lua-graphviz-2.28.0-6.2.mbs1.x86_64.rpm 265496551e62b78ffc7bb762b75c3ea2 mbs1/x86_64/ocaml-graphviz-2.28.0-6.2.mbs1.x86_64.rpm 3c76c71d55bae5c89fde5e8cdd5871ae mbs1/x86_64/perl-graphviz-2.28.0-6.2.mbs1.x86_64.rpm ad084e55bdfa51c4ad3e83853fa155e6 mbs1/x86_64/php-graphviz-2.28.0-6.2.mbs1.x86_64.rpm 27dee6a16934bcf15f78d20ebaa93607 mbs1/x86_64/python-graphviz-2.28.0-6.2.mbs1.x86_64.rpm ae7e2f8ba356f47776705930554a96ba mbs1/x86_64/ruby-graphviz-2.28.0-6.2.mbs1.x86_64.rpm f0a96b284ef58704ce38ea485f2efae7 mbs1/x86_64/tcl-graphviz-2.28.0-6.2.mbs1.x86_64.rpm 34624e4bc4febcf4a08933e1a29a097c mbs1/SRPMS/graphviz-2.28.0-6.2.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFUjddumqjQ0CJFipgRAiVYAJ4sWiM8q/sTVXAdPzadDfIQKPx5BwCg5y2D wmueGlkke8nwFiDHQWCewvw= =4Qhs -----END PGP SIGNATURE-----
