-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:187 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : graphviz Date : April 1, 2015 Affected: Business Server 2.0 _______________________________________________________________________ Problem Description: Updated graphviz packages fix security vulnerability: Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vector, which are not properly handled in an error string (CVE-2014-9157). Additionally the gtkglarea2 and gtkglext packages were missing and was required for graphviz to build, these packages are also being provided with this advisory. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9157 http://advisories.mageia.org/MGASA-2014-0520.html _______________________________________________________________________ Updated Packages: Mandriva Business Server 2/X86_64: 9bafda1801998f26c9de8715a5b4f229 mbs2/x86_64/graphviz-2.34.0-7.1.mbs2.x86_64.rpm 69d0e786218156bda6ce3ae386ce7ece mbs2/x86_64/java-graphviz-2.34.0-7.1.mbs2.x86_64.rpm 970a121e1ad3396d744b729ccf0ae80c mbs2/x86_64/lib64cdt5-2.34.0-7.1.mbs2.x86_64.rpm 2defc0a9c1b055d4c8aeddbb30d29212 mbs2/x86_64/lib64cgraph6-2.34.0-7.1.mbs2.x86_64.rpm 517a130b8db8d596acc58c67889bbb2a mbs2/x86_64/lib64graphviz-devel-2.34.0-7.1.mbs2.x86_64.rpm b622bf72651687ff76529d5c79416057 mbs2/x86_64/lib64gtkgl2.0_1-2.0.1-6.mbs2.x86_64.rpm e697fb1ccf65f78abed726a76baa8bd3 mbs2/x86_64/lib64gtkgl-devel-2.0.1-6.mbs2.x86_64.rpm 3c736ee01ead6eca0ee34dd4144c5bcb mbs2/x86_64/lib64gtkglext-1.0_0-1.2.0-17.mbs2.x86_64.rpm ad99471421e44c95c0e88520eabf6368 mbs2/x86_64/lib64gtkglext-devel-1.2.0-17.mbs2.x86_64.rpm 2a6b3ed54c0bbf4ce7657a7295baf5af mbs2/x86_64/lib64gvc6-2.34.0-7.1.mbs2.x86_64.rpm affcfec0d5c47c4d7f40b6433afb9e3a mbs2/x86_64/lib64gvpr2-2.34.0-7.1.mbs2.x86_64.rpm b3d9803dc5be936b4977fcd07fd8c286 mbs2/x86_64/lib64pathplan4-2.34.0-7.1.mbs2.x86_64.rpm 281a1f3ecbcc2936040a964884a022a9 mbs2/x86_64/lib64xdot4-2.34.0-7.1.mbs2.x86_64.rpm ce23e49e1b648587fe6b7ea091b1dce8 mbs2/x86_64/lua-graphviz-2.34.0-7.1.mbs2.x86_64.rpm ada3a4bc05689b2e99ffedb93adf3376 mbs2/x86_64/ocaml-graphviz-2.34.0-7.1.mbs2.x86_64.rpm a53d3cefebcaaccd64733ecd44b5acc7 mbs2/x86_64/perl-graphviz-2.34.0-7.1.mbs2.x86_64.rpm acfac83dc5cfe4e6dd36d8d93833424e mbs2/x86_64/php-graphviz-2.34.0-7.1.mbs2.x86_64.rpm 908183bccda9074dd050d2db15ec3aea mbs2/x86_64/python-graphviz-2.34.0-7.1.mbs2.x86_64.rpm 5310a33b0b1366631f627314264eee6a mbs2/x86_64/ruby-graphviz-2.34.0-7.1.mbs2.x86_64.rpm ed47d6081c39dfa6ca44aabb09c6b44e mbs2/x86_64/tcl-graphviz-2.34.0-7.1.mbs2.x86_64.rpm 6c1cbbd3de624c944dc68d353d9eda8d mbs2/SRPMS/graphviz-2.34.0-7.1.mbs2.src.rpm c59bd68ec8a4cbc245c931cc066f2b08 mbs2/SRPMS/gtkglarea2-2.0.1-6.mbs2.src.rpm 493dd7182d4bfc70d0844ecd5fdd8cfc mbs2/SRPMS/gtkglext-1.2.0-17.mbs2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFVHOFhmqjQ0CJFipgRAp3wAKC/nwsWD2XGCGzHzr43aX2s2WtZXgCfUYv1 tJI66Kv6DodNHXOLJHD0Iag= =x1Q3 -----END PGP SIGNATURE-----