[ MDVSA-2015:187 ] graphviz

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:187
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : graphviz
 Date    : April 1, 2015
 Affected: Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Updated graphviz packages fix security vulnerability:
 
 Format string vulnerability in the yyerror function in
 lib/cgraph/scan.l in Graphviz allows remote attackers to have
 unspecified impact via format string specifiers in unknown vector,
 which are not properly handled in an error string (CVE-2014-9157).
 
 Additionally the gtkglarea2 and gtkglext packages were missing and
 was required for graphviz to build, these packages are also being
 provided with this advisory.
 ________________________________________________________

Leave a Reply