Advisories » MGASA-2014-0520

Updated graphviz packages fix CVE-2014-9157

Publication date: 09 Dec 2014
Modification date: 09 Dec 2014
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-9157

Description

Updated graphviz packages fix security vulnerability:

Format string vulnerability in the yyerror function in lib/cgraph/scan.l in
Graphviz allows remote attackers to have unspecified impact via format string
specifiers in unknown vector, which are not properly handled in an error
string (CVE-2014-9157).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=14756
• https://lists.fedoraproject.org/pipermail/package-announce/2014-December/145217.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9157

SRPMS

4/core

• graphviz-2.34.0-6.1.mga4