Advisories ยป MGASA-2014-0027

Updated graphviz packages fix security vulnerabilities

Publication date: 24 Jan 2014
Modification date: 24 Jan 2014
Type: security
Affected Mageia releases : 3
CVE: CVE-2014-0978 , CVE-2014-1236

Description

Updated graphviz packages fix security vulnerabilities:

Multiple buffer overflow vulnerabilities in graphviz due to an error within
the "yyerror()" function (lib/cgraph/scan.l) which can be exploited to cause
a stack-based buffer overflow via a specially crafted file (CVE-2014-0978)
and the acceptance of an arbitrarily long digit list by a regular expression
matched against user input (CVE-2014-1236).
                

References

SRPMS

3/core