Updated graphviz packages fix security vulnerabilities
Publication date: 24 Jan 2014Modification date: 24 Jan 2014
Type: security
Affected Mageia releases : 3
CVE: CVE-2014-0978 , CVE-2014-1236
Description
Updated graphviz packages fix security vulnerabilities: Multiple buffer overflow vulnerabilities in graphviz due to an error within the "yyerror()" function (lib/cgraph/scan.l) which can be exploited to cause a stack-based buffer overflow via a specially crafted file (CVE-2014-0978) and the acceptance of an arbitrarily long digit list by a regular expression matched against user input (CVE-2014-1236).
References
SRPMS
3/core
- graphviz-2.28.0-11.1.mga3