Advisories ยป MGASA-2014-0520

Updated graphviz packages fix CVE-2014-9157

Publication date: 09 Dec 2014
Modification date: 09 Dec 2014
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-9157

Description

Updated graphviz packages fix security vulnerability:

Format string vulnerability in the yyerror function in lib/cgraph/scan.l in
Graphviz allows remote attackers to have unspecified impact via format string
specifiers in unknown vector, which are not properly handled in an error
string (CVE-2014-9157).
                

References

SRPMS

4/core