Nom du paquet
graphviz
Date
2014-01-24
Advisory ID
MDVSA-2014:024
Affected versions
MES5 i586 , MBS1 x86_64 , MES5 x86_64

Problem description

Updated graphviz packages fix security vulnerabilities:

Multiple buffer overflow vulnerabilities in graphviz due to an
error within the yyerror() function (lib/cgraph/scan.l) which can
be exploited to cause a stack-based buffer overflow via a specially
crafted file (CVE-2014-0978) and the acceptance of an arbitrarily
long digit list by a regular expression matched against user input
(CVE-2014-1236).

A build problem was discovered and fixed in swig while building
graphviz for Business Server 1, related to the new php-5.5.x version as
of the MDVSA-2014:014 advisory. Fixed swig packages is being provided
with this advisory as well.

Updated packages

MES5 i586

 2a18726d58e94c853368f61b74985621  mes5/i586/graphviz-2.20.2-3.2mdvmes5.2.i586.rpm
 86576d993d8eb8d9d3cc3275fc59d05c  mes5/i586/graphviz-doc-2.20.2-3.2mdvmes5.2.i586.rpm
 9445dda34d27a127ab061e8ce46c33e7  mes5/i586/libgraphviz4-2.20.2-3.2mdvmes5.2.i586.rpm
 17c580271cff60dd67812a76538b68f2  mes5/i586/libgraphviz-devel-2.20.2-3.2mdvmes5.2.i586.rpm
 120f0bd74e4dba0c0b5828fd36114922  mes5/i586/libgraphvizlua0-2.20.2-3.2mdvmes5.2.i586.rpm
 d2b1ce303b17c855ba9b1e0f36e63c27  mes5/i586/libgraphvizocaml0-2.20.2-3.2mdvmes5.2.i586.rpm
 cc601eb1d97d5eed0207ad65fd684c14  mes5/i586/libgraphvizperl0-2.20.2-3.2mdvmes5.2.i586.rpm
 901ab5b43b485b3b84400bc12c66a737  mes5/i586/libgraphvizphp0-2.20.2-3.2mdvmes5.2.i586.rpm
 68471acd054c298d9b518962d8c0c82a  mes5/i586/libgraphvizpython0-2.20.2-3.2mdvmes5.2.i586.rpm
 efec65a3e46b17d91f56c92422da62b5  mes5/i586/libgraphvizr0-2.20.2-3.2mdvmes5.2.i586.rpm
 a68d0aaefb900d581373ad90007dbf5b  mes5/i586/libgraphvizruby0-2.20.2-3.2mdvmes5.2.i586.rpm
 13efe709f3cc9dfe77f95d9617feb61b  mes5/i586/libgraphviz-static-devel-2.20.2-3.2mdvmes5.2.i586.rpm
 7c6ffe31b97e59ed5658c98ef82a1a6d  mes5/i586/libgraphviztcl0-2.20.2-3.2mdvmes5.2.i586.rpm 
 17ca784b83a219d225db1331ac69e9f1  mes5/SRPMS/graphviz-2.20.2-3.2mdvmes5.2.src.rpm

MBS1 x86_64

 c4a2b0a3bc7bece8cd82a3f2bf33b9ec  mbs1/x86_64/graphviz-2.28.0-6.1.mbs1.x86_64.rpm
 38a95799fa68b8ac74aab2d378fdff0d  mbs1/x86_64/graphviz-doc-2.28.0-6.1.mbs1.noarch.rpm
 7844c839811ddb469b51f25569ed21df  mbs1/x86_64/java-graphviz-2.28.0-6.1.mbs1.x86_64.rpm
 f0330cca4194aba5f235ec40be9e06a6  mbs1/x86_64/lib64cdt5-2.28.0-6.1.mbs1.x86_64.rpm
 beea5b9f76b6a46c5a930a2bbbe73ef8  mbs1/x86_64/lib64cgraph6-2.28.0-6.1.mbs1.x86_64.rpm
 f9bce656a8a26190a01d935ad82f47fd  mbs1/x86_64/lib64graph5-2.28.0-6.1.mbs1.x86_64.rpm
 f6c7bbd2b7580701743b9b9df646ce00  mbs1/x86_64/lib64graphviz-devel-2.28.0-6.1.mbs1.x86_64.rpm
 5992fe4c4ac3523f5687f691951bab67  mbs1/x86_64/lib64graphviz-static-devel-2.28.0-6.1.mbs1.x86_64.rpm
 dd603bae4c8540bc80390e58104dd568  mbs1/x86_64/lib64gvc6-2.28.0-6.1.mbs1.x86_64.rpm
 1f3ac007dd967212210a49a606a5d599  mbs1/x86_64/lib64gvpr2-2.28.0-6.1.mbs1.x86_64.rpm
 0f152246430a424db26f1fa0d772556e  mbs1/x86_64/lib64pathplan4-2.28.0-6.1.mbs1.x86_64.rpm
 33cea7ad1a9cb603e8d3d361f34af188  mbs1/x86_64/lib64xdot4-2.28.0-6.1.mbs1.x86_64.rpm
 79bb1872f74ff1825becb063b202d526  mbs1/x86_64/lua-graphviz-2.28.0-6.1.mbs1.x86_64.rpm
 c2f5d1e77e5e663b33e5a34e28037dfb  mbs1/x86_64/ocaml-graphviz-2.28.0-6.1.mbs1.x86_64.rpm
 cecbc7bd9a8a76cce221b395a7af9b28  mbs1/x86_64/perl-graphviz-2.28.0-6.1.mbs1.x86_64.rpm
 5eb2b87e00dab8b5721181230cad121a  mbs1/x86_64/php-graphviz-2.28.0-6.1.mbs1.x86_64.rpm
 d23e5e65d6b13c3a1df438a85969bc40  mbs1/x86_64/python-graphviz-2.28.0-6.1.mbs1.x86_64.rpm
 e9c24b78474573fbf81978d310cae19f  mbs1/x86_64/ruby-graphviz-2.28.0-6.1.mbs1.x86_64.rpm
 9ad6503244d2d2b4714b1eed1701dbe0  mbs1/x86_64/swig-2.0.4-3.1.mbs1.x86_64.rpm
 08d95c34769002e720389c90acdf8266  mbs1/x86_64/swig-doc-2.0.4-3.1.mbs1.noarch.rpm
 0a1616edc56cdf37d172ccd7c4104171  mbs1/x86_64/tcl-graphviz-2.28.0-6.1.mbs1.x86_64.rpm 
 fe836234b265f655322cf3d3003e9c0a  mbs1/SRPMS/graphviz-2.28.0-6.1.mbs1.src.rpm
 41904d36e1861ad361d3f9903ad16265  mbs1/SRPMS/swig-2.0.4-3.1.mbs1.src.rpm

MES5 x86_64

 fc261681ba0e67ae9dd5ab13e3b5595d  mes5/x86_64/graphviz-2.20.2-3.2mdvmes5.2.x86_64.rpm
 3af864974719f5e7119d96246e7496e5  mes5/x86_64/graphviz-doc-2.20.2-3.2mdvmes5.2.x86_64.rpm
 b3f45e5ba5980d9eaba89d38ab552e87  mes5/x86_64/lib64graphviz4-2.20.2-3.2mdvmes5.2.x86_64.rpm
 a0a671a56a1215ce1429062f7362d763  mes5/x86_64/lib64graphviz-devel-2.20.2-3.2mdvmes5.2.x86_64.rpm
 b1beabec6196ab963f990d1f95d59415  mes5/x86_64/lib64graphvizlua0-2.20.2-3.2mdvmes5.2.x86_64.rpm
 fadbd28da4026a41d38e7e95b953867e  mes5/x86_64/lib64graphvizocaml0-2.20.2-3.2mdvmes5.2.x86_64.rpm
 45399effafea89c1255ac03004591005  mes5/x86_64/lib64graphvizperl0-2.20.2-3.2mdvmes5.2.x86_64.rpm
 97ebf63c09b7b6dacace0b14d5e03530  mes5/x86_64/lib64graphvizphp0-2.20.2-3.2mdvmes5.2.x86_64.rpm
 bb3a68ba425490db3d8dd5ef6e4938d7  mes5/x86_64/lib64graphvizpython0-2.20.2-3.2mdvmes5.2.x86_64.rpm
 6cc193e79ac549b18ddc2b90b2aac175  mes5/x86_64/lib64graphvizr0-2.20.2-3.2mdvmes5.2.x86_64.rpm
 d8fc40ea3f32a4cbea5df1b788b216a3  mes5/x86_64/lib64graphvizruby0-2.20.2-3.2mdvmes5.2.x86_64.rpm
 43c70bfc1265ab90359d7c2384e093d1  mes5/x86_64/lib64graphviz-static-devel-2.20.2-3.2mdvmes5.2.x86_64.rpm
 2f8a47d9bfacac7f54db914485f64b9b  mes5/x86_64/lib64graphviztcl0-2.20.2-3.2mdvmes5.2.x86_64.rpm 
 17ca784b83a219d225db1331ac69e9f1  mes5/SRPMS/graphviz-2.20.2-3.2mdvmes5.2.src.rpm

References