Mandrake Local Security Checks : Mandriva Security Advisory MDVSA-2009:254-1 (graphviz)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.66419

Kategorie: Mandrake Local Security Checks

Titel: Mandriva Security Advisory MDVSA-2009:254-1 (graphviz)

Zusammenfassung: The remote host is missing an update to graphviz;announced via advisory MDVSA-2009:254-1.

Beschreibung: Summary:
The remote host is missing an update to graphviz
announced via advisory MDVSA-2009:254-1.

Vulnerability Insight:
A vulnerability was discovered and corrected in graphviz:

Stack-based buffer overflow in the push_subg function in parser.y
(lib/graph/parser.c) in Graphviz 2.20.2, and possibly earlier versions,
allows user-assisted remote attackers to cause a denial of service
(memory corruption) or execute arbitrary code via a DOT file with a
large number of Agraph_t elements (CVE-2008-4555).

This update provides a fix for this vulnerability.

Update:

Packages for 2008.0 are being provided due to extended support for
Corporate products.

Affected: 2008.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

CVSS Score:
8.5

CVSS Vector:
AV:N/AC:M/Au:S/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2008-4555
BugTraq ID: 31648
http://www.securityfocus.com/bid/31648
Bugtraq: 20081008 Advisory: Graphviz Buffer Overflow Code Execution (Google Search)
http://www.securityfocus.com/archive/1/497150/100/0/threaded
http://security.gentoo.org/glsa/glsa-200811-04.xml
http://roeehay.blogspot.com/2008/10/graphviz-buffer-overflow-code-execution.html
http://secunia.com/advisories/32186
http://secunia.com/advisories/32656
http://securityreason.com/securityalert/4409
SuSE Security Announcement: SUSE-SR:2008:023 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00012.html
XForce ISS Database: graphviz-pushsubg-bo(45765)
https://exchange.xforce.ibmcloud.com/vulnerabilities/45765

Copyright Copyright (C) 2009 E-Soft Inc.

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.66419
Kategorie:	Mandrake Local Security Checks
Titel:	Mandriva Security Advisory MDVSA-2009:254-1 (graphviz)
Zusammenfassung:	The remote host is missing an update to graphviz;announced via advisory MDVSA-2009:254-1.
Beschreibung:	Summary: The remote host is missing an update to graphviz announced via advisory MDVSA-2009:254-1. Vulnerability Insight: A vulnerability was discovered and corrected in graphviz: Stack-based buffer overflow in the push_subg function in parser.y (lib/graph/parser.c) in Graphviz 2.20.2, and possibly earlier versions, allows user-assisted remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a DOT file with a large number of Agraph_t elements (CVE-2008-4555). This update provides a fix for this vulnerability. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. Affected: 2008.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. CVSS Score: 8.5 CVSS Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2008-4555 BugTraq ID: 31648 http://www.securityfocus.com/bid/31648 Bugtraq: 20081008 Advisory: Graphviz Buffer Overflow Code Execution (Google Search) http://www.securityfocus.com/archive/1/497150/100/0/threaded http://security.gentoo.org/glsa/glsa-200811-04.xml http://roeehay.blogspot.com/2008/10/graphviz-buffer-overflow-code-execution.html http://secunia.com/advisories/32186 http://secunia.com/advisories/32656 http://securityreason.com/securityalert/4409 SuSE Security Announcement: SUSE-SR:2008:023 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00012.html XForce ISS Database: graphviz-pushsubg-bo(45765) https://exchange.xforce.ibmcloud.com/vulnerabilities/45765
Copyright	Copyright (C) 2009 E-Soft Inc.