Detections
Analytics

Mandriva Linux Security Advisory : graphviz (MDVSA-2015:187)

high Nessus Plugin ID 82558

Language:

Synopsis

The remote Mandriva Linux host is missing one or more security updates.

Description

Updated graphviz packages fix security vulnerability :

Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vector, which are not properly handled in an error string (CVE-2014-9157).

Additionally the gtkglarea2 and gtkglext packages were missing and was required for graphviz to build, these packages are also being provided with this advisory.

Solution

Update the affected packages.

See Also

http://advisories.mageia.org/MGASA-2014-0520.html

Plugin Details

Severity: High

ID: 82558

File Name: mandriva_MDVSA-2015-187.nasl

Version: 1.4

Type: local

Published: 4/3/2015

Updated: 1/14/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:ocaml-graphviz, p-cpe:/a:mandriva:linux:ruby-graphviz, p-cpe:/a:mandriva:linux:lib64gtkgl2.0_1, p-cpe:/a:mandriva:linux:java-graphviz, p-cpe:/a:mandriva:linux:graphviz, p-cpe:/a:mandriva:linux:perl-graphviz, p-cpe:/a:mandriva:linux:lib64pathplan4, p-cpe:/a:mandriva:linux:lib64gtkgl-devel, p-cpe:/a:mandriva:linux:lib64graphviz-devel, p-cpe:/a:mandriva:linux:lib64xdot4, p-cpe:/a:mandriva:linux:lua-graphviz, p-cpe:/a:mandriva:linux:lib64gtkglext-devel, p-cpe:/a:mandriva:linux:php-graphviz, cpe:/o:mandriva:business_server:2, p-cpe:/a:mandriva:linux:tcl-graphviz, p-cpe:/a:mandriva:linux:lib64cdt5, p-cpe:/a:mandriva:linux:python-graphviz, p-cpe:/a:mandriva:linux:lib64gtkglext-1.0_0, p-cpe:/a:mandriva:linux:lib64gvc6, p-cpe:/a:mandriva:linux:lib64gvpr2, p-cpe:/a:mandriva:linux:lib64cgraph6

Required KB Items: Host/Mandrake/rpm-list, Host/local_checks_enabled, Host/cpu, Host/Mandrake/release

Patch Publication Date: 4/1/2015

Reference Information

CVE: CVE-2014-9157

MDVSA: 2015:187