[gentoo-announce] [ GLSA 201702-06 ] Graphviz: Multiple vulnerabilities - gentoo-announce

From:	Thomas Deutschmann <whissi@g.o>
To:	gentoo-announce@l.g.o
Subject:	[gentoo-announce] [ GLSA 201702-06 ] Graphviz: Multiple vulnerabilities
Date:	Fri, 10 Feb 2017 23:22:16
Message-Id:	`a9af5d58-222b-6b6c-8557-f594d8d14d9f@gentoo.org`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 201702-06

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                           https://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

 Severity: Normal

8

    Title: Graphviz: Multiple vulnerabilities

9

     Date: February 10, 2017

10

     Bugs: #497274

11

       ID: 201702-06

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

Multiple vulnerabilities have been found in Graphviz and the extent of

19

these vulnerabilities are unspecified.

20

21

Background

22

==========

23

24

Graphviz is an open source graph visualization software.

25

26

Affected packages

27

=================

28

29

    -------------------------------------------------------------------

30

     Package              /     Vulnerable     /            Unaffected

31

    -------------------------------------------------------------------

32

  1  media-gfx/graphviz           < 2.36.0                  >= 2.36.0

33

34

Description

35

===========

36

37

Multiple vulnerabilities in Graphviz were discovered. Please review the

38

CVE identifiers referenced below for details.

39

40

Impact

41

======

42

43

A remote attacker, able to control input matched against a regular

44

expression or by enticing a user to process a specially crafted file,

45

could cause unspecified impacts.

46

47

Workaround

48

==========

49

50

There is no known workaround at this time.

51

52

Resolution

53

==========

54

55

All Graphviz users should upgrade to the latest version:

56

57

  # emerge --sync

58

  # emerge --ask --oneshot --verbose ">=media-gfx/graphviz-2.36.0"

59

60

References

61

==========

62

63

[ 1 ] CVE-2014-0978

64

      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0978

65

[ 2 ] CVE-2014-1235

66

      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1235

67

[ 3 ] CVE-2014-1236

68

      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1236

69

70

Availability

71

============

72

73

This GLSA and any updates to it are available for viewing at

74

the Gentoo Security Website:

75

76

 https://security.gentoo.org/glsa/201702-06

77

78

Concerns?

79

=========

80

81

Security is a primary focus of Gentoo Linux and ensuring the

82

confidentiality and security of our users' machines is of utmost

83

importance to us. Any security concerns should be addressed to

84

security@g.o or alternatively, you may file a bug at

85

https://bugs.gentoo.org.

86

87

License

88

=======

89

90

Copyright 2017 Gentoo Foundation, Inc; referenced text

91

belongs to its owner(s).

92

93

The contents of this document are licensed under the

94

Creative Commons - Attribution / Share Alike license.

95

96

http://creativecommons.org/licenses/by-sa/2.5

Gentoo Archives: gentoo-announce

Attachments

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 201702-06
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	https://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: Normal
8	Title: Graphviz: Multiple vulnerabilities
9	Date: February 10, 2017
10	Bugs: #497274
11	ID: 201702-06
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	Multiple vulnerabilities have been found in Graphviz and the extent of
19	these vulnerabilities are unspecified.
20
21	Background
22	==========
23
24	Graphviz is an open source graph visualization software.
25
26	Affected packages
27	=================
28
29	-------------------------------------------------------------------
30	Package / Vulnerable / Unaffected
31	-------------------------------------------------------------------
32	1 media-gfx/graphviz < 2.36.0 >= 2.36.0
33
34	Description
35	===========
36
37	Multiple vulnerabilities in Graphviz were discovered. Please review the
38	CVE identifiers referenced below for details.
39
40	Impact
41	======
42
43	A remote attacker, able to control input matched against a regular
44	expression or by enticing a user to process a specially crafted file,
45	could cause unspecified impacts.
46
47	Workaround
48	==========
49
50	There is no known workaround at this time.
51
52	Resolution
53	==========
54
55	All Graphviz users should upgrade to the latest version:
56
57	# emerge --sync
58	# emerge --ask --oneshot --verbose ">=media-gfx/graphviz-2.36.0"
59
60	References
61	==========
62
63	[ 1 ] CVE-2014-0978
64	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0978
65	[ 2 ] CVE-2014-1235
66	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1235
67	[ 3 ] CVE-2014-1236
68	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1236
69
70	Availability
71	============
72
73	This GLSA and any updates to it are available for viewing at
74	the Gentoo Security Website:
75
76	https://security.gentoo.org/glsa/201702-06
77
78	Concerns?
79	=========
80
81	Security is a primary focus of Gentoo Linux and ensuring the
82	confidentiality and security of our users' machines is of utmost
83	importance to us. Any security concerns should be addressed to
84	security@g.o or alternatively, you may file a bug at
85	https://bugs.gentoo.org.
86
87	License
88	=======
89
90	Copyright 2017 Gentoo Foundation, Inc; referenced text
91	belongs to its owner(s).
92
93	The contents of this document are licensed under the
94	Creative Commons - Attribution / Share Alike license.
95
96	http://creativecommons.org/licenses/by-sa/2.5