Scientific Linux Security Update : graphviz on SL5.x i386/x86_64

High Nessus Plugin ID 60694


The remote Scientific Linux host is missing one or more security updates.


Stack-based buffer overflow in the push_subg function in parser.y (lib/graph/parser.c) in Graphviz 2.20.2, and possibly earlier versions, allows user-assisted remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a DOT file with a large number of Agraph_t elements. (CVE-2008-4555)

Note: graphviz-ocaml is no longer supported in the SL version of graphiviz. This is because ocaml was never included. If you do have graphviz-ocaml installed, you will have to remove it before doing this update.

Note: This update is already in SL 5.4


Update the affected packages.

See Also

Plugin Details

Severity: High

ID: 60694

File Name: sl_20091111_graphviz_on_SL5_x.nasl

Version: $Revision: 1.1 $

Type: local

Agent: unix

Published: 2012/08/01

Modified: 2012/08/01

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 8.5

Vector: CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C

Vulnerability Information

CPE: x-cpe:/o:fermilab:scientific_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/RedHat/release, Host/RedHat/rpm-list

Reference Information

CVE: CVE-2008-4555

CWE: 119