Mandriva Linux Security Advisory : graphviz (MDVSA-2014:024)
Critical Nessus Plugin ID 72136
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionUpdated graphviz packages fix security vulnerabilities :
Multiple buffer overflow vulnerabilities in graphviz due to an error within the yyerror() function (lib/cgraph/scan.l) which can be exploited to cause a stack-based buffer overflow via a specially crafted file (CVE-2014-0978) and the acceptance of an arbitrarily long digit list by a regular expression matched against user input (CVE-2014-1236).
A build problem was discovered and fixed in swig while building graphviz for Business Server 1, related to the new php-5.5.x version as of the MDVSA-2014:014 advisory. Fixed swig packages is being provided with this advisory as well.
SolutionUpdate the affected packages.