Amazon Linux AMI : graphviz (ALAS-2014-296)
Critical Nessus Plugin ID 72944
SynopsisThe remote Amazon Linux AMI host is missing a security update.
DescriptionStack-based buffer overflow in the chkNum function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via vectors related to a 'badly formed number' and a 'long digit list.'
Stack-based buffer overflow in the yyerror function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via a long line in a dot file.
Graphviz was recently reported to be affected by a buffer overflow vulnerability, which seem to have introduced in the fix for CVE-2014-0978 .
SolutionRun 'yum update graphviz' to update your system.