Mandriva Linux Security Advisory : graphviz (MDVSA-2014:248)
high Nessus Plugin ID 79993
Language:
Synopsis
The remote Mandriva Linux host is missing one or more security updates.Description
Updated graphviz packages fix security vulnerability :Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vector, which are not properly handled in an error string (CVE-2014-9157).
Solution
Update the affected packages.See Also
Plugin Details
Severity: High
ID: 79993
File Name: mandriva_MDVSA-2014-248.nasl
Version: 1.5
Type: local
Family: Mandriva Local Security Checks
Published: 12/15/2014
Updated: 1/6/2021
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 6.5
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Temporal Vector: E:ND/RL:OF/RC:C
Vulnerability Information
CPE: p-cpe:/a:mandriva:linux:graphviz, p-cpe:/a:mandriva:linux:graphviz-doc, p-cpe:/a:mandriva:linux:java-graphviz, p-cpe:/a:mandriva:linux:lib64cdt5, p-cpe:/a:mandriva:linux:lib64cgraph6, p-cpe:/a:mandriva:linux:lib64graph5, p-cpe:/a:mandriva:linux:lib64graphviz-devel, p-cpe:/a:mandriva:linux:lib64graphviz-static-devel, p-cpe:/a:mandriva:linux:lib64gvc6, p-cpe:/a:mandriva:linux:lib64gvpr2, p-cpe:/a:mandriva:linux:lib64pathplan4, p-cpe:/a:mandriva:linux:lib64xdot4, p-cpe:/a:mandriva:linux:lua-graphviz, p-cpe:/a:mandriva:linux:ocaml-graphviz, p-cpe:/a:mandriva:linux:perl-graphviz, p-cpe:/a:mandriva:linux:php-graphviz, p-cpe:/a:mandriva:linux:python-graphviz, p-cpe:/a:mandriva:linux:ruby-graphviz, p-cpe:/a:mandriva:linux:tcl-graphviz, cpe:/o:mandriva:business_server:1
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list
Exploit Ease: No known exploits are available
Patch Publication Date: 12/14/2014
Reference Information
CVE: CVE-2014-9157
BID: 71283
MDVSA: 2014:248