Mandriva Linux Security Advisory : graphviz (MDVSA-2015:187)
High Nessus Plugin ID 82558
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionUpdated graphviz packages fix security vulnerability :
Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vector, which are not properly handled in an error string (CVE-2014-9157).
Additionally the gtkglarea2 and gtkglext packages were missing and was required for graphviz to build, these packages are also being provided with this advisory.
SolutionUpdate the affected packages.