Packages
- graphviz - rich set of graph drawing tools
Details
It was discovered that Graphviz incorrectly handled memory in the yyerror
function. If a user were tricked into opening a specially crafted dot file,
an attacker could cause Graphviz to crash, or possibly execute arbitrary
code. (CVE-2014-0978, CVE-2014-1235)
It was discovered that Graphviz incorrectly handled memory in the chkNum
function. If a user were tricked into opening a specially crafted dot file,
an attacker could cause Graphviz to crash, or possibly execute arbitrary
code. (CVE-2014-1236)
The default compiler options for affected releases should reduce the
vulnerability to a denial of service.
It was discovered that Graphviz incorrectly handled memory in the yyerror
function. If a user were tricked into opening a specially crafted dot file,
an attacker could cause Graphviz to crash, or possibly execute arbitrary
code. (CVE-2014-0978, CVE-2014-1235)
It was discovered that Graphviz incorrectly handled memory in the chkNum
function. If a user were tricked into opening a specially crafted dot file,
an attacker could cause Graphviz to crash, or possibly execute arbitrary
code. (CVE-2014-1236)
The default compiler options for affected releases should reduce the
vulnerability to a denial of service.
Update instructions
In general, a standard system update will make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 13.10 saucy | graphviz – 2.26.3-15ubuntu4.1 | ||
| 13.04 raring | graphviz – 2.26.3-14ubuntu1.1 | ||
| 12.10 quantal | graphviz – 2.26.3-12ubuntu1.1 | ||
| 12.04 precise | graphviz – 2.26.3-10ubuntu1.1 | ||
| 10.04 lucid | graphviz – 2.20.2-8ubuntu3.1 | ||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.