[ MDVSA-2014:248 ] graphviz

Mandriva Linux Security Advisory                         MDVSA-2014:248
 http://www.mandriva.com/en/support/security/
 ____________________________________________________________
___________

 Package : graphviz
 Date    : December 14, 2014
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated graphviz packages fix security vulnerability:

 Format string vulnerability in the yyerror function in
 lib/cgraph/scan.l in Graphviz allows remote attackers to have
 unspecified impact via format string specifiers in unknown vector,
 which are not properly handled in an error string (CVE-2014-9157).
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9157
 http://advisories.mageia.org/MGASA-2014-0520.html

 _______________________________________________________________________

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 3914f2ea0cc964221c07b6b27246fad0  mbs1/x86_64/graphviz-2.28.0-6.2.mbs1.x86_64.rpm
 5853ee99ae3bd2ae77a39ee5fc2b3aec  mbs1/x86_64/graphviz-doc-2.28.0-6.2.mbs1.noarch.rpm
 3e546dc38c33ea1fc6fb88cfdda74421  mbs1/x86_64/java-graphviz-2.28.0-6.2.mbs1.x86_64.rpm
 865e9476539dd9aaf8d6dfc9ee21458a  mbs1/x86_64/lib64cdt5-2.28.0-6.2.mbs1.x86_64.rpm
 b0c036687d1ce1e5e097a04811fe86b1  mbs1/x86_64/lib64cgraph6-2.28.0-6.2.mbs1.x86_64.rpm
 a206f4a2af9a68e39e0fd878b0cd15d0  mbs1/x86_64/lib64graph5-2.28.0-6.2.mbs1.x86_64.rpm
 63f512422c8364f59b21b6b3f8699a06  mbs1/x86_64/lib64graphviz-devel-2.28.0-6.2.mbs1.x86_64.rpm
 99d0ef333690abdb5b315c1a08bd9859  mbs1/x86_64/lib64graphviz-static-devel-2.28.0-6.2.mbs1.x86_64.rpm
 ae0e7e1a9553301f5ca95823e94c33f8  mbs1/x86_64/lib64gvc6-2.28.0-6.2.mbs1.x86_64.rpm
 8a7b1e6cf323707b4c33c1658c1a29de  mbs1/x86_64/lib64gvpr2-2.28.0-6.2.mbs1.x86_64.rpm
 696ba1406e68c5b3de15749e4f0e782b  mbs1/x86_64/lib64pathplan4-2.28.0-6.2.mbs1.x86_64.rpm
 c68073de72515035ac978922ec8fa873  mbs1/x86_64/lib64xdot4-2.28.0-6.2.mbs1.x86_64.rpm
 27338fd7e937793c97fb02fdd76828fc  mbs1/x86_64/lua-graphviz-2.28.0-6.2.mbs1.x86_64.rpm
 265496551e62b78ffc7bb762b75c3ea2  mbs1/x86_64/ocaml-graphviz-2.28.0-6.2.mbs1.x86_64.rpm
 3c76c71d55bae5c89fde5e8cdd5871ae  mbs1/x86_64/perl-graphviz-2.28.0-6.2.mbs1.x86_64.rpm
 ad084e55bdfa51c4ad3e83853fa155e6  mbs1/x86_64/php-graphviz-2.28.0-6.2.mbs1.x86_64.rpm
 27dee6a16934bcf15f78d20ebaa93607  mbs1/x86_64/python-graphviz-2.28.0-6.2.mbs1.x86_64.rpm
 ae7e2f8ba356f47776705930554a96ba  mbs1/x86_64/ruby-graphviz-2.28.0-6.2.mbs1.x86_64.rpm
 f0a96b284ef58704ce38ea485f2efae7  mbs1/x86_64/tcl-graphviz-2.28.0-6.2.mbs1.x86_64.rpm
 34624e4bc4febcf4a08933e1a29a097c  mbs1/SRPMS/graphviz-2.28.0-6.2.mbs1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com