Описание
Security update for graphviz
This update for graphviz fixes the following issues:
Security issue fixed:
- CVE-2019-11023: Fixed a denial of service vulnerability, which was caused by a NULL pointer dereference in agroot() (bsc#1132091).
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.2
graphviz-2.40.1-lp152.7.2.1
graphviz-devel-2.40.1-lp152.7.2.1
graphviz-doc-2.40.1-lp152.7.3.1
graphviz-gd-2.40.1-lp152.7.3.1
graphviz-gnome-2.40.1-lp152.7.3.1
graphviz-guile-2.40.1-lp152.7.3.1
graphviz-gvedit-2.40.1-lp152.7.3.1
graphviz-java-2.40.1-lp152.7.3.1
graphviz-lua-2.40.1-lp152.7.3.1
graphviz-perl-2.40.1-lp152.7.3.1
graphviz-php-2.40.1-lp152.7.3.1
graphviz-plugins-core-2.40.1-lp152.7.2.1
graphviz-python-2.40.1-lp152.7.3.1
graphviz-ruby-2.40.1-lp152.7.3.1
graphviz-smyrna-2.40.1-lp152.7.3.1
graphviz-tcl-2.40.1-lp152.7.3.1
libgraphviz6-2.40.1-lp152.7.2.1
Ссылки
- E-Mail link for openSUSE-SU-2020:0876-1
- SUSE Security Ratings
- SUSE Bug 1132091
- SUSE CVE CVE-2019-11023 page
Описание
The agroot() function in cgraph\obj.c in libcgraph.a in Graphviz 2.39.20160612.1140 has a NULL pointer dereference, as demonstrated by graphml2gv.
Затронутые продукты
openSUSE Leap 15.2:graphviz-2.40.1-lp152.7.2.1
openSUSE Leap 15.2:graphviz-devel-2.40.1-lp152.7.2.1
openSUSE Leap 15.2:graphviz-doc-2.40.1-lp152.7.3.1
openSUSE Leap 15.2:graphviz-gd-2.40.1-lp152.7.3.1
Ссылки
- CVE-2019-11023
- SUSE Bug 1132091