Описание
Security update for graphviz
This update for graphviz fixes the following issues:
- CVE-2018-10196: Fixed a null dereference in rebuild_vlis (bsc#1093447).
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.1
graphviz-2.40.1-lp151.6.6.1
graphviz-devel-2.40.1-lp151.6.6.1
graphviz-doc-2.40.1-lp151.6.6.1
graphviz-gd-2.40.1-lp151.6.6.1
graphviz-gnome-2.40.1-lp151.6.6.1
graphviz-guile-2.40.1-lp151.6.6.1
graphviz-gvedit-2.40.1-lp151.6.6.1
graphviz-java-2.40.1-lp151.6.6.1
graphviz-lua-2.40.1-lp151.6.6.1
graphviz-perl-2.40.1-lp151.6.6.1
graphviz-php-2.40.1-lp151.6.6.1
graphviz-plugins-core-2.40.1-lp151.6.6.1
graphviz-python-2.40.1-lp151.6.6.1
graphviz-ruby-2.40.1-lp151.6.6.1
graphviz-smyrna-2.40.1-lp151.6.6.1
graphviz-tcl-2.40.1-lp151.6.6.1
libgraphviz6-2.40.1-lp151.6.6.1
Ссылки
- E-Mail link for openSUSE-SU-2020:1294-1
- SUSE Security Ratings
- SUSE Bug 1093447
- SUSE CVE CVE-2018-10196 page
Описание
NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service (application crash) via a crafted file.
Затронутые продукты
openSUSE Leap 15.1:graphviz-2.40.1-lp151.6.6.1
openSUSE Leap 15.1:graphviz-devel-2.40.1-lp151.6.6.1
openSUSE Leap 15.1:graphviz-doc-2.40.1-lp151.6.6.1
openSUSE Leap 15.1:graphviz-gd-2.40.1-lp151.6.6.1
Ссылки
- CVE-2018-10196
- SUSE Bug 1093447