Описание
Security update for graphviz
This update for graphviz fixes the following issues:
- CVE-2020-18032: Fixed possible remote code execution via buffer overflow (bsc#1185833).
Список пакетов
openSUSE Leap 15.3
graphviz-2.40.1-6.9.1
graphviz-devel-2.40.1-6.9.1
graphviz-doc-2.40.1-6.9.1
graphviz-gd-2.40.1-6.9.1
graphviz-gnome-2.40.1-6.9.1
graphviz-guile-2.40.1-6.9.1
graphviz-gvedit-2.40.1-6.9.1
graphviz-java-2.40.1-6.9.1
graphviz-lua-2.40.1-6.9.1
graphviz-perl-2.40.1-6.9.1
graphviz-php-2.40.1-6.9.1
graphviz-plugins-core-2.40.1-6.9.1
graphviz-python-2.40.1-6.9.1
graphviz-ruby-2.40.1-6.9.1
graphviz-smyrna-2.40.1-6.9.1
graphviz-tcl-2.40.1-6.9.1
libgraphviz6-2.40.1-6.9.1
Ссылки
- E-Mail link for openSUSE-SU-2021:1651-1
- SUSE Security Ratings
- SUSE Bug 1185833
- SUSE CVE CVE-2020-18032 page
Описание
Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by loading a crafted file into the "lib/common/shapes.c" component.
Затронутые продукты
openSUSE Leap 15.3:graphviz-2.40.1-6.9.1
openSUSE Leap 15.3:graphviz-devel-2.40.1-6.9.1
openSUSE Leap 15.3:graphviz-doc-2.40.1-6.9.1
openSUSE Leap 15.3:graphviz-gd-2.40.1-6.9.1
Ссылки
- CVE-2020-18032
- SUSE Bug 1185833