Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

MDKSA-2005:188 - Updated graphviz packages fix temporary file vulnerability.
From: Mandriva Security Team <security () mandriva com>
Date: Fri, 21 Oct 2005 00:20:59 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           graphviz
 Advisory ID:            MDKSA-2005:188
 Date:                   October 20th, 2005

 Affected versions:      10.2, 2006.0
 ______________________________________________________________________

 Problem Description:

 Javier Fernández-Sanguino Peña discovered insecure temporary file 
 creation in graphviz, a rich set of graph drawing tools, that can be 
 exploited to overwrite arbitrary files by a local attacker.
 
 The updated packages have been patched to address this issue.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2965
 ______________________________________________________________________

 Updated Packages:
  
 Mandrivalinux 10.2:
 9d0b8399200df96484fd7468a008b76b  10.2/RPMS/graphviz-2.2-3.1.102mdk.i586.rpm
 619146bf760e72b75edfc4574fdc4e46  10.2/RPMS/libgraphviz7-2.2-3.1.102mdk.i586.rpm
 a7be06004d84c8cd9c12e5116ebd4b7c  10.2/RPMS/libgraphviz7-devel-2.2-3.1.102mdk.i586.rpm
 b84a713fefe4b4a9034fb83d0ce7317d  10.2/RPMS/libgraphviztcl7-2.2-3.1.102mdk.i586.rpm
 68b886a29dc2d462f9f244bbac5579db  10.2/RPMS/libgraphviztcl7-devel-2.2-3.1.102mdk.i586.rpm
 aeb17f5e10328aab9ad91bf0b8cad36e  10.2/SRPMS/graphviz-2.2-3.1.102mdk.src.rpm

 Mandrivalinux 10.2/X86_64:
 b9a03ec322f71cdf568cbf34921b2788  x86_64/10.2/RPMS/graphviz-2.2-3.1.102mdk.x86_64.rpm
 247106d295206c27fefd346c055552cd  x86_64/10.2/RPMS/lib64graphviz7-2.2-3.1.102mdk.x86_64.rpm
 2c804f5c76a2644f3446c81acdac7aac  x86_64/10.2/RPMS/lib64graphviz7-devel-2.2-3.1.102mdk.x86_64.rpm
 9d9e27f634afaed1a66d581d578898e9  x86_64/10.2/RPMS/lib64graphviztcl7-2.2-3.1.102mdk.x86_64.rpm
 a5eab811ca6f0dd579932e441452a130  x86_64/10.2/RPMS/lib64graphviztcl7-devel-2.2-3.1.102mdk.x86_64.rpm
 aeb17f5e10328aab9ad91bf0b8cad36e  x86_64/10.2/SRPMS/graphviz-2.2-3.1.102mdk.src.rpm

 Mandrivalinux 2006.0:
 caebfdb43cbd357c8abc549160613983  2006.0/RPMS/graphviz-2.2.1-3.1.20060mdk.i586.rpm
 bf374b0bc329f4dc68b34b9fe3b5fd3e  2006.0/RPMS/libgraphviz7-2.2.1-3.1.20060mdk.i586.rpm
 d7284cdc65c9f5339d14be05ae1b2136  2006.0/RPMS/libgraphviz7-devel-2.2.1-3.1.20060mdk.i586.rpm
 926fa5fdcd6e919205ef50433ecf39a0  2006.0/RPMS/libgraphviztcl7-2.2.1-3.1.20060mdk.i586.rpm
 1bd24268a3d2735b47c2492bb21f63bc  2006.0/RPMS/libgraphviztcl7-devel-2.2.1-3.1.20060mdk.i586.rpm
 526f759a2f2ebbbbc29207c0b8e579ed  2006.0/SRPMS/graphviz-2.2.1-3.1.20060mdk.src.rpm

 Mandrivalinux 2006.0/X86_64:
 5a015d5e8932b6fa63a5b13eaf285d60  x86_64/2006.0/RPMS/graphviz-2.2.1-3.1.20060mdk.x86_64.rpm
 3a8a76af72aaa2350f71250e9a3d8bb0  x86_64/2006.0/RPMS/lib64graphviz7-2.2.1-3.1.20060mdk.x86_64.rpm
 73cae708e93dbdd454f8c944f3242f19  x86_64/2006.0/RPMS/lib64graphviz7-devel-2.2.1-3.1.20060mdk.x86_64.rpm
 7f59d48923080c9f81af0041c2d5a8a4  x86_64/2006.0/RPMS/lib64graphviztcl7-2.2.1-3.1.20060mdk.x86_64.rpm
 7e582a89f65b33bf55a28200cef0d51e  x86_64/2006.0/RPMS/lib64graphviztcl7-devel-2.2.1-3.1.20060mdk.x86_64.rpm
 526f759a2f2ebbbbc29207c0b8e579ed  x86_64/2006.0/SRPMS/graphviz-2.2.1-3.1.20060mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD4DBQFDWIjKmqjQ0CJFipgRAjCgAKDQM6cllVNyPXlVxTD7mgBbkW3giQCY75xo
697WJt3QgPdKwmfLQnIaew==
=mwcy
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • MDKSA-2005:188 - Updated graphviz packages fix temporary file vulnerability. Mandriva Security Team (Oct 21)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]