First Last Prev Next    This bug is not in your last search results.
Bug 33868 - graphviz: Bufferoverflow (3.2)
graphviz: Bufferoverflow (3.2)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 3.0
Other Linux
: P3 normal (vote)
: UCS 3.2-2
Assigned To: Moritz Muehlenhoff
Philipp Hahn
:
Depends on: 33867
Blocks:
  Show dependency treegraph
 
Reported: 2014-01-08 09:06 CET by Moritz Muehlenhoff
Modified: 2014-05-20 07:53 CEST (History)
0 users

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Moritz Muehlenhoff univentionstaff 2014-01-08 09:06:05 CET 
+++ This bug was initially created as a clone of Bug #33867 +++

CVE-2014-0978

Buffer overflow triggerable by malformed file
Comment 1 Moritz Muehlenhoff univentionstaff 2014-01-09 15:19:00 CET 
Two additional buffer overflows: CVE-2014-1235 and CVE-2014-1236
Comment 2 Moritz Muehlenhoff univentionstaff 2014-05-02 13:08:22 CEST 
These issues were fixed with the update to Squeeze 6.0.9 (Bug 34588). The QA should ideally be made by the same person.


CVE-2014-1235 doesn't affect the graphviz version in UCS 3.2, this CVE ID is for an incomplete patch never applied.
Comment 3 Philipp Hahn univentionstaff 2014-05-06 20:18:14 CEST 
OK: aptitude install graphviz
OK: dotty dep.dot
OK: graphviz (2.26.3-5+squeeze2) squeeze-security; urgency=high
  * Add CVE-2014-0978.patch patch.
    CVE-2014-0978: Fix stack-based buffer overflow due to a boundary error
    in the "yyerror()" function. (Closes: #734745)
  * Add CVE-2014-1236.patch patch.
    CVE-2014-1236: buffer overflow from user input (the regexp in chkNum
    would accept arbitrary long digit list) (Closes: #734745)
Comment 4 Stefan Gohmann univentionstaff 2014-05-20 07:53:32 CEST 
UCS 3.2-2 has been released:
 http://docs.univention.de/release-notes-3.2-2-en.html
 http://docs.univention.de/release-notes-3.2-2-de.html

If this error occurs again, please use "Clone This Bug".
First Last Prev Next    This bug is not in your last search results.