Mageia Bugzilla – Bug 12239
graphviz new security issue CVE-2014-0978 and CVE-2014-123
Last modified: 2014-01-24 22:11:17 CET
Fedora has fixed a security issue, an overflow with yyerror in graphviz:
This issue has been assigned CVE-2014-0978:
I have added the patch in Mageia 3 and Cauldron SVN and requested a freeze push.
Steps to Reproduce:
There are a couple of additional issues that have been fixed upstream and assigned CVE. I don't have a patch for those yet:
graphviz-2.34.0-5.mga4 uploaded for Cauldron.
CVE-2014-0978 is fixed in Cauldron, but apparently that fix actually introduces the CVE-2014-1235 vulnerability (so that one doesn't affect Mageia 3). CVE-2014-1236 still needs patched in both.
Updated patch for CVE-2014-0978 which closes CVE-2014-1235 and additional patch which fixes CVE-2014-1236 added to SVN for Mageia 3 and Cauldron. Freeze push requested for Cauldron.
Patched packages uploaded for Mageia 3 and Cauldron.
Updated graphviz packages fix security vulnerabilities:
Multiple buffer overflow vulnerabilities in graphviz due to an error within
the "yyerror()" function (lib/cgraph/scan.l) which can be exploited to cause
a stack-based buffer overflow via a specially crafted file (CVE-2014-0978)
and the acceptance of an arbitrarily long digit list by a regular expression
matched against user input (CVE-2014-1236).
Updated packages in core/updates_testing:
Debian has issued an advisory for this on January 13:
Should be able to test this with vimdot and some sample dot code from graphviz website.
vimdot run from the terminal will open vim in the terminal and an X window to display the graphic. When the dot code is updated in vim and saved (:w) it updates the graphic. The graphic can be scaled and dragged with the mouse scroll wheel.
Test using various gv files from the graphviz gallery
Follow link to image, click on image, copy code, in vim press escape and use 'dd' to delete lines and remove the sample code, press i to enter insert mode, paste in the copied code, press escape then :w to save it. The graphic should update to match the image in the gallery. Use escape :q to quit vim.
I had to remove noname.gv which is the default file it creates between tests, or use an alternative filename.
Testing complete mga3 64
Testing complete mga3 32
Advisory uploaded. Validating.
Could sysadmin please push from 3 core/updates_testing to updates