MDKSA-2005:188 - Updated graphviz packages fix temporary file vulnerability.
Posted on: 10/21/2005 08:12 AM

The Mandriva Security Team published a new security update: MDKSA-2005:188 - Updated graphviz packages fix temporary file vulnerability. for Mandriva Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: graphviz
Advisory ID: MDKSA-2005:188
Date: October 20th, 2005

Affected versions: 10.2, 2006.0
______________________________________________________________________

Problem Description:

Javier Fernández-Sanguino Peña discovered insecure temporary file
creation in graphviz, a rich set of graph drawing tools, that can be
exploited to overwrite arbitrary files by a local attacker.

The updated packages have been patched to address this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?nameÊN-2005-2965
______________________________________________________________________

Updated Packages:

Mandrivalinux 10.2:
9d0b8399200df96484fd7468a008b76b 10.2/RPMS/graphviz-2.2-3.1.102mdk.i586.rpm
619146bf760e72b75edfc4574fdc4e46 10.2/RPMS/libgraphviz7-2.2-3.1.102mdk.i586.rpm
a7be06004d84c8cd9c12e5116ebd4b7c 10.2/RPMS/libgraphviz7-devel-2.2-3.1.102mdk.i586.rpm
b84a713fefe4b4a9034fb83d0ce7317d 10.2/RPMS/libgraphviztcl7-2.2-3.1.102mdk.i586.rpm
68b886a29dc2d462f9f244bbac5579db 10.2/RPMS/libgraphviztcl7-devel-2.2-3.1.102mdk.i586.rpm
aeb17f5e10328aab9ad91bf0b8cad36e 10.2/SRPMS/graphviz-2.2-3.1.102mdk.src.rpm

Mandrivalinux 10.2/X86_64:
b9a03ec322f71cdf568cbf34921b2788 x86_64/10.2/RPMS/graphviz-2.2-3.1.102mdk.x86_64.rpm
247106d295206c27fefd346c055552cd x86_64/10.2/RPMS/lib64graphviz7-2.2-3.1.102mdk.x86_64.rpm
2c804f5c76a2644f3446c81acdac7aac x86_64/10.2/RPMS/lib64graphviz7-devel-2.2-3.1.102mdk.x86_64.rpm
9d9e27f634afaed1a66d581d578898e9 x86_64/10.2/RPMS/lib64graphviztcl7-2.2-3.1.102mdk.x86_64.rpm
a5eab811ca6f0dd579932e441452a130 x86_64/10.2/RPMS/lib64graphviztcl7-devel-2.2-3.1.102mdk.x86_64.rpm
aeb17f5e10328aab9ad91bf0b8cad36e x86_64/10.2/SRPMS/graphviz-2.2-3.1.102mdk.src.rpm

Mandrivalinux 2006.0:
caebfdb43cbd357c8abc549160613983 2006.0/RPMS/graphviz-2.2.1-3.1.20060mdk.i586.rpm
bf374b0bc329f4dc68b34b9fe3b5fd3e 2006.0/RPMS/libgraphviz7-2.2.1-3.1.20060mdk.i586.rpm
d7284cdc65c9f5339d14be05ae1b2136 2006.0/RPMS/libgraphviz7-devel-2.2.1-3.1.20060mdk.i586.rpm
926fa5fdcd6e919205ef50433ecf39a0 2006.0/RPMS/libgraphviztcl7-2.2.1-3.1.20060mdk.i586.rpm
1bd24268a3d2735b47c2492bb21f63bc 2006.0/RPMS/libgraphviztcl7-devel-2.2.1-3.1.20060mdk.i586.rpm
526f759a2f2ebbbbc29207c0b8e579ed 2006.0/SRPMS/graphviz-2.2.1-3.1.20060mdk.src.rpm

Mandrivalinux 2006.0/X86_64:
5a015d5e8932b6fa63a5b13eaf285d60 x86_64/2006.0/RPMS/graphviz-2.2.1-3.1.20060mdk.x86_64.rpm
3a8a76af72aaa2350f71250e9a3d8bb0 x86_64/2006.0/RPMS/lib64graphviz7-2.2.1-3.1.20060mdk.x86_64.rpm
73cae708e93dbdd454f8c944f3242f19 x86_64/2006.0/RPMS/lib64graphviz7-devel-2.2.1-3.1.20060mdk.x86_64.rpm
7f59d48923080c9f81af0041c2d5a8a4 x86_64/2006.0/RPMS/lib64graphviztcl7-2.2.1-3.1.20060mdk.x86_64.rpm
7e582a89f65b33bf55a28200cef0d51e x86_64/2006.0/RPMS/lib64graphviztcl7-devel-2.2.1-3.1.20060mdk.x86_64.rpm
526f759a2f2ebbbbc29207c0b8e579ed x86_64/2006.0/SRPMS/graphviz-2.2.1-3.1.20060mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
lt;security*mandriva.comgt;

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD4DBQFDWIjKmqjQ0CJFipgRAjCgAKDQM6cllVNyPXlVxTD7mgBbkW3giQCY75xo
697WJt3QgPdKwmfLQnIaew==
=mwcy
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/_mdksa_2005188__updated_graphviz_packages_fix_temporary_file_vulnerability.html)