Security update for graphviz SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2019:1459-1 Final 1 1 2019-05-28T05:06:52Z current 2019-05-28T05:06:52Z 2019-05-28T05:06:52Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for graphviz This update for graphviz fixes the following issues: Security issue fixed: - CVE-2019-11023: Fixed a denial of service vulnerability, which was caused by a NULL pointer dereference in agroot() (bsc#1132091). This update was imported from the SUSE:SLE-15:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2019-1459 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2019-05/msg00065.html E-Mail link for openSUSE-SU-2019:1459-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1132091 SUSE Bug 1132091 https://www.suse.com/security/cve/CVE-2019-11023/ SUSE CVE CVE-2019-11023 page openSUSE Leap 15.0 graphviz-2.40.1-lp150.5.3.1 graphviz-devel-2.40.1-lp150.5.3.1 graphviz-doc-2.40.1-lp150.5.3.1 graphviz-gd-2.40.1-lp150.5.3.1 graphviz-gnome-2.40.1-lp150.5.3.1 graphviz-guile-2.40.1-lp150.5.3.1 graphviz-gvedit-2.40.1-lp150.5.3.1 graphviz-java-2.40.1-lp150.5.3.1 graphviz-lua-2.40.1-lp150.5.3.1 graphviz-perl-2.40.1-lp150.5.3.1 graphviz-php-2.40.1-lp150.5.3.1 graphviz-plugins-core-2.40.1-lp150.5.3.1 graphviz-python-2.40.1-lp150.5.3.1 graphviz-ruby-2.40.1-lp150.5.3.1 graphviz-smyrna-2.40.1-lp150.5.3.1 graphviz-tcl-2.40.1-lp150.5.3.1 libgraphviz6-2.40.1-lp150.5.3.1 graphviz-2.40.1-lp150.5.3.1 as a component of openSUSE Leap 15.0 graphviz-devel-2.40.1-lp150.5.3.1 as a component of openSUSE Leap 15.0 graphviz-doc-2.40.1-lp150.5.3.1 as a component of openSUSE Leap 15.0 graphviz-gd-2.40.1-lp150.5.3.1 as a component of openSUSE Leap 15.0 graphviz-gnome-2.40.1-lp150.5.3.1 as a component of openSUSE Leap 15.0 graphviz-guile-2.40.1-lp150.5.3.1 as a component of openSUSE Leap 15.0 graphviz-gvedit-2.40.1-lp150.5.3.1 as a component of openSUSE Leap 15.0 graphviz-java-2.40.1-lp150.5.3.1 as a component of openSUSE Leap 15.0 graphviz-lua-2.40.1-lp150.5.3.1 as a component of openSUSE Leap 15.0 graphviz-perl-2.40.1-lp150.5.3.1 as a component of openSUSE Leap 15.0 graphviz-php-2.40.1-lp150.5.3.1 as a component of openSUSE Leap 15.0 graphviz-plugins-core-2.40.1-lp150.5.3.1 as a component of openSUSE Leap 15.0 graphviz-python-2.40.1-lp150.5.3.1 as a component of openSUSE Leap 15.0 graphviz-ruby-2.40.1-lp150.5.3.1 as a component of openSUSE Leap 15.0 graphviz-smyrna-2.40.1-lp150.5.3.1 as a component of openSUSE Leap 15.0 graphviz-tcl-2.40.1-lp150.5.3.1 as a component of openSUSE Leap 15.0 libgraphviz6-2.40.1-lp150.5.3.1 as a component of openSUSE Leap 15.0 The agroot() function in cgraph\obj.c in libcgraph.a in Graphviz 2.39.20160612.1140 has a NULL pointer dereference, as demonstrated by graphml2gv. CVE-2019-11023 openSUSE Leap 15.0:graphviz-2.40.1-lp150.5.3.1 openSUSE Leap 15.0:graphviz-devel-2.40.1-lp150.5.3.1 openSUSE Leap 15.0:graphviz-doc-2.40.1-lp150.5.3.1 openSUSE Leap 15.0:graphviz-gd-2.40.1-lp150.5.3.1 openSUSE Leap 15.0:graphviz-gnome-2.40.1-lp150.5.3.1 openSUSE Leap 15.0:graphviz-guile-2.40.1-lp150.5.3.1 openSUSE Leap 15.0:graphviz-gvedit-2.40.1-lp150.5.3.1 openSUSE Leap 15.0:graphviz-java-2.40.1-lp150.5.3.1 openSUSE Leap 15.0:graphviz-lua-2.40.1-lp150.5.3.1 openSUSE Leap 15.0:graphviz-perl-2.40.1-lp150.5.3.1 openSUSE Leap 15.0:graphviz-php-2.40.1-lp150.5.3.1 openSUSE Leap 15.0:graphviz-plugins-core-2.40.1-lp150.5.3.1 openSUSE Leap 15.0:graphviz-python-2.40.1-lp150.5.3.1 openSUSE Leap 15.0:graphviz-ruby-2.40.1-lp150.5.3.1 openSUSE Leap 15.0:graphviz-smyrna-2.40.1-lp150.5.3.1 openSUSE Leap 15.0:graphviz-tcl-2.40.1-lp150.5.3.1 openSUSE Leap 15.0:libgraphviz6-2.40.1-lp150.5.3.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-05/msg00065.html https://www.suse.com/security/cve/CVE-2019-11023.html CVE-2019-11023 https://bugzilla.suse.com/1132091 SUSE Bug 1132091