Security update for graphviz SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2020:1294-1 Final 1 1 2020-08-30T04:23:20Z current 2020-08-30T04:23:20Z 2020-08-30T04:23:20Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for graphviz This update for graphviz fixes the following issues: - CVE-2018-10196: Fixed a null dereference in rebuild_vlis (bsc#1093447). This update was imported from the SUSE:SLE-15:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2020-1294 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2020-08/msg00070.html E-Mail link for openSUSE-SU-2020:1294-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1093447 SUSE Bug 1093447 https://www.suse.com/security/cve/CVE-2018-10196/ SUSE CVE CVE-2018-10196 page openSUSE Leap 15.1 graphviz-2.40.1-lp151.6.6.1 graphviz-devel-2.40.1-lp151.6.6.1 graphviz-doc-2.40.1-lp151.6.6.1 graphviz-gd-2.40.1-lp151.6.6.1 graphviz-gnome-2.40.1-lp151.6.6.1 graphviz-guile-2.40.1-lp151.6.6.1 graphviz-gvedit-2.40.1-lp151.6.6.1 graphviz-java-2.40.1-lp151.6.6.1 graphviz-lua-2.40.1-lp151.6.6.1 graphviz-perl-2.40.1-lp151.6.6.1 graphviz-php-2.40.1-lp151.6.6.1 graphviz-plugins-core-2.40.1-lp151.6.6.1 graphviz-python-2.40.1-lp151.6.6.1 graphviz-ruby-2.40.1-lp151.6.6.1 graphviz-smyrna-2.40.1-lp151.6.6.1 graphviz-tcl-2.40.1-lp151.6.6.1 libgraphviz6-2.40.1-lp151.6.6.1 graphviz-2.40.1-lp151.6.6.1 as a component of openSUSE Leap 15.1 graphviz-devel-2.40.1-lp151.6.6.1 as a component of openSUSE Leap 15.1 graphviz-doc-2.40.1-lp151.6.6.1 as a component of openSUSE Leap 15.1 graphviz-gd-2.40.1-lp151.6.6.1 as a component of openSUSE Leap 15.1 graphviz-gnome-2.40.1-lp151.6.6.1 as a component of openSUSE Leap 15.1 graphviz-guile-2.40.1-lp151.6.6.1 as a component of openSUSE Leap 15.1 graphviz-gvedit-2.40.1-lp151.6.6.1 as a component of openSUSE Leap 15.1 graphviz-java-2.40.1-lp151.6.6.1 as a component of openSUSE Leap 15.1 graphviz-lua-2.40.1-lp151.6.6.1 as a component of openSUSE Leap 15.1 graphviz-perl-2.40.1-lp151.6.6.1 as a component of openSUSE Leap 15.1 graphviz-php-2.40.1-lp151.6.6.1 as a component of openSUSE Leap 15.1 graphviz-plugins-core-2.40.1-lp151.6.6.1 as a component of openSUSE Leap 15.1 graphviz-python-2.40.1-lp151.6.6.1 as a component of openSUSE Leap 15.1 graphviz-ruby-2.40.1-lp151.6.6.1 as a component of openSUSE Leap 15.1 graphviz-smyrna-2.40.1-lp151.6.6.1 as a component of openSUSE Leap 15.1 graphviz-tcl-2.40.1-lp151.6.6.1 as a component of openSUSE Leap 15.1 libgraphviz6-2.40.1-lp151.6.6.1 as a component of openSUSE Leap 15.1 NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service (application crash) via a crafted file. CVE-2018-10196 openSUSE Leap 15.1:graphviz-2.40.1-lp151.6.6.1 openSUSE Leap 15.1:graphviz-devel-2.40.1-lp151.6.6.1 openSUSE Leap 15.1:graphviz-doc-2.40.1-lp151.6.6.1 openSUSE Leap 15.1:graphviz-gd-2.40.1-lp151.6.6.1 openSUSE Leap 15.1:graphviz-gnome-2.40.1-lp151.6.6.1 openSUSE Leap 15.1:graphviz-guile-2.40.1-lp151.6.6.1 openSUSE Leap 15.1:graphviz-gvedit-2.40.1-lp151.6.6.1 openSUSE Leap 15.1:graphviz-java-2.40.1-lp151.6.6.1 openSUSE Leap 15.1:graphviz-lua-2.40.1-lp151.6.6.1 openSUSE Leap 15.1:graphviz-perl-2.40.1-lp151.6.6.1 openSUSE Leap 15.1:graphviz-php-2.40.1-lp151.6.6.1 openSUSE Leap 15.1:graphviz-plugins-core-2.40.1-lp151.6.6.1 openSUSE Leap 15.1:graphviz-python-2.40.1-lp151.6.6.1 openSUSE Leap 15.1:graphviz-ruby-2.40.1-lp151.6.6.1 openSUSE Leap 15.1:graphviz-smyrna-2.40.1-lp151.6.6.1 openSUSE Leap 15.1:graphviz-tcl-2.40.1-lp151.6.6.1 openSUSE Leap 15.1:libgraphviz6-2.40.1-lp151.6.6.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2020-08/msg00070.html https://www.suse.com/security/cve/CVE-2018-10196.html CVE-2018-10196 https://bugzilla.suse.com/1093447 SUSE Bug 1093447