Cloud Foundry Logo
blog single gear
Security Advisory

USN-5971-1: Graphviz vulnerabilities


USN-5971-1: Graphviz vulnerabilities

Severity

Medium

Vendor

Canonical Ubuntu

Versions Affected

  • Canonical Ubuntu 18.04

Description

It was discovered that graphviz contains null pointer dereference vulnerabilities. Exploitation via a specially crafted input file can cause a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-10196) It was discovered that graphviz contains null pointer dereference vulnerabilities. Exploitation via a specially crafted input file can cause a denial of service. These issues only affected Ubuntu 14.04 ESM and Ubuntu 18.04 LTS. (CVE-2019-11023) It was discovered that graphviz contains a buffer overflow vulnerability. Exploitation via a specially crafted input file can cause a denial of service or possibly allow for arbitrary code execution. These issues only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-18032) Update Instructions: Run `sudo pro fix USN-5971-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: graphviz – 2.40.1-2ubuntu0.1~esm1 graphviz-doc – 2.40.1-2ubuntu0.1~esm1 libcdt5 – 2.40.1-2ubuntu0.1~esm1 libcgraph6 – 2.40.1-2ubuntu0.1~esm1 libgraphviz-dev – 2.40.1-2ubuntu0.1~esm1 libgv-guile – 2.40.1-2ubuntu0.1~esm1 libgv-lua – 2.40.1-2ubuntu0.1~esm1 libgv-perl – 2.40.1-2ubuntu0.1~esm1 libgv-php7 – 2.40.1-2ubuntu0.1~esm1 libgv-ruby – 2.40.1-2ubuntu0.1~esm1 libgv-tcl – 2.40.1-2ubuntu0.1~esm1 libgvc6 – 2.40.1-2ubuntu0.1~esm1 libgvc6-plugins-gtk – 2.40.1-2ubuntu0.1~esm1 libgvpr2 – 2.40.1-2ubuntu0.1~esm1 liblab-gamut1 – 2.40.1-2ubuntu0.1~esm1 libpathplan4 – 2.40.1-2ubuntu0.1~esm1 libxdot4 – 2.40.1-2ubuntu0.1~esm1 python-gv – 2.40.1-2ubuntu0.1~esm1 python3-gv – 2.40.1-2ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro

CVEs contained in this USN include: CVE-2018-10196, CVE-2019-11023, CVE-2020-18032.

Affected Cloud Foundry Products and Versions

Severity is medium unless otherwise noted.

  • cflinuxfs3
    • All versions
  • CF Deployment
    • All versions prior to 30.0.0

Mitigation

Users of affected products are strongly encouraged to follow the mitigations below.

The Cloud Foundry project recommends upgrading the following releases:

  • cflinuxfs3
    • There are no fixed versions of this product
  • CF Deployment
    • Upgrade all versions to 30.0.0 or greater

History

2023-05-25: Initial vulnerability report published.

Cloud Foundry Foundation Security Team Profile Image

Cloud Foundry Foundation Security Team, AUTHOR

SEE ALL ARTICLES