USN-5971-1: Graphviz vulnerabilities
Severity
Medium
Vendor
Canonical Ubuntu
Versions Affected
- Canonical Ubuntu 18.04
Description
It was discovered that graphviz contains null pointer dereference vulnerabilities. Exploitation via a specially crafted input file can cause a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-10196) It was discovered that graphviz contains null pointer dereference vulnerabilities. Exploitation via a specially crafted input file can cause a denial of service. These issues only affected Ubuntu 14.04 ESM and Ubuntu 18.04 LTS. (CVE-2019-11023) It was discovered that graphviz contains a buffer overflow vulnerability. Exploitation via a specially crafted input file can cause a denial of service or possibly allow for arbitrary code execution. These issues only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-18032) Update Instructions: Run `sudo pro fix USN-5971-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: graphviz – 2.40.1-2ubuntu0.1~esm1 graphviz-doc – 2.40.1-2ubuntu0.1~esm1 libcdt5 – 2.40.1-2ubuntu0.1~esm1 libcgraph6 – 2.40.1-2ubuntu0.1~esm1 libgraphviz-dev – 2.40.1-2ubuntu0.1~esm1 libgv-guile – 2.40.1-2ubuntu0.1~esm1 libgv-lua – 2.40.1-2ubuntu0.1~esm1 libgv-perl – 2.40.1-2ubuntu0.1~esm1 libgv-php7 – 2.40.1-2ubuntu0.1~esm1 libgv-ruby – 2.40.1-2ubuntu0.1~esm1 libgv-tcl – 2.40.1-2ubuntu0.1~esm1 libgvc6 – 2.40.1-2ubuntu0.1~esm1 libgvc6-plugins-gtk – 2.40.1-2ubuntu0.1~esm1 libgvpr2 – 2.40.1-2ubuntu0.1~esm1 liblab-gamut1 – 2.40.1-2ubuntu0.1~esm1 libpathplan4 – 2.40.1-2ubuntu0.1~esm1 libxdot4 – 2.40.1-2ubuntu0.1~esm1 python-gv – 2.40.1-2ubuntu0.1~esm1 python3-gv – 2.40.1-2ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro
CVEs contained in this USN include: CVE-2018-10196, CVE-2019-11023, CVE-2020-18032.
Affected Cloud Foundry Products and Versions
Severity is medium unless otherwise noted.
- cflinuxfs3
- All versions
- CF Deployment
- All versions prior to 30.0.0
Mitigation
Users of affected products are strongly encouraged to follow the mitigations below.
The Cloud Foundry project recommends upgrading the following releases:
- cflinuxfs3
- There are no fixed versions of this product
- CF Deployment
- Upgrade all versions to 30.0.0 or greater
References
History
2023-05-25: Initial vulnerability report published.
