Security update for graphviz SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2020:2346-1 Final 1 1 2020-08-26T15:03:31Z current 2020-08-26T15:03:31Z 2020-08-26T15:03:31Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for graphviz This update for graphviz fixes the following issues: - CVE-2018-10196: Fixed a null dereference in rebuild_vlis (bsc#1093447). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Image SLES15-SP3-SAP-Azure-LI-BYOS-Production-2020-2346,Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production-2020-2346,Image SLES15-SP3-SAP-BYOS-Azure-2020-2346,Image SLES15-SP3-SAP-BYOS-EC2-HVM-2020-2346,Image SLES15-SP3-SAP-BYOS-GCE-2020-2346,SUSE-2020-2346,SUSE-SLE-Module-Basesystem-15-SP1-2020-2346,SUSE-SLE-Module-Development-Tools-15-SP1-2020-2346,SUSE-SLE-Module-Server-Applications-15-SP1-2020-2346,SUSE-SLE-Product-HA-15-2020-2346,SUSE-SLE-Product-HA-15-SP1-2020-2346 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2020/suse-su-20202346-1/ Link for SUSE-SU-2020:2346-1 https://lists.suse.com/pipermail/sle-security-updates/2020-August/007306.html E-Mail link for SUSE-SU-2020:2346-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1093447 SUSE Bug 1093447 https://www.suse.com/security/cve/CVE-2018-10196/ SUSE CVE CVE-2018-10196 page Image SLES15-SP3-SAP-Azure-LI-BYOS-Production Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production Image SLES15-SP3-SAP-BYOS-Azure Image SLES15-SP3-SAP-BYOS-EC2-HVM Image SLES15-SP3-SAP-BYOS-GCE SUSE Linux Enterprise High Availability Extension 15 SUSE Linux Enterprise High Availability Extension 15 SP1 SUSE Linux Enterprise Module for Basesystem 15 SP1 SUSE Linux Enterprise Module for Development Tools 15 SP1 SUSE Linux Enterprise Module for Server Applications 15 SP1 graphviz-2.40.1-6.6.4 graphviz-gd-2.40.1-6.6.8 graphviz-plugins-core-2.40.1-6.6.4 libgraphviz6-2.40.1-6.6.4 graphviz-devel-2.40.1-6.6.4 graphviz-doc-2.40.1-6.6.8 graphviz-gnome-2.40.1-6.6.8 graphviz-guile-2.40.1-6.6.8 graphviz-gvedit-2.40.1-6.6.8 graphviz-java-2.40.1-6.6.8 graphviz-lua-2.40.1-6.6.8 graphviz-perl-2.40.1-6.6.8 graphviz-php-2.40.1-6.6.8 graphviz-python-2.40.1-6.6.8 graphviz-ruby-2.40.1-6.6.8 graphviz-smyrna-2.40.1-6.6.8 graphviz-tcl-2.40.1-6.6.8 graphviz-2.40.1-6.6.4 as a component of Image SLES15-SP3-SAP-Azure-LI-BYOS-Production graphviz-gd-2.40.1-6.6.8 as a component of Image SLES15-SP3-SAP-Azure-LI-BYOS-Production graphviz-plugins-core-2.40.1-6.6.4 as a component of Image SLES15-SP3-SAP-Azure-LI-BYOS-Production libgraphviz6-2.40.1-6.6.4 as a component of Image SLES15-SP3-SAP-Azure-LI-BYOS-Production graphviz-2.40.1-6.6.4 as a component of Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production graphviz-gd-2.40.1-6.6.8 as a component of Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production graphviz-plugins-core-2.40.1-6.6.4 as a component of Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production libgraphviz6-2.40.1-6.6.4 as a component of Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production graphviz-2.40.1-6.6.4 as a component of Image SLES15-SP3-SAP-BYOS-Azure graphviz-gd-2.40.1-6.6.8 as a component of Image SLES15-SP3-SAP-BYOS-Azure graphviz-plugins-core-2.40.1-6.6.4 as a component of Image SLES15-SP3-SAP-BYOS-Azure libgraphviz6-2.40.1-6.6.4 as a component of Image SLES15-SP3-SAP-BYOS-Azure graphviz-2.40.1-6.6.4 as a component of Image SLES15-SP3-SAP-BYOS-EC2-HVM graphviz-gd-2.40.1-6.6.8 as a component of Image SLES15-SP3-SAP-BYOS-EC2-HVM graphviz-plugins-core-2.40.1-6.6.4 as a component of Image SLES15-SP3-SAP-BYOS-EC2-HVM libgraphviz6-2.40.1-6.6.4 as a component of Image SLES15-SP3-SAP-BYOS-EC2-HVM graphviz-2.40.1-6.6.4 as a component of Image SLES15-SP3-SAP-BYOS-GCE graphviz-gd-2.40.1-6.6.8 as a component of Image SLES15-SP3-SAP-BYOS-GCE graphviz-plugins-core-2.40.1-6.6.4 as a component of Image SLES15-SP3-SAP-BYOS-GCE libgraphviz6-2.40.1-6.6.4 as a component of Image SLES15-SP3-SAP-BYOS-GCE graphviz-gd-2.40.1-6.6.8 as a component of SUSE Linux Enterprise High Availability Extension 15 graphviz-python-2.40.1-6.6.8 as a component of SUSE Linux Enterprise High Availability Extension 15 graphviz-gd-2.40.1-6.6.8 as a component of SUSE Linux Enterprise High Availability Extension 15 SP1 graphviz-python-2.40.1-6.6.8 as a component of SUSE Linux Enterprise High Availability Extension 15 SP1 graphviz-2.40.1-6.6.4 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP1 graphviz-devel-2.40.1-6.6.4 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP1 graphviz-plugins-core-2.40.1-6.6.4 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP1 libgraphviz6-2.40.1-6.6.4 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP1 graphviz-perl-2.40.1-6.6.8 as a component of SUSE Linux Enterprise Module for Development Tools 15 SP1 graphviz-tcl-2.40.1-6.6.8 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP1 NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service (application crash) via a crafted file. CVE-2018-10196 Image SLES15-SP3-SAP-Azure-LI-BYOS-Production:graphviz-2.40.1-6.6.4 Image SLES15-SP3-SAP-Azure-LI-BYOS-Production:graphviz-gd-2.40.1-6.6.8 Image SLES15-SP3-SAP-Azure-LI-BYOS-Production:graphviz-plugins-core-2.40.1-6.6.4 Image SLES15-SP3-SAP-Azure-LI-BYOS-Production:libgraphviz6-2.40.1-6.6.4 Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production:graphviz-2.40.1-6.6.4 Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production:graphviz-gd-2.40.1-6.6.8 Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production:graphviz-plugins-core-2.40.1-6.6.4 Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production:libgraphviz6-2.40.1-6.6.4 Image SLES15-SP3-SAP-BYOS-Azure:graphviz-2.40.1-6.6.4 Image SLES15-SP3-SAP-BYOS-Azure:graphviz-gd-2.40.1-6.6.8 Image SLES15-SP3-SAP-BYOS-Azure:graphviz-plugins-core-2.40.1-6.6.4 Image SLES15-SP3-SAP-BYOS-Azure:libgraphviz6-2.40.1-6.6.4 Image SLES15-SP3-SAP-BYOS-EC2-HVM:graphviz-2.40.1-6.6.4 Image SLES15-SP3-SAP-BYOS-EC2-HVM:graphviz-gd-2.40.1-6.6.8 Image SLES15-SP3-SAP-BYOS-EC2-HVM:graphviz-plugins-core-2.40.1-6.6.4 Image SLES15-SP3-SAP-BYOS-EC2-HVM:libgraphviz6-2.40.1-6.6.4 Image SLES15-SP3-SAP-BYOS-GCE:graphviz-2.40.1-6.6.4 Image SLES15-SP3-SAP-BYOS-GCE:graphviz-gd-2.40.1-6.6.8 Image SLES15-SP3-SAP-BYOS-GCE:graphviz-plugins-core-2.40.1-6.6.4 Image SLES15-SP3-SAP-BYOS-GCE:libgraphviz6-2.40.1-6.6.4 SUSE Linux Enterprise High Availability Extension 15 SP1:graphviz-gd-2.40.1-6.6.8 SUSE Linux Enterprise High Availability Extension 15 SP1:graphviz-python-2.40.1-6.6.8 SUSE Linux Enterprise High Availability Extension 15:graphviz-gd-2.40.1-6.6.8 SUSE Linux Enterprise High Availability Extension 15:graphviz-python-2.40.1-6.6.8 SUSE Linux Enterprise Module for Basesystem 15 SP1:graphviz-2.40.1-6.6.4 SUSE Linux Enterprise Module for Basesystem 15 SP1:graphviz-devel-2.40.1-6.6.4 SUSE Linux Enterprise Module for Basesystem 15 SP1:graphviz-plugins-core-2.40.1-6.6.4 SUSE Linux Enterprise Module for Basesystem 15 SP1:libgraphviz6-2.40.1-6.6.4 SUSE Linux Enterprise Module for Development Tools 15 SP1:graphviz-perl-2.40.1-6.6.8 SUSE Linux Enterprise Module for Server Applications 15 SP1:graphviz-tcl-2.40.1-6.6.8 low 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-20202346-1/ https://www.suse.com/security/cve/CVE-2018-10196.html CVE-2018-10196 https://bugzilla.suse.com/1093447 SUSE Bug 1093447