graphviz-2.48.0-4.2 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10821 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z graphviz-2.48.0-4.2 on GA media These are all security issues fixed in the graphviz-2.48.0-4.2 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10821 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:10821 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2018-10196/ SUSE CVE CVE-2018-10196 page https://www.suse.com/security/cve/CVE-2019-11023/ SUSE CVE CVE-2019-11023 page openSUSE Tumbleweed graphviz-2.48.0-4.2 graphviz-devel-2.48.0-4.2 graphviz-plugins-core-2.48.0-4.2 libgraphviz6-2.48.0-4.2 graphviz-2.48.0-4.2 as a component of openSUSE Tumbleweed graphviz-devel-2.48.0-4.2 as a component of openSUSE Tumbleweed graphviz-plugins-core-2.48.0-4.2 as a component of openSUSE Tumbleweed libgraphviz6-2.48.0-4.2 as a component of openSUSE Tumbleweed NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service (application crash) via a crafted file. CVE-2018-10196 openSUSE Tumbleweed:graphviz-2.48.0-4.2 openSUSE Tumbleweed:graphviz-devel-2.48.0-4.2 openSUSE Tumbleweed:graphviz-plugins-core-2.48.0-4.2 openSUSE Tumbleweed:libgraphviz6-2.48.0-4.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-10196.html CVE-2018-10196 https://bugzilla.suse.com/1093447 SUSE Bug 1093447 The agroot() function in cgraph\obj.c in libcgraph.a in Graphviz 2.39.20160612.1140 has a NULL pointer dereference, as demonstrated by graphml2gv. CVE-2019-11023 openSUSE Tumbleweed:graphviz-2.48.0-4.2 openSUSE Tumbleweed:graphviz-devel-2.48.0-4.2 openSUSE Tumbleweed:graphviz-plugins-core-2.48.0-4.2 openSUSE Tumbleweed:libgraphviz6-2.48.0-4.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-11023.html CVE-2019-11023 https://bugzilla.suse.com/1132091 SUSE Bug 1132091