Family: Ubuntu Local Security Checks --> Category: infos
USN208-1 : graphviz vulnerability Vulnerability Scan
Vulnerability Scan Summary
Detailed Explanation for this Vulnerability Test
These remote packages are missing security patches :
Javier Fernández-Sanguino Peña discovered that the "dotty" tool
created and used temporary files in an insecure way. A local attacker
could exploit this with a symlink attack to create or overwrite
arbitrary files with the rights of the user running dotty.
Upgrade to :
- graphviz-2.2-1ubuntu0.1 (Ubuntu 5.04)
- graphviz-dev-2.2-1ubuntu0.1 (Ubuntu 5.04)
- graphviz-doc-2.2-1ubuntu0.1 (Ubuntu 5.04)
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.