|
Family: Ubuntu Local Security Checks --> Category: infos
USN208-1 : graphviz vulnerability Vulnerability Scan
Vulnerability Scan Summary graphviz vulnerability
Detailed Explanation for this Vulnerability Test
Synopsis :
These remote packages are missing security patches :
- graphviz
- graphviz-dev
- graphviz-doc
Description :
Javier Fernández-Sanguino Peña discovered that the "dotty" tool
created and used temporary files in an insecure way. A local attacker
could exploit this with a symlink attack to create or overwrite
arbitrary files with the rights of the user running dotty.
Solution :
Upgrade to :
- graphviz-2.2-1ubuntu0.1 (Ubuntu 5.04)
- graphviz-dev-2.2-1ubuntu0.1 (Ubuntu 5.04)
- graphviz-doc-2.2-1ubuntu0.1 (Ubuntu 5.04)
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|