[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1597-1] gnuplot security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : gnuplot
Version        : 4.6.6-2+deb8u1
CVE ID         : CVE-2018-19490 CVE-2018-19491 CVE-2018-19492


gnuplot, a command-line driven interactive plotting program, has been
examined with fuzzing by Tim Blazytko, Cornelius Aschermann, Sergej
Schumilo and Nils Bars.
They found various overflow cases which might lead to the execution of
arbitrary code.

Due to special toolchain hardening in Debian, CVE-2018-19492 is not
security relevant, but it is a bug and the patch was applied for the sake
of completeness. Probably some downstream project does not have the same
toolchain settings.


For Debian 8 "Jessie", these problems have been fixed in version
4.6.6-2+deb8u1.

We recommend that you upgrade your gnuplot packages.

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAlv8afRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEcjJA/+Jo/oianDxK2MUTUxNgsOOa/w5QTXJ66wrHYjD8fDzGBx8zkU+HRVl45z
OCFF8h74DxY51I3/jMS9+QJohpFB66JZD2kwnw6noZ6Lh9BjUIfmdPhb+zEpQugC
WRHXnT1ZL3wej9V03OnGuyzygZAlaNjGuNp6RFI5L1Z/F5C45DohB2LjGup6x0+F
azOOHm0sGEYiiTyoXJZfRVqJDrnVXAoGjVRSoDGHGOLnNFZa91p4O7Up+jcmJOH+
8a6AWpCqSElekQlzVvMBnVzlQIhgW4DT2ILErKjnLjnrXeGXozpHUcY3uE66ubfe
ZhRL/aW9mhJLKliky0Y6bvEFPBo3TGG6saCkxhqQYV4qo56Tlo9parbMH+TBc1Rq
g5h/fbnffhH6auddLv7m/aRcYbNVMOSUWFS1+EiAoTzGW3pAwS7PNUhyIRnSP8F3
VDCTYfNinDdLk36JcYzm9ORfKK91ySyQmOGjkFia0MQtv3Z4Sbzt9bx8EE9z+LM3
Nutom+d1PD/rsa3h3botHhc4mSAgfAbOxwufzkYbjD3K2maR3ba2jNTJOWdcMvHU
Boj7PnlWDNF7iEEIuI7kRdwKW8Qoy/PC8OyPLgvSCQMZneGZOHVkMxDUpkMROkhj
RP/7Hb1zIk9dQpGrm2/RjuJcNE/yieyHlK0NjWRxJkVUlI+8JOQ=
=nvBf
-----END PGP SIGNATURE-----


Reply to: