ALAS-2015-488


Amazon Linux AMI Security Advisory: ALAS-2015-488
Advisory Release Date: 2015-03-04 16:12 Pacific
Severity: Medium
References: CVE-2014-9157 

Issue Overview:

Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vector, which are not properly handled in an error string.


Affected Packages:

graphviz-php


Issue Correction:
Run yum update graphviz-php to update your system.

New Packages:
i686:
    graphviz-php-2.38.0-18.40.amzn1.i686

src:
    graphviz-php-2.38.0-18.40.amzn1.src

x86_64:
    graphviz-php-2.38.0-18.40.amzn1.x86_64