Amazon Linux 1 Security Advisory: ALAS-2021-1513
Advisory Release Date: 2021-07-08 18:38 Pacific
Advisory Updated Date: 2021-07-12 21:50 Pacific
A flaw was found in graphviz. A wrong assumption in record_init function leads to an off-by-one write in parse_reclbl function, allowing an attacker who can provide graph input to potentially execute code when the label of a node is invalid and shorter than two characters. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-18032)
Affected Packages:
graphviz
Issue Correction:
Run yum update graphviz to update your system.
i686:
graphviz-python27-2.38.0-18.52.amzn1.i686
graphviz-guile-2.38.0-18.52.amzn1.i686
graphviz-doc-2.38.0-18.52.amzn1.i686
graphviz-devel-2.38.0-18.52.amzn1.i686
graphviz-python26-2.38.0-18.52.amzn1.i686
graphviz-ruby-2.38.0-18.52.amzn1.i686
graphviz-php54-2.38.0-18.52.amzn1.i686
graphviz-tcl-2.38.0-18.52.amzn1.i686
graphviz-2.38.0-18.52.amzn1.i686
graphviz-R-2.38.0-18.52.amzn1.i686
graphviz-java-2.38.0-18.52.amzn1.i686
graphviz-lua-2.38.0-18.52.amzn1.i686
graphviz-graphs-2.38.0-18.52.amzn1.i686
graphviz-debuginfo-2.38.0-18.52.amzn1.i686
graphviz-gd-2.38.0-18.52.amzn1.i686
graphviz-perl-2.38.0-18.52.amzn1.i686
src:
graphviz-2.38.0-18.52.amzn1.src
x86_64:
graphviz-devel-2.38.0-18.52.amzn1.x86_64
graphviz-lua-2.38.0-18.52.amzn1.x86_64
graphviz-tcl-2.38.0-18.52.amzn1.x86_64
graphviz-perl-2.38.0-18.52.amzn1.x86_64
graphviz-python26-2.38.0-18.52.amzn1.x86_64
graphviz-gd-2.38.0-18.52.amzn1.x86_64
graphviz-guile-2.38.0-18.52.amzn1.x86_64
graphviz-graphs-2.38.0-18.52.amzn1.x86_64
graphviz-R-2.38.0-18.52.amzn1.x86_64
graphviz-java-2.38.0-18.52.amzn1.x86_64
graphviz-2.38.0-18.52.amzn1.x86_64
graphviz-ruby-2.38.0-18.52.amzn1.x86_64
graphviz-doc-2.38.0-18.52.amzn1.x86_64
graphviz-debuginfo-2.38.0-18.52.amzn1.x86_64
graphviz-php54-2.38.0-18.52.amzn1.x86_64
graphviz-python27-2.38.0-18.52.amzn1.x86_64