ALAS-2015-488

Amazon Linux 1 (EOL) Security Advisory: ALAS-2015-488
Advisory Released Date: 2015-03-04
Advisory Updated Date: 2015-03-04

Severity: Medium

References: CVE-2014-9157
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vector, which are not properly handled in an error string.

Affected Packages:

graphviz-php

Issue Correction:
Run yum update graphviz-php to update your system.

New Packages:

i686:
    graphviz-php-2.38.0-18.40.amzn1.i686

src:
    graphviz-php-2.38.0-18.40.amzn1.src

x86_64:
    graphviz-php-2.38.0-18.40.amzn1.x86_64

Additional References

Red Hat: CVE-2014-9157

Mitre: CVE-2014-9157