gnuplot vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

* Ubuntu 16.04 LTS

Summary

Several security issues were fixed in Gnuplot.

Software Description

* gnuplot - Command-line driven interactive plotting program

Details

Tim Blazytko, Cornelius Aschermann, Sergej Schumilo and Nils Bars
discovered that Gnuplot did not properly validate string sizes in
the df_generate_ascii_array_entry function. An attacker could
possibly use this issue to cause a heap buffer overflow, resulting
in a denial of service attack or arbitrary code execution.
(CVE-2018-19490)

Tim Blazytko, Cornelius Aschermann, Sergej Schumilo and Nils Bars
discovered that Gnuplot did not properly validate string sizes in
the PS_options function when the Gnuplot postscript terminal is
used as a backend. An attacker could possibly use this issue to
cause a buffer overflow, resulting in a denial of service attack
or arbitrary code execution. (CVE-2018-19491)

Tim Blazytko, Cornelius Aschermann, Sergej Schumilo and Nils Bars
discovered that Gnuplot did not properly validate string sizes in
the cairotrm_options function when the Gnuplot postscript terminal
is used as a backend. An attacker could possibly use this issue to
cause a buffer overflow, resulting in a denial of service attack
or arbitrary code execution. (CVE-2018-19492)

Update instructions

The problem can be corrected by updating your system to the
following package versions:

Ubuntu 16.04 LTS
gnuplot - 4.6.6-3ubuntu0.1
gnuplot-data - 4.6.6-3ubuntu0.1
gnuplot-nox - 4.6.6-3ubuntu0.1
gnuplot-qt - 4.6.6-3ubuntu0.1
gnuplot-tex - 4.6.6-3ubuntu0.1
gnuplot-x11 - 4.6.6-3ubuntu0.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary
changes.

References

* CVE-2018-19490
* CVE-2018-19491
* CVE-2018-19492

--- Mystic BBS v1.12 A46 (Linux/64)
* Origin: BZ&BZ BBS (21:4/110)