An update for gnuplot is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2023-1432 Final 1.0 1.0 2023-07-15 Initial 2023-07-15 2023-07-15 openEuler SA Tool V1.0 2023-07-15 gnuplot security update An update for gnuplot is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2. Gnuplot is a portable command-line driven graphing utility for Linux, OS/2, MS Windows, OSX, VMS, and many other platforms. The source code is copyrighted but freely distributed (i.e., you don't have to pay for it). It was originally created to allow scientists and students to visualize mathematical functions and data interactively, but has grown to support many non-interactive uses such as web scripting. It is also used as a plotting engine by third-party applications like Octave. Gnuplot has been supported and under active development since 1986. Security Fix(es): gnuplot v5.5 was discovered to contain a buffer overflow via the function plotrequest().(CVE-2020-25969) An update for gnuplot is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2. openEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Critical gnuplot https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1432 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2020-25969 https://nvd.nist.gov/vuln/detail/CVE-2020-25969 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS openEuler-22.03-LTS-SP1 openEuler-22.03-LTS-SP2 gnuplot-5.0.6-13.oe1.aarch64.rpm gnuplot-debuginfo-5.0.6-13.oe1.aarch64.rpm gnuplot-debugsource-5.0.6-13.oe1.aarch64.rpm gnuplot-debugsource-5.0.6-13.oe1.aarch64.rpm gnuplot-5.0.6-13.oe1.aarch64.rpm gnuplot-debuginfo-5.0.6-13.oe1.aarch64.rpm gnuplot-debugsource-5.0.6-13.oe2203.aarch64.rpm gnuplot-5.0.6-13.oe2203.aarch64.rpm gnuplot-debuginfo-5.0.6-13.oe2203.aarch64.rpm gnuplot-debugsource-5.0.6-14.oe2203sp1.aarch64.rpm gnuplot-5.0.6-14.oe2203sp1.aarch64.rpm gnuplot-debuginfo-5.0.6-14.oe2203sp1.aarch64.rpm gnuplot-debuginfo-5.0.6-14.oe2203sp2.aarch64.rpm gnuplot-debugsource-5.0.6-14.oe2203sp2.aarch64.rpm gnuplot-5.0.6-14.oe2203sp2.aarch64.rpm gnuplot-help-5.0.6-13.oe1.noarch.rpm gnuplot-help-5.0.6-13.oe1.noarch.rpm gnuplot-help-5.0.6-13.oe2203.noarch.rpm gnuplot-help-5.0.6-14.oe2203sp1.noarch.rpm gnuplot-help-5.0.6-14.oe2203sp2.noarch.rpm gnuplot-5.0.6-13.oe1.src.rpm gnuplot-5.0.6-13.oe1.src.rpm gnuplot-5.0.6-13.oe2203.src.rpm gnuplot-5.0.6-14.oe2203sp1.src.rpm gnuplot-5.0.6-14.oe2203sp2.src.rpm gnuplot-debugsource-5.0.6-13.oe1.x86_64.rpm gnuplot-debuginfo-5.0.6-13.oe1.x86_64.rpm gnuplot-5.0.6-13.oe1.x86_64.rpm gnuplot-debugsource-5.0.6-13.oe1.x86_64.rpm gnuplot-debuginfo-5.0.6-13.oe1.x86_64.rpm gnuplot-5.0.6-13.oe1.x86_64.rpm gnuplot-debuginfo-5.0.6-13.oe2203.x86_64.rpm gnuplot-5.0.6-13.oe2203.x86_64.rpm gnuplot-debugsource-5.0.6-13.oe2203.x86_64.rpm gnuplot-debuginfo-5.0.6-14.oe2203sp1.x86_64.rpm gnuplot-5.0.6-14.oe2203sp1.x86_64.rpm gnuplot-debugsource-5.0.6-14.oe2203sp1.x86_64.rpm gnuplot-debuginfo-5.0.6-14.oe2203sp2.x86_64.rpm gnuplot-debugsource-5.0.6-14.oe2203sp2.x86_64.rpm gnuplot-5.0.6-14.oe2203sp2.x86_64.rpm gnuplot v5.5 was discovered to contain a buffer overflow via the function plotrequest(). 2023-07-15 CVE-2020-25969 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS openEuler-22.03-LTS-SP1 openEuler-22.03-LTS-SP2 Critical 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H gnuplot security update 2023-07-15 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1432