Summary: | <media-gfx/graphite2-1.3.5: Multiple vulnerabilities (CVE-2016-{1521,1522,1523,1526}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Olivier Huber <oli.huber> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | alexander, hanno, luke |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.talosintel.com/reports/TALOS-2016-0058/ | ||
See Also: |
https://bugs.gentoo.org/show_bug.cgi?id=574596 https://bugs.gentoo.org/show_bug.cgi?id=574968 |
||
Whiteboard: | A2 [glsa cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 574972 |
Description
Olivier Huber
2016-02-09 16:18:51 UTC
*** Bug 571768 has been marked as a duplicate of this bug. *** Bumped 1.3.5 which contains the commit referenced in comment #0 Let's give it some time for testing I havent seen any sudden deluge in bugs, so let's go ahead. Arches please stabilize =media-gfx/graphite2-1.3.5 Target: all stable arches amd64 stable I'm not sure if this is correct to place it here, but what about LibreOffice 5.0.5.2 which is also stable but depends on graphite2-1.2? There's a conflict: media-gfx/graphite2:0 (media-gfx/graphite2-1.3.5:0/0::gentoo, ebuild scheduled for merge) conflicts with =media-gfx/graphite2-1.2* required by (app-office/libreoffice-bin-5.0.5.2:0/0::gentoo, ebuild scheduled for merge (In reply to Gleb from comment #5) > I'm not sure if this is correct to place it here, but what about LibreOffice > 5.0.5.2 which is also stable but depends on graphite2-1.2? There's a > conflict: > > media-gfx/graphite2:0 > > (media-gfx/graphite2-1.3.5:0/0::gentoo, ebuild scheduled for merge) > conflicts with > =media-gfx/graphite2-1.2* required by > (app-office/libreoffice-bin-5.0.5.2:0/0::gentoo, ebuild scheduled for merge commit 0844590de4e93e18b862d01b1a3ac6cdd2c30566 (HEAD -> master, origin/master, origin/HEAD) Author: Andreas K. Hüttel <dilfridge@gentoo.org> Date: Thu Mar 3 01:03:33 2016 +0100 app-office/libreoffice-bin: Revbump to relax graphite2 dependencies Package-Manager: portage-2.2.27 app-office/libreoffice-bin/libreoffice-bin-5.0.5.2-r1.ebuild | 237 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ app-office/libreoffice-bin/libreoffice-bin-5.0.5.2.ebuild | 237 --------------------------------------------------------------------------------------- 2 files changed, 237 insertions(+), 237 deletions(-) Stable for PPC64. Stable for HPPA. arm stable x86 stable Stable on alpha. ppc stable sparc stable ia64 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. Cleanup done. 1.2.1 remains in tree, only keyworded s390, since this arch has not keyworded any newer version yet. Then again s390 is not security-supported. CVE-2016-1526 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1526): The TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, incorrectly validates a size value, which allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font. CVE-2016-1523 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1523): The SillMap::readFace function in FeatureMap.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, mishandles a return value, which allows remote attackers to cause a denial of service (missing initialization, NULL pointer dereference, and application crash) via a crafted Graphite smart font. CVE-2016-1522 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1522): Code.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not consider recursive load calls during a size check, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via a crafted Graphite smart font. CVE-2016-1521 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1521): The directrun function in directmachine.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not validate a certain skip operation, which allows remote attackers to execute arbitrary code, obtain sensitive information, or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font. New GLSA request filed. Office out. This issue was resolved and addressed in GLSA 201701-63 at https://security.gentoo.org/glsa/201701-63 by GLSA coordinator Thomas Deutschmann (whissi). |