Summary: | <www-client/firefox-38.6.1: arbitrary code execution in bundled graphite library (CVE-2016-1523) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Andrey Ovcharov <sudormrfhalt> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | mozilla |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: |
https://bugs.gentoo.org/show_bug.cgi?id=574276 https://bugs.gentoo.org/show_bug.cgi?id=574968 |
||
Whiteboard: | A2 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 574972 |
Description
Andrey Ovcharov
2016-02-13 02:28:26 UTC
The issue description https://www.mozilla.org/en-US/security/advisories/mfsa2016-14/ This is a security issue, reassigning (In reply to Sergey Popov from comment #2) > This is a security issue, reassigning Firefox-38.6.1 is in tree, feel free to stabilize it. Arches please stabilize. amd64 stable x86 stable Stable for HPPA. Stable for PPC64. no stable keywords for arm mail-client/thunderbird{,-bin}-38.6.0 also contains the fixes for this too; stabilization has been requested in bug 573074 already though. CVE-2016-1523 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1523): The SillMap::readFace function in FeatureMap.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, mishandles a return value, which allows remote attackers to cause a denial of service (missing initialization, NULL pointer dereference, and application crash) via a crafted Graphite smart font. Added to existing GLSA. This will be mitigated when stabilization occurs in bug 576862. Stable on alpha. ppc stable This issue was resolved and addressed in GLSA 201605-06 at https://security.gentoo.org/glsa/201605-06 by GLSA coordinator Yury German (BlueKnight). |