Advisories ยป MGASA-2016-0097

Updated graphite2 package fixes security vulnerabilities

Publication date: 07 Mar 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-1977 , CVE-2016-2790 , CVE-2016-2791 , CVE-2016-2792 , CVE-2016-2793 , CVE-2016-2794 , CVE-2016-2795 , CVE-2016-2796 , CVE-2016-2797 , CVE-2016-2798 , CVE-2016-2799 , CVE-2016-2800 , CVE-2016-2801 , CVE-2016-2802


Updated graphite2 packages fix security vulnerabilities:

Multiple security flaws were found in the graphite2 font library. A web page
or document containing malicious content could cause an application using
graphite2 to crash or, potentially, execute arbitrary code with the
privileges of the user running the application (CVE-2016-1977,
CVE-2016-2790, CVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794,
CVE-2016-2795, CVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799,
CVE-2016-2800, CVE-2016-2801, CVE-2016-2802).

The graphite2 package has been updated to version 1.3.6 which fixes
these security issues.