Updated graphite2 packages fix security vulnerabilities
Publication date: 25 Jul 2017Modification date: 25 Jul 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-5436 , CVE-2017-7771 , CVE-2017-7772 , CVE-2017-7773 , CVE-2017-7774 , CVE-2017-7775 , CVE-2017-7776 , CVE-2017-7777 , CVE-2017-7778
Description
An out-of-bounds write triggered with a maliciously crafted Graphite
font could lead to a crash or potentially code execution
(CVE-2017-5436).
Multiple vulnerabilities have been found in the Graphite font rendering
engine which might result in denial of service or the execution of
arbitrary code if a malformed font file is processed (CVE-2017-7771,
CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775,
CVE-2017-7776, CVE-2017-7777, CVE-2017-7778).
References
- https://bugs.mageia.org/show_bug.cgi?id=20778
- https://lists.opensuse.org/opensuse-updates/2017-05/msg00053.html
- https://www.debian.org/security/2017/dsa-3894
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5436
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7775
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778
SRPMS
5/core
- graphite2-1.3.10-1.mga5