graphite2-1.3.6-1.el7
エラータID: AXSA:2016-200:01
Graphite2 is a project within SIL’s Non-Roman Script Initiative and Language
Software Development groups to provide rendering capabilities for complex
non-Roman writing systems. Graphite can be used to create “smart fonts” capable
of displaying writing systems with various complex behaviors. With respect to
the Text Encoding Model, Graphite handles the "Rendering" aspect of writing
system implementation.
Security issues fixed with this release:
CVE-2016-1521
The directrun function in directmachine.cpp in Libgraphite in Graphite
2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x
before 38.6.1, does not validate a certain skip operation, which
allows remote attackers to execute arbitrary code, obtain sensitive
information, or cause a denial of service (out-of-bounds read and
application crash) via a crafted Graphite smart font.
CVE-2016-1522
Code.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla
Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not
consider recursive load calls during a size check, which allows remote
attackers to cause a denial of service (heap-based buffer overflow) or
possibly execute arbitrary code via a crafted Graphite smart font.
CVE-2016-1523
The SillMap::readFace function in FeatureMap.cpp in Libgraphite in
Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox
ESR 38.x before 38.6.1, mishandles a return value, which allows remote
attackers to cause a denial of service (missing initialization, NULL
pointer dereference, and application crash) via a crafted Graphite
smart font.
CVE-2016-1526
The TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite in
Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox
ESR 38.x before 38.6.1, incorrectly validates a size value, which
allows remote attackers to obtain sensitive information or cause a
denial of service (out-of-bounds read and application crash) via a
crafted Graphite smart font.
The following packages have been upgraded to a newer upstream version: graphite2 (1.3.6).
Update packages.
The directrun function in directmachine.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not validate a certain skip operation, which allows remote attackers to execute arbitrary code, obtain sensitive information, or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font.
Code.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not consider recursive load calls during a size check, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via a crafted Graphite smart font.
The SillMap::readFace function in FeatureMap.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, mishandles a return value, which allows remote attackers to cause a denial of service (missing initialization, NULL pointer dereference, and application crash) via a crafted Graphite smart font.
The TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, incorrectly validates a size value, which allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font.
N/A
SRPMS
- graphite2-1.3.6-1.el7.src.rpm
MD5: 78d2045ca3abe5c552b553f5a6d3f9fd
SHA-256: 65cd66fc071eb93b1f0db1dd92b8eb885260849acca34ff5553c471f62858474
Size: 3.45 MB
Asianux Server 7 for x86_64
- graphite2-1.3.6-1.el7.x86_64.rpm
MD5: faa83cbdd19fe56b2dd2a9a243d3187d
SHA-256: 9bbd7aa0672b39214c511c167e89328f3ffa01336540b14316313a0e9812fede
Size: 111.43 kB - graphite2-1.3.6-1.el7.i686.rpm
MD5: d77e58de070a229d5a0624d06324eacf
SHA-256: f68f50323749d0ff3e58eb245a74c6d882251e7a65b09e1e8d12e02e5f8bdcc8
Size: 112.16 kB
日本語