graphite2-1.3.10-1.el7

エラータID: AXSA:2017-1747:01

Release date: 
Friday, July 21, 2017 - 06:58
Subject: 
graphite2-1.3.10-1.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

Graphite2 is a project within SIL’s Non-Roman Script Initiative and Language
Software Development groups to provide rendering capabilities for complex
non-Roman writing systems. Graphite can be used to create “smart fonts” capable
of displaying writing systems with various complex behaviors. With respect to
the Text Encoding Model, Graphite handles the "Rendering" aspect of writing
system implementation.

Security issues fixed with this release:

CVE-2017-7771
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2017-7772
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2017-7773
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2017-7774
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2017-7775
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2017-7776
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2017-7777
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2017-7778
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.

The following packages have been upgraded to a newer upstream version: graphite2 (1.3.10).

Solution: 

Update packages.

CVEs: 
CVE-2017-7771
Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Pass::readPass function.
CVE-2017-7772
Heap-based Buffer Overflow in Graphite2 library in Firefox before 54 in lz4::decompress function.
CVE-2017-7773
Heap-based Buffer Overflow write in Graphite2 library in Firefox before 54 in lz4::decompress src/Decompressor.
CVE-2017-7774
Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Silf::readGraphite function.
CVE-2017-7775
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2017-7776
Heap-based Buffer Overflow read in Graphite2 library in Firefox before 54 in graphite2::Silf::getClassGlyph.
CVE-2017-7777
Use of uninitialized memory in Graphite2 library in Firefox before 54 in graphite2::GlyphCache::Loader::read_glyph function.
CVE-2017-7778
A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.
Additional Info: 

N/A

Download: 

SRPMS
  1. graphite2-1.3.10-1.el7.src.rpm
    MD5: fe439709d17df96795c12a02b587f0a1
    SHA-256: 3e20fd9d568e203a17a2bddbe4d95420a747f86ccc2db3690fd70fdb359ef8aa
    Size: 3.46 MB

Asianux Server 7 for x86_64
  1. graphite2-1.3.10-1.el7.x86_64.rpm
    MD5: 4a7638f312a552be7bd9bb4a8bc3e112
    SHA-256: 0edca7c7c9914ef21dab57bb2acfb9a0bb4d5ad15f611754b8272dd8c2d55007
    Size: 114.27 kB
  2. graphite2-1.3.10-1.el7.i686.rpm
    MD5: 3380b0a01d0e6505957c9e492a2c187c
    SHA-256: 823590eb11b0d191e630b97e81ea81db2a5a99cb256d08ed8b069343f23eab14
    Size: 115.20 kB