[Forgot Password]
Login  Register Subscribe

23631

 
 

126941

 
 

98503

 
 

909

 
 

79321

 
 

109

Paid content will be excluded from the download.


Download | Alert*
OVAL

SUSE-SU-2016:0779-1 -- Suse graphite2

ID: oval:org.secpod.oval:def:400764Date: (C)2016-11-22   (M)2017-11-27
Class: PATCHFamily: unix




This update for graphite2 fixes the following issues: - CVE-2016-1521: The directrun function in directmachine.cpp in Libgraphite did not validate a certain skip operation, which allowed remote attackers to execute arbitrary code, obtain sensitive information, or cause a denial of service via a crafted Graphite smart font. - CVE-2016-1523: The SillMap::readFace function in FeatureMap.cpp in Libgraphite mishandled a return value, which allowed remote attackers to cause a denial of service via a crafted Graphite smart font. - CVE-2016-1526: The TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite incorrectly validated a size value, which allowed remote attackers to obtain sensitive information or cause a denial of service via a crafted Graphite smart font.

Platform:
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Server 12
Product:
graphite2
Reference:
SUSE-SU-2016:0779-1
CVE-2016-1521
CVE-2016-1523
CVE-2016-1526
CVE    3
CVE-2016-1526
CVE-2016-1523
CVE-2016-1521
CPE    3
cpe:/a:zugaina:graphite2
cpe:/o:suse:suse_linux_enterprise_server:12
cpe:/o:suse:suse_linux_enterprise_desktop:12

© 2013 SecPod Technologies