MGASA-2016-0077
- Source
- https://advisories.mageia.org/MGASA-2016-0077.html
- Import Source
- https://advisories.mageia.org/MGASA-2016-0077.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MGASA-2016-0077
- Related
- Published
- 2016-02-17T19:06:01Z
- Modified
- 2016-02-17T18:27:04Z
- Summary
- Updated graphite2/firefox packages fix security vulnerability
- Details
-
Multiple vulnerabilities in the graphite2 font library can result in information disclosure, denial-of-service (application crashes), or code execution via out-of-bounds reads, a NULL pointer dereference, and a heap-based buffer overflow (CVE-2016-1521, CVE-2016-1522, CVE-2016-1523, CVE-2016-1526).
Firefox includes a bundled copy of the graphite2 library, which has been updated in Firefox ESR 38.6.1.
- References
-
- https://advisories.mageia.org/MGASA-2016-0077.html
- https://bugs.mageia.org/show_bug.cgi?id=17780
- http://www.talosintel.com/reports/TALOS-2016-0057/
- http://www.talosintel.com/reports/TALOS-2016-0058/
- http://www.talosintel.com/reports/TALOS-2016-0059/
- http://www.talosintel.com/reports/TALOS-2016-0060/
- http://www.talosintel.com/reports/TALOS-2016-0061/
- http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html
- https://www.mozilla.org/en-US/security/advisories/mfsa2016-14/
- https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/
- https://www.debian.org/security/2016/dsa-3477
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:5 / firefox
Package
- Name
- firefox
- Purl
- pkg:rpm/mageia/firefox?distro=mageia-5
Mageia:5 / firefox-l10n
Package
- Name
- firefox-l10n
- Purl
- pkg:rpm/mageia/firefox-l10n?distro=mageia-5
Mageia:5 / graphite2
Package
- Name
- graphite2
- Purl
- pkg:rpm/mageia/graphite2?distro=mageia-5