MGASA-2016-0097
- Source
- https://advisories.mageia.org/MGASA-2016-0097.html
- Import Source
- https://advisories.mageia.org/MGASA-2016-0097.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MGASA-2016-0097
- Related
- Published
- 2016-03-07T11:20:30Z
- Modified
- 2016-03-09T13:29:06Z
- Summary
- Updated graphite2 package fixes security vulnerabilities
- Details
-
Updated graphite2 packages fix security vulnerabilities:
Multiple security flaws were found in the graphite2 font library. A web page or document containing malicious content could cause an application using graphite2 to crash or, potentially, execute arbitrary code with the privileges of the user running the application (CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802).
The graphite2 package has been updated to version 1.3.6 which fixes these security issues.
- References
-
- https://advisories.mageia.org/MGASA-2016-0097.html
- https://bugs.mageia.org/show_bug.cgi?id=17866
- https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/
- https://github.com/silnrsi/graphite/releases/tag/1.3.6
- https://lists.fedoraproject.org/pipermail/package-announce/2016-March/178192.html
- https://rhn.redhat.com/errata/RHSA-2016-0373.html
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:5 / graphite2
Package
- Name
- graphite2
- Purl
- pkg:rpm/mageia/graphite2?distro=mageia-5