Login


 
Newsletter
Werbung

Sicherheit: Mehrere Probleme in graphite2
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in graphite2
ID: USN-2902-1
Distribution: Ubuntu
Plattformen: Ubuntu 14.04 LTS, Ubuntu 15.10
Datum: Mi, 17. Februar 2016, 16:52
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1521
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1523
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1522
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1526

Originalnachricht

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============1081830592595117241==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="qM8wuReDWQnhRCeJNv0e8WfSMRajj3uWi"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--qM8wuReDWQnhRCeJNv0e8WfSMRajj3uWi
Content-Type: text/plain; charset=utf-
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-2902-1
February 17, 2016

graphite2 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 15.10
- Ubuntu 14.04 LTS

Summary:

graphite2 could be made to crash or run programs as your login if it
opened a specially crafted font.

Software Description:
- graphite2: Font rendering engine for Complex Scripts

Details:

Yves Younan discovered that graphite2 incorrectly handled certain malformed
fonts. If a user or automated system were tricked into opening a specially-
crafted font file, a remote attacker could use this issue to cause
graphite2 to crash, resulting in a denial of service, or possibly execute
arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 15.10:
libgraphite2-3 1.2.4-3ubuntu1.1

Ubuntu 14.04 LTS:
libgraphite2-3 1.2.4-1ubuntu1.1

After a standard system update you need to restart applications using
graphite2, such as LibreOffice, to make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2902-1
CVE-2016-1521, CVE-2016-1522, CVE-2016-1523, CVE-2016-1526

Package Information:
https://launchpad.net/ubuntu/+source/graphite2/1.2.4-3ubuntu1.1
https://launchpad.net/ubuntu/+source/graphite2/1.2.4-1ubuntu1.1



--qM8wuReDWQnhRCeJNv0e8WfSMRajj3uWi
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCgAGBQJWxJYLAAoJEGVp2FWnRL6T7U8P/2hCxN+b5DxB6OcQUnKADB7g
CcGTivf33sIPyVjUGaQZuEUjBeMXJnkk5LXgx8wIEt5sktjJlXGqTLp5ivTabyZV
2xAXJ8QugDt5H1y9hqpsttr2XRSR2lIUKMiHhXlJT1WuuCsqAOpfQboA8DUywAlf
Uam5IRGVMyBEAADUw+DT8QtbA9bj8gEAMEOkU40VlGTUDKiWRnkxrqOZztkr0GsZ
CXYTTktQW9IhBxyCng72gZzgQhRojV2ipB129KRWPGdPbT03m4iuRukdvNUiqU5A
MMWCGdK0lvyPdaUWB3DwAHRnA0DT+ohy51/t3YQzCodKFapgHNhoOHNhovFq0YGu
VvEjUa/PK4ey76ug/7bYKlM8qz9TLa27N7pYltx3uhATtuDs8/r0S2DKD2mmZ60W
BhKDhFSUIzcX7m3bKjXdV4sGJOXtXsUGJAtnYT552DvJy0h16cMsMRo6N7Cnemrl
f3IRyt05p30WORu5udw2Q1zNpX+3dxsJVUzBWeR2HJlnxqM+Z8TNPlPTUY/jVOdE
4RtWlF1AH/Y6dYbB0MqddfK+tewOO25IrM6EyJJDNVp0/mk33XMrLBBpO6fvYCRu
cYzymLbKktMh2scj/m73b++eUvciWBlXarG2Rx01AgwejlZm/jh8tHxoGxyWEX+W
3yFMdyE5g3eSOiuk1UIT
=AXTZ
-----END PGP SIGNATURE-----

--qM8wuReDWQnhRCeJNv0e8WfSMRajj3uWi--


--===============1081830592595117241==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============1081830592595117241==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung