 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.882755 |
| Category: | CentOS Local Security Checks |
| Title: | CentOS Update for graphite2 CESA-2017:1793 centos7 |
| Summary: | Check the version of graphite2 |
| Description: | Summary: Check the version of graphite2 Vulnerability Insight: Graphite2 is a project within SIL's Non-Roman Script Initiative and Language Software Development groups to provide rendering capabilities for complex non-Roman writing systems. Graphite can be used to create 'smart fonts' capable of displaying writing systems with various complex behaviors. With respect to the Text Encoding Model, Graphite handles the 'Rendering' aspect of writing system implementation. The following packages have been upgraded to a newer upstream version: graphite2 (1.3.10). Security Fix(es): * Various vulnerabilities have been discovered in Graphite2. An attacker able to trick an unsuspecting user into opening specially crafted font files in an application using Graphite2 could exploit these flaws to disclose potentially sensitive memory, cause an application crash, or, possibly, execute arbitrary code. (CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777, CVE-2017-7778) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Holger Fuhrmannek and Tyson Smith as the original reporters of these issues. Affected Software/OS: graphite2 on CentOS 7 Solution: Please Install the Updated Packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2017-7771 Common Vulnerability Exposure (CVE) ID: CVE-2017-7772 Common Vulnerability Exposure (CVE) ID: CVE-2017-7773 Common Vulnerability Exposure (CVE) ID: CVE-2017-7774 Common Vulnerability Exposure (CVE) ID: CVE-2017-7775 Common Vulnerability Exposure (CVE) ID: CVE-2017-7776 Common Vulnerability Exposure (CVE) ID: CVE-2017-7777 Common Vulnerability Exposure (CVE) ID: CVE-2017-7778 BugTraq ID: 99057 http://www.securityfocus.com/bid/99057 Debian Security Information: DSA-3881 (Google Search) https://www.debian.org/security/2017/dsa-3881 Debian Security Information: DSA-3894 (Google Search) https://www.debian.org/security/2017/dsa-3894 Debian Security Information: DSA-3918 (Google Search) https://www.debian.org/security/2017/dsa-3918 https://security.gentoo.org/glsa/201710-13 RedHat Security Advisories: RHSA-2017:1440 https://access.redhat.com/errata/RHSA-2017:1440 RedHat Security Advisories: RHSA-2017:1561 https://access.redhat.com/errata/RHSA-2017:1561 RedHat Security Advisories: RHSA-2017:1793 https://access.redhat.com/errata/RHSA-2017:1793 http://www.securitytracker.com/id/1038689 |
| Copyright | Copyright (C) 2017 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |