Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.871846
Category:Red Hat Local Security Checks
Title:RedHat Update for graphite2 RHSA-2017:1793-01
Summary:The remote host is missing an update for the 'graphite2'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'graphite2'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Graphite2 is a project within SIL's Non-Roman
Script Initiative and Language Software Development groups to provide rendering
capabilities for complex non-Roman writing systems. Graphite can be used to create
'smart fonts' capable of displaying writing systems with various complex
behaviors. With respect to the Text Encoding Model, Graphite handles the
'Rendering' aspect of writing system implementation.

The following packages have been upgraded to a newer upstream version:
graphite2 (1.3.10).

Security Fix(es):

* Various vulnerabilities have been discovered in Graphite2. An attacker
able to trick an unsuspecting user into opening specially crafted font
files in an application using Graphite2 could exploit these flaws to
disclose potentially sensitive memory, cause an application crash, or,
possibly, execute arbitrary code. (CVE-2017-7771, CVE-2017-7772,
CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777,
CVE-2017-7778)

Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Holger Fuhrmannek and Tyson Smith as the original
reporters of these issues.

Affected Software/OS:
graphite2 on Red Hat Enterprise Linux Server (v. 7)

Solution:
Please Install the Updated Packages.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2017-7771
Common Vulnerability Exposure (CVE) ID: CVE-2017-7772
Common Vulnerability Exposure (CVE) ID: CVE-2017-7773
Common Vulnerability Exposure (CVE) ID: CVE-2017-7774
Common Vulnerability Exposure (CVE) ID: CVE-2017-7775
Common Vulnerability Exposure (CVE) ID: CVE-2017-7776
Common Vulnerability Exposure (CVE) ID: CVE-2017-7777
Common Vulnerability Exposure (CVE) ID: CVE-2017-7778
BugTraq ID: 99057
http://www.securityfocus.com/bid/99057
Debian Security Information: DSA-3881 (Google Search)
https://www.debian.org/security/2017/dsa-3881
Debian Security Information: DSA-3894 (Google Search)
https://www.debian.org/security/2017/dsa-3894
Debian Security Information: DSA-3918 (Google Search)
https://www.debian.org/security/2017/dsa-3918
https://security.gentoo.org/glsa/201710-13
RedHat Security Advisories: RHSA-2017:1440
https://access.redhat.com/errata/RHSA-2017:1440
RedHat Security Advisories: RHSA-2017:1561
https://access.redhat.com/errata/RHSA-2017:1561
RedHat Security Advisories: RHSA-2017:1793
https://access.redhat.com/errata/RHSA-2017:1793
http://www.securitytracker.com/id/1038689
CopyrightCopyright (C) 2017 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.