Anfälligkeitssuche        Suche in 172616 CVE Beschreibungen
und 81291 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.851237
Kategorie:SuSE Local Security Checks
Titel:SUSE: Security Advisory for graphite2 (SUSE-SU-2016:0779-1)
Zusammenfassung:The remote host is missing an update for the 'graphite2'; package(s) announced via the referenced advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'graphite2'
package(s) announced via the referenced advisory.

Vulnerability Insight:
This update for graphite2 fixes the following issues:

- CVE-2016-1521: The directrun function in directmachine.cpp in
Libgraphite did not validate a certain skip operation, which allowed
remote attackers to execute arbitrary code, obtain sensitive information,
or cause a denial of service (out-of-bounds read and application crash)
via a crafted Graphite smart font.

- CVE-2016-1523: The SillMap::readFace function in FeatureMap.cpp in
Libgraphite mishandled a return value, which allowed remote attackers to
cause a denial of service (missing initialization, NULL pointer
dereference, and application crash) via a crafted Graphite smart font.

- CVE-2016-1526: The TtfUtil:LocaLookup function in TtfUtil.cpp in
Libgraphite incorrectly validated a size value, which allowed remote
attackers to obtain sensitive information or cause a denial of service
(out-of-bounds read and application crash) via a crafted Graphite smart
font.

Affected Software/OS:
graphite2 on SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Desktop 12

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2016-1521
BugTraq ID: 82991
http://www.securityfocus.com/bid/82991
Debian Security Information: DSA-3479 (Google Search)
http://www.debian.org/security/2016/dsa-3479
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184623.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177520.html
https://security.gentoo.org/glsa/201701-35
https://security.gentoo.org/glsa/201701-63
http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html
RedHat Security Advisories: RHSA-2016:0197
http://rhn.redhat.com/errata/RHSA-2016-0197.html
RedHat Security Advisories: RHSA-2016:0258
http://rhn.redhat.com/errata/RHSA-2016-0258.html
RedHat Security Advisories: RHSA-2016:0594
http://rhn.redhat.com/errata/RHSA-2016-0594.html
SuSE Security Announcement: SUSE-SU-2016:0779 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00052.html
SuSE Security Announcement: openSUSE-SU-2016:0791 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00058.html
SuSE Security Announcement: openSUSE-SU-2016:0875 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00088.html
http://www.ubuntu.com/usn/USN-2902-1
Common Vulnerability Exposure (CVE) ID: CVE-2016-1523
Debian Security Information: DSA-3477 (Google Search)
http://www.debian.org/security/2016/dsa-3477
Debian Security Information: DSA-3491 (Google Search)
http://www.debian.org/security/2016/dsa-3491
https://security.gentoo.org/glsa/201605-06
http://www.securitytracker.com/id/1035017
SuSE Security Announcement: SUSE-SU-2016:0554 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00053.html
SuSE Security Announcement: SUSE-SU-2016:0564 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00055.html
http://www.ubuntu.com/usn/USN-2904-1
Common Vulnerability Exposure (CVE) ID: CVE-2016-1526
RedHat Security Advisories: RHSA-2016:0695
http://rhn.redhat.com/errata/RHSA-2016-0695.html
CopyrightCopyright (C) 2016 Greenbone Networks GmbH

Dies ist nur einer von 81291 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.