Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 7 articles for you...
172
security advisorycritical issueUbuntuUbuntu 16.04 ESM USN-5657-1 Critical: Graphite2 Denial Of Service
Graphite2 could be made to crash if it opened a specially crafted file.. =========================================================================Ubuntu Security Notice USN-5657-1 October 05, 2022 graphite2 vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM Summary: Graphite2 could be made to crash if it opened a specially crafted file. Software Description: - graphite2: Font rendering engine for Complex Scripts Details: It was discovered that Graphite2 mishandled specially crafted files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: libgraphite2-3 1.3.10-0ubuntu0.16.04.1+esm1 In general, a standard system update will make all the necessary changes. References: CVE-2018-7999 . The recent notification regarding a Graphite2 security flaw in Ubuntu systems uncovers a risk of denial of service stemming from improper file management.. Graphite2 Issue, Denial Of Service, Ubuntu Advisory. . Severity: Critical. LinuxSecurity.com Team
Oct 06, 2022
•Critical
Ubuntu
199
security advisorycritical issueupdateCritical Graphite2 Update for CentOS 7 CESA-2017-1793 Released
Upstream details at : https://access.redhat.com/errata/RHSA-2017:1793. CentOS Errata and Security Advisory 2017:1793 Important Upstream details at : https://access.redhat.com/errata/RHSA-2017:1793 The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: c3e6a22ff94cc8f2dff08a00f4fb2bdf24dad7c113f2e92e57ab2d58f2395b0c graphite2-1.3.10-1.el7_3.i686.rpm 06cc9092a8016778f4708c4d6443e76e4bc628b047dc83af8155ee694e6035df graphite2-1.3.10-1.el7_3.x86_64.rpm 9b929a1b6f97f17de020928bc2d58db1d98a975bcbd49eccbc9e14ac240c061e graphite2-devel-1.3.10-1.el7_3.i686.rpm 0f0ffdc164dc72b02f7de2147b50b1db15f3c5597d6cd34de7788a4804c8da30 graphite2-devel-1.3.10-1.el7_3.x86_64.rpm Source: 346757f69f162461ef4a26d2e08994c53837f4858c5a64fc46d0e483f522f2b5 graphite2-1.3.10-1.el7_3.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #
Jul 21, 2017
•Critical
CentOS
200
security advisoryimportantapplication crashImportant Security Fix for Graphite2 in SciLinux: SLSA-2017-1793-1
Various vulnerabilities have been discovered in Graphite2. An attacker able to trick an unsuspecting user into opening specially crafted font files in an application using Graphite2 could exploit these flaws to disclose potentially sensitive memory, cause an application crash, or, possibly, execute arbitrary code. (CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE- [More...]. Synopsis: Important: graphite2 security update Advisory ID: SLSA-2017:1793-1 Issue Date: 2017-07-21 CVE Numbers: CVE-2017-7778 CVE-2017-7771 CVE-2017-7772 CVE-2017-7773 CVE-2017-7774 CVE-2017-7775 CVE-2017-7776 CVE-2017-7777 -- The following packages have been upgraded to a newer upstream version: graphite2 (1.3.10). Security Fix(es): * Various vulnerabilities have been discovered in Graphite2. An attacker able to trick an unsuspecting user into opening specially crafted font files in an application using Graphite2 could exploit these flaws to disclose potentially sensitive memory, cause an application crash, or, possibly, execute arbitrary code. (CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777, CVE-2017-7778) -- SL7 x86_64 graphite2-1.3.10-1.el7_3.i686.rpm graphite2-1.3.10-1.el7_3.x86_64.rpm graphite2-debuginfo-1.3.10-1.el7_3.i686.rpm graphite2-debuginfo-1.3.10-1.el7_3.x86_64.rpm graphite2-devel-1.3.10-1.el7_3.i686.rpm graphite2-devel-1.3.10-1.el7_3.x86_64.rpm - Scientific Linux Development Team . Essential graphite2 patch enhances security by addressing multiple vulnerabilities affecting user applications. An upgrade is recommended to ensure maximum safety.. Graphite2 Update, Security Advisory, SL7 Update, Application Vulnerabilities. . Severity: Important. LinuxSecurity.com Team
Jul 21, 2017
•Important
Scientific Linux
197
security advisorydenial of servicedebianDebian 7 DLA-1013-1: Moderate DoS Risk in Graphite2 Font Engine
Multiple vulnerabilities have been found in the Graphite font rendering engine which might result in denial of service or the execution of arbitrary code if a malformed font file is processed. . Hash: SHA512 Package : graphite2 Version : 1.3.10-1~deb7u1 CVE ID : CVE-2017-7771 CVE-2017-7772 CVE-2017-7773 CVE-2017-7774 CVE-2017-7775 CVE-2017-7776 CVE-2017-7777 CVE-2017-7778 Multiple vulnerabilities have been found in the Graphite font rendering engine which might result in denial of service or the execution of arbitrary code if a malformed font file is processed. For Debian 7 "Wheezy", these problems have been fixed in version 1.3.10-1~deb7u1. We recommend that you upgrade your graphite2 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Upgrade the graphite2 package on your Debian 7 system to boost security and fix vulnerabilities that may lead to denial of service or code execution risks Follow the steps below. Graphite2 Security Update, Debian LTS Advisory, Denial of Service, Security Patch. . LinuxSecurity.com Team
Jul 05, 2017
Debian LTS
87
security advisorydenial of servicecriticalDebian: DSA-3894-1 Critical: Graphite2 Denial of Service
Multiple vulnerabilities have been found in the Graphite font rendering engine which might result in denial of service or the execution of arbitrary code if a malformed font file is processed. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3894-1
Jun 22, 2017
•Critical
Debian
202
security advisoryupdatecode executionopenSUSE: 2017:1273-1 Important: Graphite2 Code Execution Issue
An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.. openSUSE Security Update: Security update for graphite2 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2017:1273-1 Rating: important References: #1035204 Cross-References: CVE-2017-5436 Affected Products: openSUSE Leap 42.2 openSUSE Leap 42.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for graphite2 fixes one issue. This security issues was fixed: - CVE-2017-5436: An out-of-bounds write triggered with a maliciously crafted Graphite font could lead to a crash or potentially code execution (bsc#1035204). This update was imported from the SUSE:SLE-12:Update update project. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.2: zypper in -t patch openSUSE-2017-570=1 - openSUSE Leap 42.1: zypper in -t patch openSUSE-2017-570=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.2 (i586 x86_64): graphite2-1.3.1-4.3.1 graphite2-debuginfo-1.3.1-4.3.1 graphite2-debugsource-1.3.1-4.3.1 graphite2-devel-1.3.1-4.3.1 libgraphite2-3-1.3.1-4.3.1 libgraphite2-3-debuginfo-1.3.1-4.3.1 - openSUSE Leap 42.2 (x86_64): libgraphite2-3-32bit-1.3.1-4.3.1 libgraphite2-3-debuginfo-32bit-1.3.1-4.3.1 - openSUSE Leap 42.1 (i586 x86_64): graphite2-1.3.1-6.1 graphite2-debuginfo-1.3.1-6.1 graphite2-debugsource-1.3.1-6.1 graphite2-devel-1.3.1-6.1 libgraphite2-3-1.3.1-6.1 libgraphite2-3-debuginfo-1.3.1-6.1 - openSUSELeap 42.1 (x86_64): libgraphite2-3-32bit-1.3.1-6.1 libgraphite2-3-debuginfo-32bit-1.3.1-6.1 References: https://www.suse.com/security/cve/CVE-2017-5436.html https://bugzilla.suse.com/1035204 . The recent update for graphite2 addresses a critical security vulnerability, as detailed in announcement ID openSUSE-SU-2017:1273-1.. openSUSE, graphite2, important patch, code execution fix. . Severity: Important. LinuxSecurity.com Team
May 15, 2017
•Important
OpenSUSE
100
security advisorysecurity issuecode executionSUSE Linux: 2017:1149-1 Important: Graphite2 Code Execution Risk
An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.. SUSE Security Update: Security update for graphite2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1149-1 Rating: important References: #1035204 Cross-References: CVE-2017-5436 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for graphite2 fixes one issue. This security issues was fixed: - CVE-2017-5436: An out-of-bounds write triggered with a maliciously crafted Graphite font could lead to a crash or potentially code execution (bsc#1035204). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-668=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-668=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-668=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-668=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-668=1 - SUSE LinuxEnterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-668=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-668=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): graphite2-debuginfo-1.3.1-9.1 graphite2-debugsource-1.3.1-9.1 graphite2-devel-1.3.1-9.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): graphite2-debuginfo-1.3.1-9.1 graphite2-debugsource-1.3.1-9.1 graphite2-devel-1.3.1-9.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): graphite2-debuginfo-1.3.1-9.1 graphite2-debugsource-1.3.1-9.1 libgraphite2-3-1.3.1-9.1 libgraphite2-3-debuginfo-1.3.1-9.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): graphite2-debuginfo-1.3.1-9.1 graphite2-debugsource-1.3.1-9.1 libgraphite2-3-1.3.1-9.1 libgraphite2-3-debuginfo-1.3.1-9.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libgraphite2-3-32bit-1.3.1-9.1 libgraphite2-3-debuginfo-32bit-1.3.1-9.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): graphite2-debuginfo-1.3.1-9.1 graphite2-debugsource-1.3.1-9.1 libgraphite2-3-1.3.1-9.1 libgraphite2-3-debuginfo-1.3.1-9.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libgraphite2-3-32bit-1.3.1-9.1 libgraphite2-3-debuginfo-32bit-1.3.1-9.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): graphite2-debuginfo-1.3.1-9.1 graphite2-debugsource-1.3.1-9.1 libgraphite2-3-1.3.1-9.1 libgraphite2-3-32bit-1.3.1-9.1 libgraphite2-3-debuginfo-1.3.1-9.1 libgraphite2-3-debuginfo-32bit-1.3.1-9.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): graphite2-debuginfo-1.3.1-9.1 graphite2-debugsource-1.3.1-9.1 libgraphite2-3-1.3.1-9.1 libgraphite2-3-32bit-1.3.1-9.1 libgraphite2-3-debuginfo-1.3.1-9.1 libgraphite2-3-debuginfo-32bit-1.3.1-9.1 References: https://www.suse.com/security/cve/CVE-2017-5436.html https://bugzilla.suse.com/1035204 . Critical patch released for graphite2 on SUSE: addresses serious vulnerabilities that could result in system instability or unauthorized code execution.. SUSE Security Update, Graphite2 Fix, Critical Security Patch. . Severity: Important. LinuxSecurity.com Team
May 02, 2017
•Important
SuSE
200
security advisorycriticalcode executionScientific Linux SL7.x Important: Graphite2 Security Issue
Important: graphite2 security, bug fix, and . Date: Wed, 6 Apr 2016 14:46:17 -0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific Linux From: Pat Riehecky Subject: Security ERRATA Important: graphite2 on SL7.x x86_64 MIME-Version: 1.0 Message-ID: Synopsis: Important: graphite2 security, bug fix, and Advisory ID: SLSA-2016:0594-1 Issue Date: 2016-04-06 CVE Numbers: CVE-2016-1521 CVE-2016-1522 CVE-2016-1523 CVE-2016-1526 -- The following packages have been upgraded to a newer upstream version: graphite2 (1.3.6). Security Fix(es): * Various vulnerabilities have been discovered in Graphite2. An attacker able to trick an unsuspecting user into opening specially crafted font files in an application using Graphite2 could exploit these flaws to cause the application to crash or, potentially, execute arbitrary code with the privileges of the application. (CVE-2016-1521, CVE-2016-1522, CVE-2016-1523, CVE-2016-1526) -- SL7 x86_64 graphite2-1.3.6-1.el7_2.i686.rpm graphite2-1.3.6-1.el7_2.x86_64.rpm graphite2-debuginfo-1.3.6-1.el7_2.i686.rpm graphite2-debuginfo-1.3.6-1.el7_2.x86_64.rpm graphite2-devel-1.3.6-1.el7_2.i686.rpm graphite2-devel-1.3.6-1.el7_2.x86_64.rpm - Scientific Linux Development Team . Security notice regarding graphite2 on Scientific Linux SL7.x x86_64, addressing severe vulnerabilities that may result in unauthorized code execution.. Graphite2 Security, Scientific Linux Updates, Critical Security Advisory. . Severity: Important. LinuxSecurity.com Team
Apr 06, 2016
•Important
Scientific Linux
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!