==========================================================================
Ubuntu Security Notice USN-2902-1
February 17, 2016

graphite2 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 15.10
– Ubuntu 14.04 LTS

Summary:

graphite2 could be made to crash or run programs as your login if it
opened a specially crafted font.

Software Description:
– graphite2: Font rendering engine for Complex Scripts

Details:

Yves Younan discovered that graphite2 incorrectly handled certain malformed
fonts. If a user or automated system were tricked into opening a specially-
crafted font file, a remote attacker could use this issue to cause
graphite2 to crash, resulting in a denial of service, or possibly execute
arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 15.10:
libgraphite2-3 1.2.4-3ubuntu1.1

Ubuntu 14.04 LTS:
libgraphite2-3 1.2.4-1ubuntu1.1

After a standard system update you need to restart applications using
graphite2, such as LibreOffice, to make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2902-1
CVE-2016-1521, CVE-2016-1522, CVE-2016-1523, CVE-2016-1526

Package Information:
https://launchpad.net/ubuntu/+source/graphite2/1.2.4-3ubuntu1.1
https://launchpad.net/ubuntu/+source/graphite2/1.2.4-1ubuntu1.1

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAEBCgAGBQJWxJYLAAoJEGVp2FWnRL6T7U8P/2hCxN+b5DxB6OcQUnKADB7g
CcGTivf33sIPyVjUGaQZuEUjBeMXJnkk5LXgx8wIEt5sktjJlXGqTLp5ivTabyZV
2xAXJ8QugDt5H1y9hqpsttr2XRSR2lIUKMiHhXlJT1WuuCsqAOpfQboA8DUywAlf
Uam5IRGVMyBEAADUw+DT8QtbA9bj8gEAMEOkU40VlGTUDKiWRnkxrqOZztkr0GsZ
CXYTTktQW9IhBxyCng72gZzgQhRojV2ipB129KRWPGdPbT03m4iuRukdvNUiqU5A
MMWCGdK0lvyPdaUWB3DwAHRnA0DT+ohy51/t3YQzCodKFapgHNhoOHNhovFq0YGu
VvEjUa/PK4ey76ug/7bYKlM8qz9TLa27N7pYltx3uhATtuDs8/r0S2DKD2mmZ60W
BhKDhFSUIzcX7m3bKjXdV4sGJOXtXsUGJAtnYT552DvJy0h16cMsMRo6N7Cnemrl
f3IRyt05p30WORu5udw2Q1zNpX+3dxsJVUzBWeR2HJlnxqM+Z8TNPlPTUY/jVOdE
4RtWlF1AH/Y6dYbB0MqddfK+tewOO25IrM6EyJJDNVp0/mk33XMrLBBpO6fvYCRu
cYzymLbKktMh2scj/m73b++eUvciWBlXarG2Rx01AgwejlZm/jh8tHxoGxyWEX+W
3yFMdyE5g3eSOiuk1UIT
=AXTZ
—–END PGP SIGNATURE—–
—