You are here
Home > Preporuke > Ranjivosti programskog paketa graphite2

Ranjivosti programskog paketa graphite2

  • Detalji os-a: FED
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

Fedora Update Notification
2016-02-21 16:23:38.006893

Name : graphite2
Product : Fedora 23
Version : 1.3.5
Release : 1.fc23
Summary : Font rendering capabilities for complex non-Roman writing systems
Description :
Graphite2 is a project within SIL’s Non-Roman Script Initiative and Language
Software Development groups to provide rendering capabilities for complex
non-Roman writing systems. Graphite can be used to create “smart fonts” capable
of displaying writing systems with various complex behaviors. With respect to
the Text Encoding Model, Graphite handles the “Rendering” aspect of writing
system implementation.

Update Information:

Security fix for CVE-2016-1521, CVE-2016-1522, CVE-2016-1523 and CVE-2016-1526

[ 1 ] Bug #1305806 – CVE-2016-1521 graphite2: Two out-of-bound read vulnerabilities triggered by crafted fonts [fedora-all]
[ 2 ] Bug #1308591 – CVE-2016-1526 graphite2: Out-of-bounds read vulnerability in TfUtil:LocaLookup [fedora-all]
[ 3 ] Bug #1305814 – CVE-2016-1523 graphite2: Heap-based buffer overflow in context item handling functionality [fedora-all]
[ 4 ] Bug #1305811 – CVE-2016-1522 graphite2: Null pointer dereference and out-of-bounds access vulnerabilities [fedora-all]

This update can be installed with the “yum” update program. Use
su -c ‘yum update graphite2’ at the command line.
For more information, refer to “Managing Software with yum”,
available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list

AutorTomislav Protega
Cert idNCERT-REF-2016-02-0014-ADV
CveCVE-2016-1521 CVE-2016-1522 CVE-2016-1523 CVE-2016-1526
ID izvornikaFEDORA-2016-4154
More in Preporuke
Sigurnosni nedostaci programskog paketa qemu

Otkriveni su sigurnosni nedostaci u programskom paketu qemu za operacijski sustav openSUSE. Otkriveni nedostaci potencijalnim napadačima omogućuju izvođenje napada uskraćivanja...