graphite2 - security update

2016-02-1500:00:00

Google

osv.dev

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

JSON

Multiple vulnerabilities have been found in the Graphite font rendering
engine which might result in denial of service or the execution of
arbitrary code if a malformed font file is processed.

For the oldstable distribution (wheezy), these problems have been fixed
in version 1.3.5-1~deb7u1.

For the stable distribution (jessie), these problems have been fixed in
version 1.3.5-1~deb8u1.

For the testing distribution (stretch), these problems have been fixed
in version 1.3.5-1.

For the unstable distribution (sid), these problems have been fixed in
version 1.3.5-1.

We recommend that you upgrade your graphite2 packages.

CPENameOperatorVersion
graphite2eq1.3.2-3
graphite2eq1.3.0-1
graphite2eq1.3.0-2
graphite2eq1.3.3-1
graphite2eq1.2.4-3
graphite2eq1.3.5-1~deb7u1
graphite2eq1.3.2-4
graphite2eq1.3.4-1
graphite2eq1.3.2-1
graphite2eq1.3.4-2

Name	Operator	Version
graphite2	eq	1.3.2-3
graphite2	eq	1.3.0-1
graphite2	eq	1.3.0-2
graphite2	eq	1.3.3-1
graphite2	eq	1.2.4-3
graphite2	eq	1.3.5-1~deb7u1
graphite2	eq	1.3.2-4
graphite2	eq	1.3.4-1
graphite2	eq	1.3.2-1
graphite2	eq	1.3.4-2