Executive Summary

Summary
Title graphite2 vulnerabilities
Informations
Name USN-2927-1 First vendor Publication 2016-03-14
Vendor Ubuntu Last vendor Modification 2016-03-14
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 15.10 - Ubuntu 14.04 LTS

Summary:

graphite2 could be made to crash or run programs as your login if it opened a specially crafted font.

Software Description: - graphite2: Font rendering engine for Complex Scripts

Details:

It was discovered that graphite2 incorrectly handled certain malformed fonts. If a user or automated system were tricked into opening a specially- crafted font file, a remote attacker could use this issue to cause graphite2 to crash, resulting in a denial of service, or possibly execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 15.10:
libgraphite2-3 1.3.6-1ubuntu0.15.10.1

Ubuntu 14.04 LTS:
libgraphite2-3 1.3.6-1ubuntu0.14.04.1

This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart applications using graphite2, such as LibreOffice, to make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2927-1
CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792,
CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796,
CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800,
CVE-2016-2801, CVE-2016-2802

Package Information:
https://launchpad.net/ubuntu/+source/graphite2/1.3.6-1ubuntu0.15.10.1
https://launchpad.net/ubuntu/+source/graphite2/1.3.6-1ubuntu0.14.04.1

Original Source

Url : http://www.ubuntu.com/usn/USN-2927-1

CWE : Common Weakness Enumeration

% Id Name
86 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
14 % CWE-19 Data Handling

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 428
Application 13
Application 3
Os 1
Os 2
Os 3
Os 1

Snort® IPS/IDS

Date Description
2017-01-12 Nitro Pro PDF Reader out of bounds write attempt
RuleID : 41197 - Revision : 5 - Type : FILE-PDF
2017-01-12 Nitro Pro PDF Reader out of bounds write attempt
RuleID : 41196 - Revision : 5 - Type : FILE-PDF

Nessus® Vulnerability Scanner

Date Description
2017-05-01 Name : The remote EulerOS host is missing multiple security updates.
File : EulerOS_SA-2016-1002.nasl - Type : ACT_GATHER_INFO
2017-01-25 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201701-63.nasl - Type : ACT_GATHER_INFO
2016-07-11 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-851.nasl - Type : ACT_GATHER_INFO
2016-07-11 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-848.nasl - Type : ACT_GATHER_INFO
2016-05-31 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201605-06.nasl - Type : ACT_GATHER_INFO
2016-05-02 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2934-1.nasl - Type : ACT_GATHER_INFO
2016-04-20 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2917-3.nasl - Type : ACT_GATHER_INFO
2016-04-08 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2917-2.nasl - Type : ACT_GATHER_INFO
2016-04-01 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-0909-1.nasl - Type : ACT_GATHER_INFO
2016-03-28 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-402.nasl - Type : ACT_GATHER_INFO
2016-03-25 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-395.nasl - Type : ACT_GATHER_INFO
2016-03-21 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-0820-1.nasl - Type : ACT_GATHER_INFO
2016-03-21 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3520.nasl - Type : ACT_GATHER_INFO
2016-03-17 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2016-0460.nasl - Type : ACT_GATHER_INFO
2016-03-17 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-0777-1.nasl - Type : ACT_GATHER_INFO
2016-03-17 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20160316_thunderbird_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2016-03-17 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2016-0460.nasl - Type : ACT_GATHER_INFO
2016-03-17 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2016-0460.nasl - Type : ACT_GATHER_INFO
2016-03-15 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2927-1.nasl - Type : ACT_GATHER_INFO
2016-03-15 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-0727-1.nasl - Type : ACT_GATHER_INFO
2016-03-14 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-334.nasl - Type : ACT_GATHER_INFO
2016-03-14 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-332.nasl - Type : ACT_GATHER_INFO
2016-03-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3515.nasl - Type : ACT_GATHER_INFO
2016-03-11 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_38_7_esr.nasl - Type : ACT_GATHER_INFO
2016-03-11 Name : The remote Mac OS X host contains a web browser that is affected by multiple ...
File : macosx_firefox_38_7_esr.nasl - Type : ACT_GATHER_INFO
2016-03-11 Name : The remote Mac OS X host contains a web browser that is affected by multiple ...
File : macosx_firefox_45.nasl - Type : ACT_GATHER_INFO
2016-03-11 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_45.nasl - Type : ACT_GATHER_INFO
2016-03-10 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2917-1.nasl - Type : ACT_GATHER_INFO
2016-03-10 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20160309_firefox_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2016-03-10 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2016-0373.nasl - Type : ACT_GATHER_INFO
2016-03-10 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3510.nasl - Type : ACT_GATHER_INFO
2016-03-09 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2016-0373.nasl - Type : ACT_GATHER_INFO
2016-03-09 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2016-0373.nasl - Type : ACT_GATHER_INFO
2016-03-09 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_adffe823e6924921ae9c0b825c218372.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
Date Informations
2016-03-16 17:27:20
  • Multiple Updates
2016-03-16 13:26:09
  • Multiple Updates
2016-03-14 17:23:01
  • First insertion