SCIENTIFIC-LINUX-ERRATA Archives

July 2017

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Important: graphite2 on SL7.x x86_64
From:
Pat Riehecky <[log in to unmask]>
Reply To:
[log in to unmask]
Date:
Fri, 21 Jul 2017 13:55:10 -0000
Content-Type:
text/plain
Parts/Attachments:
text/plain (38 lines) 
Synopsis:          Important: graphite2 security update
Advisory ID:       SLSA-2017:1793-1
Issue Date:        2017-07-21
CVE Numbers:       CVE-2017-7778
                   CVE-2017-7771
                   CVE-2017-7772
                   CVE-2017-7773
                   CVE-2017-7774
                   CVE-2017-7775
                   CVE-2017-7776
                   CVE-2017-7777
--

The following packages have been upgraded to a newer upstream version:
graphite2 (1.3.10).

Security Fix(es):

* Various vulnerabilities have been discovered in Graphite2. An attacker
able to trick an unsuspecting user into opening specially crafted font
files in an application using Graphite2 could exploit these flaws to
disclose potentially sensitive memory, cause an application crash, or,
possibly, execute arbitrary code. (CVE-2017-7771, CVE-2017-7772,
CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777,
CVE-2017-7778)
--

SL7
  x86_64
    graphite2-1.3.10-1.el7_3.i686.rpm
    graphite2-1.3.10-1.el7_3.x86_64.rpm
    graphite2-debuginfo-1.3.10-1.el7_3.i686.rpm
    graphite2-debuginfo-1.3.10-1.el7_3.x86_64.rpm
    graphite2-devel-1.3.10-1.el7_3.i686.rpm
    graphite2-devel-1.3.10-1.el7_3.x86_64.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2