2016-02-14
ALT-BU-2016-2582-1
Branch sisyphus update bulletin.
Package firefox-esr updated to version 38.6.1-alt1 for branch sisyphus in task 158840.
Closed vulnerabilities
Published: 2016-02-13
BDU:2016-00574
Уязвимость браузера Firefox ESR, программного средства рендеринга Graphite 2, почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
Severity: CRITICAL (9.3)
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
References:
Published: 2016-02-13
BDU:2016-00575
Уязвимость браузера Firefox ESR, программного средства рендеринга Graphite 2, почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.3)
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
References:
Published: 2016-02-13
BDU:2016-00576
Уязвимость браузера Firefox ESR, программного средства рендеринга Graphite 2, почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании или получить конфиденциальную информацию
Severity: MEDIUM (5.8)
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P
References:
Published: 2016-02-13
Modified: 2025-04-12
Modified: 2025-04-12
CVE-2016-1522
Code.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not consider recursive load calls during a size check, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via a crafted Graphite smart font.
Severity: CRITICAL (9.3)
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Severity: HIGH (8.8)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
- http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177520.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184623.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00058.html
- http://rhn.redhat.com/errata/RHSA-2016-0197.html
- http://rhn.redhat.com/errata/RHSA-2016-0258.html
- http://rhn.redhat.com/errata/RHSA-2016-0594.html
- http://www.debian.org/security/2016/dsa-3479
- http://www.mozilla.org/security/announce/2016/mfsa2016-14.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.securityfocus.com/bid/82991
- http://www.ubuntu.com/usn/USN-2902-1
- https://security.gentoo.org/glsa/201701-35
- https://security.gentoo.org/glsa/201701-63
- http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177520.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184623.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00058.html
- http://rhn.redhat.com/errata/RHSA-2016-0197.html
- http://rhn.redhat.com/errata/RHSA-2016-0258.html
- http://rhn.redhat.com/errata/RHSA-2016-0594.html
- http://www.debian.org/security/2016/dsa-3479
- http://www.mozilla.org/security/announce/2016/mfsa2016-14.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.securityfocus.com/bid/82991
- http://www.ubuntu.com/usn/USN-2902-1
- https://security.gentoo.org/glsa/201701-35
- https://security.gentoo.org/glsa/201701-63
Published: 2016-02-13
Modified: 2025-04-12
Modified: 2025-04-12
CVE-2016-1523
The SillMap::readFace function in FeatureMap.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, mishandles a return value, which allows remote attackers to cause a denial of service (missing initialization, NULL pointer dereference, and application crash) via a crafted Graphite smart font.
Severity: MEDIUM (4.3)
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (6.5)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177520.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184623.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00053.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00055.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00052.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00058.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00088.html
- http://rhn.redhat.com/errata/RHSA-2016-0197.html
- http://rhn.redhat.com/errata/RHSA-2016-0258.html
- http://rhn.redhat.com/errata/RHSA-2016-0594.html
- http://www.debian.org/security/2016/dsa-3477
- http://www.debian.org/security/2016/dsa-3479
- http://www.debian.org/security/2016/dsa-3491
- http://www.mozilla.org/security/announce/2016/mfsa2016-14.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.securityfocus.com/bid/82991
- http://www.securitytracker.com/id/1035017
- http://www.ubuntu.com/usn/USN-2902-1
- http://www.ubuntu.com/usn/USN-2904-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=1246093
- https://security.gentoo.org/glsa/201605-06
- https://security.gentoo.org/glsa/201701-35
- https://security.gentoo.org/glsa/201701-63
- http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177520.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184623.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00053.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00055.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00052.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00058.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00088.html
- http://rhn.redhat.com/errata/RHSA-2016-0197.html
- http://rhn.redhat.com/errata/RHSA-2016-0258.html
- http://rhn.redhat.com/errata/RHSA-2016-0594.html
- http://www.debian.org/security/2016/dsa-3477
- http://www.debian.org/security/2016/dsa-3479
- http://www.debian.org/security/2016/dsa-3491
- http://www.mozilla.org/security/announce/2016/mfsa2016-14.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.securityfocus.com/bid/82991
- http://www.securitytracker.com/id/1035017
- http://www.ubuntu.com/usn/USN-2902-1
- http://www.ubuntu.com/usn/USN-2904-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=1246093
- https://security.gentoo.org/glsa/201605-06
- https://security.gentoo.org/glsa/201701-35
- https://security.gentoo.org/glsa/201701-63
Published: 2016-02-13
Modified: 2025-04-12
Modified: 2025-04-12
CVE-2016-1526
The TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, incorrectly validates a size value, which allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font.
Severity: MEDIUM (5.8)
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P
Severity: HIGH (8.1)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
References:
- http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177520.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184623.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00052.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00058.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00088.html
- http://rhn.redhat.com/errata/RHSA-2016-0594.html
- http://rhn.redhat.com/errata/RHSA-2016-0695.html
- http://www.debian.org/security/2016/dsa-3479
- http://www.mozilla.org/security/announce/2016/mfsa2016-14.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.securityfocus.com/bid/82991
- http://www.ubuntu.com/usn/USN-2902-1
- https://security.gentoo.org/glsa/201701-35
- https://security.gentoo.org/glsa/201701-63
- http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177520.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184623.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00052.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00058.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00088.html
- http://rhn.redhat.com/errata/RHSA-2016-0594.html
- http://rhn.redhat.com/errata/RHSA-2016-0695.html
- http://www.debian.org/security/2016/dsa-3479
- http://www.mozilla.org/security/announce/2016/mfsa2016-14.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.securityfocus.com/bid/82991
- http://www.ubuntu.com/usn/USN-2902-1
- https://security.gentoo.org/glsa/201701-35
- https://security.gentoo.org/glsa/201701-63
No data currently available.
Package xfce4-panel updated to version 4.12.0-alt3 for branch sisyphus in task 158837.
Closed bugs
Не работает, хотя лезет
Closed vulnerabilities
Published: 2016-02-17
Modified: 2025-04-12
Modified: 2025-04-12
CVE-2013-7447
Integer overflow in the gdk_cairo_set_source_pixbuf function in gdk/gdkcairo.c in GTK+ before 3.9.8, as used in eom, gnome-photos, eog, gambas3, thunar, pinpoint, and possibly other applications, allows remote attackers to cause a denial of service (crash) via a large image file, which triggers a large memory allocation.
Severity: MEDIUM (4.3)
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (6.5)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- http://lists.opensuse.org/opensuse-updates/2016-03/msg00010.html
- http://www.openwall.com/lists/oss-security/2016/02/10/2
- http://www.openwall.com/lists/oss-security/2016/02/10/6
- http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
- http://www.securityfocus.com/bid/83239
- http://www.ubuntu.com/usn/USN-2898-1
- http://www.ubuntu.com/usn/USN-2898-2
- https://bugs.launchpad.net/ubuntu/+source/gtk+2.0/+bug/1540811
- https://bugzilla.gnome.org/show_bug.cgi?id=703220
- https://git.gnome.org/browse/gtk+/commit?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6
- https://git.gnome.org/browse/gtk+/tree/NEWS
- https://github.com/mate-desktop/eom/issues/93
- http://lists.opensuse.org/opensuse-updates/2016-03/msg00010.html
- http://www.openwall.com/lists/oss-security/2016/02/10/2
- http://www.openwall.com/lists/oss-security/2016/02/10/6
- http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
- http://www.securityfocus.com/bid/83239
- http://www.ubuntu.com/usn/USN-2898-1
- http://www.ubuntu.com/usn/USN-2898-2
- https://bugs.launchpad.net/ubuntu/+source/gtk+2.0/+bug/1540811
- https://bugzilla.gnome.org/show_bug.cgi?id=703220
- https://git.gnome.org/browse/gtk+/commit?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6
- https://git.gnome.org/browse/gtk+/tree/NEWS
- https://github.com/mate-desktop/eom/issues/93