ALT-BU-2017-3154-1
Branch p8 update bulletin.
Package libgraphite2 updated to version 1.3.10-alt0.M80P.1 for branch p8 in task 183731.
Closed vulnerabilities
BDU:2019-00228
Уязвимость функции lz4::decompress библиотеки Graphite 2 браузеров Mozilla Firefox и Mozilla Firefox ESR, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
BDU:2019-00229
Уязвимость graphite2::Silf::readGraphite библиотеки Graphite 2 браузеров Mozilla Firefox и Mozilla Firefox ESR, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
BDU:2019-00230
Уязвимость функции lz4::decompress библиотеки Graphite 2 браузеров Mozilla Firefox и Mozilla Firefox ESR, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
Modified: 2024-11-21
CVE-2017-7771
Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Pass::readPass function.
Modified: 2024-11-21
CVE-2017-7772
Heap-based Buffer Overflow in Graphite2 library in Firefox before 54 in lz4::decompress function.
Modified: 2024-11-21
CVE-2017-7773
Heap-based Buffer Overflow write in Graphite2 library in Firefox before 54 in lz4::decompress src/Decompressor.
Modified: 2024-11-21
CVE-2017-7774
Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Silf::readGraphite function.
Modified: 2024-11-21
CVE-2017-7776
Heap-based Buffer Overflow read in Graphite2 library in Firefox before 54 in graphite2::Silf::getClassGlyph.
Modified: 2024-11-21
CVE-2017-7777
Use of uninitialized memory in Graphite2 library in Firefox before 54 in graphite2::GlyphCache::Loader::read_glyph function.
Modified: 2024-11-21
CVE-2017-7778
A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.
- 99057
- 99057
- 1038689
- 1038689
- RHSA-2017:1440
- RHSA-2017:1440
- RHSA-2017:1561
- RHSA-2017:1561
- RHSA-2017:1793
- RHSA-2017:1793
- https://bugzilla.mozilla.org/show_bug.cgi?id=1349310
- https://bugzilla.mozilla.org/show_bug.cgi?id=1349310
- https://bugzilla.mozilla.org/show_bug.cgi?id=1350047
- https://bugzilla.mozilla.org/show_bug.cgi?id=1350047
- https://bugzilla.mozilla.org/show_bug.cgi?id=1352745
- https://bugzilla.mozilla.org/show_bug.cgi?id=1352745
- https://bugzilla.mozilla.org/show_bug.cgi?id=1352747
- https://bugzilla.mozilla.org/show_bug.cgi?id=1352747
- https://bugzilla.mozilla.org/show_bug.cgi?id=1355174
- https://bugzilla.mozilla.org/show_bug.cgi?id=1355174
- https://bugzilla.mozilla.org/show_bug.cgi?id=1355182
- https://bugzilla.mozilla.org/show_bug.cgi?id=1355182
- https://bugzilla.mozilla.org/show_bug.cgi?id=1356607
- https://bugzilla.mozilla.org/show_bug.cgi?id=1356607
- https://bugzilla.mozilla.org/show_bug.cgi?id=1358551
- https://bugzilla.mozilla.org/show_bug.cgi?id=1358551
- GLSA-201710-13
- GLSA-201710-13
- DSA-3881
- DSA-3881
- DSA-3894
- DSA-3894
- DSA-3918
- DSA-3918
- https://www.mozilla.org/security/advisories/mfsa2017-15/
- https://www.mozilla.org/security/advisories/mfsa2017-15/
- https://www.mozilla.org/security/advisories/mfsa2017-16/
- https://www.mozilla.org/security/advisories/mfsa2017-16/
- https://www.mozilla.org/security/advisories/mfsa2017-17/
- https://www.mozilla.org/security/advisories/mfsa2017-17/
Closed vulnerabilities
Modified: 2024-11-21
CVE-2017-9545
The next_text function in src/libmpg123/id3.c in mpg123 1.24.0 allows remote attackers to cause a denial of service (buffer over-read) via a crafted mp3 file.