ALT Linux Team

Package thunderbird update in p7 on 2016-02-21

ALT-PU-2016-1142-1

Package thunderbird updated to version 38.6.0-alt0.M70P.1 for branch p7 in task 159759.

Closed vulnerabilities

Published: 2016-02-13

BDU:2016-00573

Уязвимость браузеров Firefox ESR и Firefox, программного средства рендеринга Graphite 2, почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании, получить конфиденциальную информацию или выполнить произвольный код

Severity: CRITICAL (9.3) Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
References:
Published: 2016-02-13

BDU:2016-00574

Уязвимость браузера Firefox ESR, программного средства рендеринга Graphite 2, почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: CRITICAL (9.3) Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
References:
Published: 2016-02-13

BDU:2016-00575

Уязвимость браузера Firefox ESR, программного средства рендеринга Graphite 2, почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
References:
Published: 2016-02-13

BDU:2016-00576

Уязвимость браузера Firefox ESR, программного средства рендеринга Graphite 2, почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании или получить конфиденциальную информацию

Severity: MEDIUM (5.8) Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P
References:
Published: 2016-02-13
Modified: 2025-04-12

CVE-2016-1521

The directrun function in directmachine.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not validate a certain skip operation, which allows remote attackers to execute arbitrary code, obtain sensitive information, or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font.

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2016-02-13
Modified: 2025-04-12

CVE-2016-1522

Code.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not consider recursive load calls during a size check, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via a crafted Graphite smart font.

Severity: CRITICAL (9.3) Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2016-02-13
Modified: 2025-04-12

CVE-2016-1523

The SillMap::readFace function in FeatureMap.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, mishandles a return value, which allows remote attackers to cause a denial of service (missing initialization, NULL pointer dereference, and application crash) via a crafted Graphite smart font.

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
Published: 2016-02-13
Modified: 2025-04-12

CVE-2016-1526

The TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, incorrectly validates a size value, which allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font.

Severity: MEDIUM (5.8) Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P
Severity: HIGH (8.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
References:

MFSA 2015-15

No data currently available.

MFSA 2016-01

No data currently available.

MFSA 2016-03

No data currently available.

MFSA 2016-14

No data currently available.

VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top