[GLSA-201710-13] Graphite: Multiple vulnerabilities
Multiple vulnerabilities have been found in Graphite, the worst of which could lead to the remote execution of arbitrary code.
Background
Graphite is a “smart font” system developed specifically to handle
the complexities of lesser-known languages of the world.
Description
Multiple vulnerabilities have been discovered in Graphite. Please review
the referenced CVE identifiers for details.
Impact
A remote attacker could possibly execute arbitrary code with the
privileges of the process, cause a Denial of Service condition, or have
other unspecified impacts.
Workaround
There is no known workaround at this time.
Resolution
All Graphite users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-gfx/graphite2-1.3.10"
Package | Affected Version |
---|---|
pkg:ebuild/media-gfx/graphite2?distro=gentoo | < 1.3.10 |
Package | Unaffected Version |
---|---|
pkg:ebuild/media-gfx/graphite2?distro=gentoo | >= 1.3.10 |
- ID
- GLSA-201710-13
- Severity
- normal
- URL
- https://security.gentoo.org/glsa/201710-13
- Published
-
2017-10-13T00:00:00
(7 years ago) - Modified
-
2017-10-13T00:00:00
(7 years ago) - Rights
- Gentoo Foundation, Inc.
- Other Advisories
-
- ALAS-2017-872
- ASA-201706-19
- ASA-201706-20
- DSA-3881-1
- DSA-3894-1
- DSA-3918-1
- ELSA-2017-1440
- ELSA-2017-1561
- ELSA-2017-1793
- FEDORA-2017-03ef6281a8
- FEDORA-2017-d739368f0d
- FEDORA-2017-e0a9e51dd5
- FREEBSD:6CEC1B0A-DA15-467D-8691-1DEA392D4C8D
- GLSA-201802-03
- MFSA-2017-15
- MFSA-2017-16
- MFSA-2017-17
- openSUSE-SU-2017:1579-1
- RHSA-2017:1440
- RHSA-2017:1561
- RHSA-2017:1793
- SUSE-SU-2017:1669-1
- SUSE-SU-2017:2235-1
- USN-3315-1
- USN-3321-1
- USN-3398-1
Source | # ID | Name | URL |
---|---|---|---|
CVE | CVE-2017-7771 | CVE-2017-7771 | https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7771 |
CVE | CVE-2017-7772 | CVE-2017-7772 | https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7772 |
CVE | CVE-2017-7773 | CVE-2017-7773 | https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7773 |
CVE | CVE-2017-7774 | CVE-2017-7774 | https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7774 |
CVE | CVE-2017-7775 | CVE-2017-7775 | https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7775 |
CVE | CVE-2017-7776 | CVE-2017-7776 | https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7776 |
CVE | CVE-2017-7777 | CVE-2017-7777 | https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7777 |
CVE | CVE-2017-7778 | CVE-2017-7778 | https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7778 |
Bugzilla | 621724 | Bugzilla #621724 | https://bugs.gentoo.org/show_bug.cgi?id=621724 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |