[GLSA-201710-13] Graphite: Multiple vulnerabilities

Severity Normal

Affected Packages 1

Unaffected Packages 1

CVEs 8

Multiple vulnerabilities have been found in Graphite, the worst of which could lead to the remote execution of arbitrary code.

Background
Graphite is a “smart font” system developed specifically to handle
the complexities of lesser-known languages of the world.

Description
Multiple vulnerabilities have been discovered in Graphite. Please review
the referenced CVE identifiers for details.

Impact
A remote attacker could possibly execute arbitrary code with the
privileges of the process, cause a Denial of Service condition, or have
other unspecified impacts.

Workaround
There is no known workaround at this time.

Resolution
All Graphite users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=media-gfx/graphite2-1.3.10"

Package	Affected Version
pkg:ebuild/media-gfx/graphite2?distro=gentoo	< 1.3.10

Package	Unaffected Version
pkg:ebuild/media-gfx/graphite2?distro=gentoo	>= 1.3.10

ID

GLSA-201710-13

Severity

normal

URL

https://security.gentoo.org/glsa/201710-13

Published

2017-10-13T00:00:00
(7 years ago)

Modified

2017-10-13T00:00:00
(7 years ago)

Rights

Gentoo Foundation, Inc.

Other Advisories

Source	# ID	Name	URL
CVE	CVE-2017-7771	CVE-2017-7771	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7771
CVE	CVE-2017-7772	CVE-2017-7772	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7772
CVE	CVE-2017-7773	CVE-2017-7773	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7773
CVE	CVE-2017-7774	CVE-2017-7774	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7774
CVE	CVE-2017-7775	CVE-2017-7775	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7775
CVE	CVE-2017-7776	CVE-2017-7776	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7776
CVE	CVE-2017-7777	CVE-2017-7777	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7777
CVE	CVE-2017-7778	CVE-2017-7778	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7778
Bugzilla	621724	Bugzilla #621724	https://bugs.gentoo.org/show_bug.cgi?id=621724

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:ebuild/media-gfx/graphite2?distro=gentoo	media-gfx	graphite2	< 1.3.10	gentoo
Unaffected	pkg:ebuild/media-gfx/graphite2?distro=gentoo	media-gfx	graphite2	>= 1.3.10	gentoo

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date