Gentoo Linux Security Advisory 201701-63 - Multiple vulnerabilities have been found in Graphite, the worst of which could lead to the remote execution of arbitrary code. Versions less than 1.3.7 are affected.
757f34c27a3b3147e33cf6b8228d59efe5f86a09ecd02431cd1f5343997a83f3
Gentoo Linux Security Advisory 201701-35 - Multiple vulnerabilities have been found in Mozilla SeaMonkey, the worst of which could lead to the remote execution of arbitrary code. Versions less than 2.46-r1 are affected.
edb4103926996cc60bdbdba4e04c9d073a6b3369fcdbbd4d3088d21fac388142
Red Hat Security Advisory 2016-0594-01 - Graphite2 is a project within SIL's Non-Roman Script Initiative and Language Software Development groups to provide rendering capabilities for complex non-Roman writing systems. Graphite can be used to create "smart fonts" capable of displaying writing systems with various complex behaviors. With respect to the Text Encoding Model, Graphite handles the "Rendering" aspect of writing system implementation. The following packages have been upgraded to a newer upstream version: graphite2.
8245e814f0ff3ac5cb5d50adb975b1e87e9aa2734b464dc080a69a685a6503bf
Ubuntu Security Notice 2904-1 - Karthikeyan Bhargavan and Gaetan Leurent discovered that NSS incorrectly allowed MD5 to be used for TLS 1.2 connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. Yves Younan discovered that graphite2 incorrectly handled certain malformed fonts. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Various other issues were also addressed.
00e2112e476b8ee0ea01963d5d54a9bcdbba8012f5b17c74973a114b0b5d54cb
Debian Linux Security Advisory 3491-1 - Multiple security issues have been found in Icedove, Debian's version of integer overflows, buffer overflows and other implementation errors may lead to the execution of arbitrary code or denial of service.
da789ff35efec29f4e4ba6d3ad8fcb7147acd2e8c11c35d4d42e58f5405efaec
Ubuntu Security Notice 2902-1 - Yves Younan discovered that graphite2 incorrectly handled certain malformed fonts. If a user or automated system were tricked into opening a specially- crafted font file, a remote attacker could use this issue to cause graphite2 to crash, resulting in a denial of service, or possibly execute arbitrary code.
4ecb16d84a83cc63b11ddbf287df3bdab9b45a54ffb4113420c9511004c21441
Debian Linux Security Advisory 3479-1 - Multiple vulnerabilities have been found in the Graphite font rendering engine which might result in denial of service or the execution of arbitrary code if a malformed font file is processed.
d0e73d830bd0e10c507af71634a239a6ec899c968bbef3b77e0a766de4cc3467
Red Hat Security Advisory 2016-0197-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Multiple security flaws were found in the graphite2 font library shipped with Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. All Firefox users should upgrade to these updated packages, which contain Firefox version 38.6.1 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
936e217edeec064168d70fd655575a6acf9b4b927ff160b116e6463eddbf5ad3
Debian Linux Security Advisory 3477-1 - Holger Fuhrmannek discovered that missing input sanitising in the Graphite font rendering engine could result in the execution of arbitrary code.
f8fcce3447a12964a1c43791e3575e4eace08da6d78d9e251dbdcc8024254b2b