Описание
Security update for graphite2
This update for graphite2 fixes the following issues:
- CVE-2018-7999: Fixed a NULL pointer dereference vulnerability in Segment.cpp that may cause a denial of serivce (bsc#1084850).
Список пакетов
SUSE Linux Enterprise Desktop 12 SP2
libgraphite2-3-1.3.1-10.3.1
libgraphite2-3-32bit-1.3.1-10.3.1
SUSE Linux Enterprise Desktop 12 SP3
libgraphite2-3-1.3.1-10.3.1
libgraphite2-3-32bit-1.3.1-10.3.1
SUSE Linux Enterprise Server 12 SP2
libgraphite2-3-1.3.1-10.3.1
libgraphite2-3-32bit-1.3.1-10.3.1
SUSE Linux Enterprise Server 12 SP3
libgraphite2-3-1.3.1-10.3.1
libgraphite2-3-32bit-1.3.1-10.3.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
libgraphite2-3-1.3.1-10.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
libgraphite2-3-1.3.1-10.3.1
libgraphite2-3-32bit-1.3.1-10.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
libgraphite2-3-1.3.1-10.3.1
libgraphite2-3-32bit-1.3.1-10.3.1
SUSE Linux Enterprise Software Development Kit 12 SP2
graphite2-devel-1.3.1-10.3.1
SUSE Linux Enterprise Software Development Kit 12 SP3
graphite2-devel-1.3.1-10.3.1
Ссылки
- Link for SUSE-SU-2018:0858-1
- E-Mail link for SUSE-SU-2018:0858-1
- SUSE Security Ratings
- SUSE Bug 1084850
- SUSE CVE CVE-2018-7999 page
Описание
In libgraphite2 in graphite2 1.3.11, a NULL pointer dereference vulnerability was found in Segment.cpp during a dumbRendering operation, which may allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .ttf file.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:libgraphite2-3-1.3.1-10.3.1
SUSE Linux Enterprise Desktop 12 SP2:libgraphite2-3-32bit-1.3.1-10.3.1
SUSE Linux Enterprise Desktop 12 SP3:libgraphite2-3-1.3.1-10.3.1
SUSE Linux Enterprise Desktop 12 SP3:libgraphite2-3-32bit-1.3.1-10.3.1
Ссылки
- CVE-2018-7999
- SUSE Bug 1084850