Vulnerabilities > CVE-2016-1526 - Information Exposure vulnerability in multiple products

047910
CVSS 8.1 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
debian
mozilla
sil
fedoraproject
CWE-200
nessus

Summary

The TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, incorrectly validates a size value, which allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font.

Vulnerable Configurations

Part Description Count
OS
Debian
2
OS
Fedoraproject
2
Application
Mozilla
279
Application
Sil
1

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Subverting Environment Variable Values
    The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
  • Footprinting
    An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
  • Exploiting Trust in Client (aka Make the Client Invisible)
    An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
  • Browser Fingerprinting
    An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
  • Session Credential Falsification through Prediction
    This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.

Nessus

  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2016-0594.NASL
    descriptionFrom Red Hat Security Advisory 2016:0594 : An update for graphite2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Graphite2 is a project within SIL
    last seen2020-06-01
    modified2020-06-02
    plugin id90384
    published2016-04-07
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90384
    titleOracle Linux 7 : graphite2 (ELSA-2016-0594)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2016:0594 and 
    # Oracle Linux Security Advisory ELSA-2016-0594 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(90384);
      script_version("2.6");
      script_cvs_date("Date: 2019/09/27 13:00:37");
    
      script_cve_id("CVE-2016-1521", "CVE-2016-1522", "CVE-2016-1523", "CVE-2016-1526");
      script_xref(name:"RHSA", value:"2016:0594");
    
      script_name(english:"Oracle Linux 7 : graphite2 (ELSA-2016-0594)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2016:0594 :
    
    An update for graphite2 is now available for Red Hat Enterprise Linux
    7.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    Graphite2 is a project within SIL's Non-Roman Script Initiative and
    Language Software Development groups to provide rendering capabilities
    for complex non-Roman writing systems. Graphite can be used to create
    'smart fonts' capable of displaying writing systems with various
    complex behaviors. With respect to the Text Encoding Model, Graphite
    handles the 'Rendering' aspect of writing system implementation.
    
    The following packages have been upgraded to a newer upstream version:
    graphite2 (1.3.6).
    
    Security Fix(es) :
    
    * Various vulnerabilities have been discovered in Graphite2. An
    attacker able to trick an unsuspecting user into opening specially
    crafted font files in an application using Graphite2 could exploit
    these flaws to cause the application to crash or, potentially, execute
    arbitrary code with the privileges of the application. (CVE-2016-1521,
    CVE-2016-1522, CVE-2016-1523, CVE-2016-1526)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2016-April/005941.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected graphite2 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:graphite2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:graphite2-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/02/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/04/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/04/07");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 7", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"graphite2-1.3.6-1.el7_2")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"graphite2-devel-1.3.6-1.el7_2")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "graphite2 / graphite2-devel");
    }
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2016-0594.NASL
    descriptionAn update for graphite2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Graphite2 is a project within SIL
    last seen2020-06-01
    modified2020-06-02
    plugin id90368
    published2016-04-07
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90368
    titleCentOS 7 : graphite2 (CESA-2016:0594)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2016:0594 and 
    # CentOS Errata and Security Advisory 2016:0594 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(90368);
      script_version("2.8");
      script_cvs_date("Date: 2020/01/02");
    
      script_cve_id("CVE-2016-1521", "CVE-2016-1522", "CVE-2016-1523", "CVE-2016-1526");
      script_xref(name:"RHSA", value:"2016:0594");
    
      script_name(english:"CentOS 7 : graphite2 (CESA-2016:0594)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for graphite2 is now available for Red Hat Enterprise Linux
    7.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    Graphite2 is a project within SIL's Non-Roman Script Initiative and
    Language Software Development groups to provide rendering capabilities
    for complex non-Roman writing systems. Graphite can be used to create
    'smart fonts' capable of displaying writing systems with various
    complex behaviors. With respect to the Text Encoding Model, Graphite
    handles the 'Rendering' aspect of writing system implementation.
    
    The following packages have been upgraded to a newer upstream version:
    graphite2 (1.3.6).
    
    Security Fix(es) :
    
    * Various vulnerabilities have been discovered in Graphite2. An
    attacker able to trick an unsuspecting user into opening specially
    crafted font files in an application using Graphite2 could exploit
    these flaws to cause the application to crash or, potentially, execute
    arbitrary code with the privileges of the application. (CVE-2016-1521,
    CVE-2016-1522, CVE-2016-1523, CVE-2016-1526)"
      );
      # https://lists.centos.org/pipermail/centos-announce/2016-April/021811.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?ee650ebf"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected graphite2 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-1522");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:graphite2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:graphite2-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/02/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/04/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/04/07");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 7.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"graphite2-1.3.6-1.el7_2")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"graphite2-devel-1.3.6-1.el7_2")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "graphite2 / graphite2-devel");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-0779-1.NASL
    descriptionThis update for graphite2 fixes the following issues : - CVE-2016-1521: The directrun function in directmachine.cpp in Libgraphite did not validate a certain skip operation, which allowed remote attackers to execute arbitrary code, obtain sensitive information, or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font. - CVE-2016-1523: The SillMap::readFace function in FeatureMap.cpp in Libgraphite mishandled a return value, which allowed remote attackers to cause a denial of service (missing initialization, NULL pointer dereference, and application crash) via a crafted Graphite smart font. - CVE-2016-1526: The TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite incorrectly validated a size value, which allowed remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id89991
    published2016-03-17
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89991
    titleSUSE SLED12 / SLES12 Security Update : graphite2 (SUSE-SU-2016:0779-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2016:0779-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(89991);
      script_version("2.12");
      script_cvs_date("Date: 2019/09/11 11:22:13");
    
      script_cve_id("CVE-2016-1521", "CVE-2016-1523", "CVE-2016-1526");
    
      script_name(english:"SUSE SLED12 / SLES12 Security Update : graphite2 (SUSE-SU-2016:0779-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for graphite2 fixes the following issues :
    
      - CVE-2016-1521: The directrun function in
        directmachine.cpp in Libgraphite did not validate a
        certain skip operation, which allowed remote attackers
        to execute arbitrary code, obtain sensitive information,
        or cause a denial of service (out-of-bounds read and
        application crash) via a crafted Graphite smart font.
    
      - CVE-2016-1523: The SillMap::readFace function in
        FeatureMap.cpp in Libgraphite mishandled a return value,
        which allowed remote attackers to cause a denial of
        service (missing initialization, NULL pointer
        dereference, and application crash) via a crafted
        Graphite smart font.
    
      - CVE-2016-1526: The TtfUtil:LocaLookup function in
        TtfUtil.cpp in Libgraphite incorrectly validated a size
        value, which allowed remote attackers to obtain
        sensitive information or cause a denial of service
        (out-of-bounds read and application crash) via a crafted
        Graphite smart font.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=965803"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=965807"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=965810"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-1521/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-1523/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-1526/"
      );
      # https://www.suse.com/support/update/announcement/2016/suse-su-20160779-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?d13e369a"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Software Development Kit 12-SP1 :
    
    zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-456=1
    
    SUSE Linux Enterprise Software Development Kit 12 :
    
    zypper in -t patch SUSE-SLE-SDK-12-2016-456=1
    
    SUSE Linux Enterprise Server 12-SP1 :
    
    zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-456=1
    
    SUSE Linux Enterprise Server 12 :
    
    zypper in -t patch SUSE-SLE-SERVER-12-2016-456=1
    
    SUSE Linux Enterprise Desktop 12-SP1 :
    
    zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-456=1
    
    SUSE Linux Enterprise Desktop 12 :
    
    zypper in -t patch SUSE-SLE-DESKTOP-12-2016-456=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:graphite2-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:graphite2-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libgraphite2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libgraphite2-3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libgraphite2-3-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/02/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/03/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/17");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(0|1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0/1", os_ver + " SP" + sp);
    if (os_ver == "SLED12" && (! preg(pattern:"^(0|1)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP0/1", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"1", reference:"graphite2-debuginfo-1.3.1-6.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"graphite2-debugsource-1.3.1-6.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libgraphite2-3-1.3.1-6.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libgraphite2-3-debuginfo-1.3.1-6.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libgraphite2-3-32bit-1.3.1-6.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libgraphite2-3-debuginfo-32bit-1.3.1-6.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"graphite2-debuginfo-1.3.1-6.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"graphite2-debugsource-1.3.1-6.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libgraphite2-3-1.3.1-6.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libgraphite2-3-debuginfo-1.3.1-6.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libgraphite2-3-32bit-1.3.1-6.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libgraphite2-3-debuginfo-32bit-1.3.1-6.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"graphite2-debuginfo-1.3.1-6.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"graphite2-debugsource-1.3.1-6.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libgraphite2-3-1.3.1-6.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libgraphite2-3-32bit-1.3.1-6.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libgraphite2-3-debuginfo-1.3.1-6.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libgraphite2-3-debuginfo-32bit-1.3.1-6.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"graphite2-debuginfo-1.3.1-6.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"graphite2-debugsource-1.3.1-6.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libgraphite2-3-1.3.1-6.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libgraphite2-3-32bit-1.3.1-6.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libgraphite2-3-debuginfo-1.3.1-6.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libgraphite2-3-debuginfo-32bit-1.3.1-6.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "graphite2");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2016-1013.NASL
    descriptionAccording to the versions of the graphite2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Various vulnerabilities have been discovered in Graphite2. An attacker able to trick an unsuspecting user into opening specially crafted font files in an application using Graphite2 could exploit these flaws to cause the application to crash or, potentially, execute arbitrary code with the privileges of the application. (CVE-2016-1521, CVE-2016-1522, CVE-2016-1523, CVE-2016-1526) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2017-05-01
    plugin id99776
    published2017-05-01
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99776
    titleEulerOS 2.0 SP1 : graphite2 (EulerOS-SA-2016-1013)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(99776);
      script_version("1.12");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04");
    
      script_cve_id(
        "CVE-2016-1521",
        "CVE-2016-1522",
        "CVE-2016-1523",
        "CVE-2016-1526"
      );
    
      script_name(english:"EulerOS 2.0 SP1 : graphite2 (EulerOS-SA-2016-1013)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the graphite2 package installed, the
    EulerOS installation on the remote host is affected by the following
    vulnerabilities :
    
      - Various vulnerabilities have been discovered in
        Graphite2. An attacker able to trick an unsuspecting
        user into opening specially crafted font files in an
        application using Graphite2 could exploit these flaws
        to cause the application to crash or, potentially,
        execute arbitrary code with the privileges of the
        application. (CVE-2016-1521, CVE-2016-1522,
        CVE-2016-1523, CVE-2016-1526)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2016-1013
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?6e42d4ac");
      script_set_attribute(attribute:"solution", value:
    "Update the affected graphite2 packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2016/04/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/05/01");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:graphite2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(1)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP1");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP1", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["graphite2-1.3.6-1"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"1", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "graphite2");
    }
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2016-0695.NASL
    descriptionAn update for firefox is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.1.0 ESR. Security Fix(es) : * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-2805, CVE-2016-2806, CVE-2016-2807, CVE-2016-2808, CVE-2016-2814) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Phil Ringalda, CESG (the Information Security Arm of GCHQ), Sascha Just, Jesse Ruderman, Christian Holler, Tyson Smith, Boris Zbarsky, David Bolter, Carsten Book, Mats Palmgren, Gary Kwong, and Randell Jesup as the original reporters.
    last seen2020-06-01
    modified2020-06-02
    plugin id90723
    published2016-04-27
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90723
    titleCentOS 5 / 6 / 7 : firefox (CESA-2016:0695)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2016-696.NASL
    descriptionSeveral vulnerabilities were discovered in Graphite2. An attacker able to trick an unsuspecting user into opening specially crafted font files in an application using Graphite2 could exploit these flaws to cause the application to crash or, potentially, execute arbitrary code with the privileges of the application.
    last seen2020-06-01
    modified2020-06-02
    plugin id90865
    published2016-05-04
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/90865
    titleAmazon Linux AMI : graphite2 (ALAS-2016-696)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201701-63.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201701-63 (Graphite: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Graphite. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, or obtain sensitive information. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id96749
    published2017-01-25
    reporterThis script is Copyright (C) 2017 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/96749
    titleGLSA-201701-63 : Graphite: Multiple vulnerabilities
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3491.NASL
    descriptionMultiple security issues have been found in Icedove, Debian
    last seen2020-06-01
    modified2020-06-02
    plugin id88943
    published2016-02-25
    reporterThis script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/88943
    titleDebian DSA-3491-1 : icedove - security update (SLOTH)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2902-1.NASL
    descriptionYves Younan discovered that graphite2 incorrectly handled certain malformed fonts. If a user or automated system were tricked into opening a specially- crafted font file, a remote attacker could use this issue to cause graphite2 to crash, resulting in a denial of service, or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id88837
    published2016-02-18
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/88837
    titleUbuntu 14.04 LTS / 15.10 : graphite2 vulnerabilities (USN-2902-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-4154A4D0BA.NASL
    descriptionSecurity fix for CVE-2016-1521, CVE-2016-1522, CVE-2016-1523 and CVE-2016-1526 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-03-04
    plugin id89525
    published2016-03-04
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/89525
    titleFedora 23 : graphite2-1.3.5-1.fc23 (2016-4154a4d0ba)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-0695.NASL
    descriptionAn update for firefox is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.1.0 ESR. Security Fix(es) : * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-2805, CVE-2016-2806, CVE-2016-2807, CVE-2016-2808, CVE-2016-2814) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Phil Ringalda, CESG (the Information Security Arm of GCHQ), Sascha Just, Jesse Ruderman, Christian Holler, Tyson Smith, Boris Zbarsky, David Bolter, Carsten Book, Mats Palmgren, Gary Kwong, and Randell Jesup as the original reporters.
    last seen2020-05-31
    modified2016-04-27
    plugin id90750
    published2016-04-27
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90750
    titleRHEL 5 / 6 / 7 : firefox (RHSA-2016:0695)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2016-0695.NASL
    descriptionFrom Red Hat Security Advisory 2016:0695 : An update for firefox is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.1.0 ESR. Security Fix(es) : * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-2805, CVE-2016-2806, CVE-2016-2807, CVE-2016-2808, CVE-2016-2814) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Phil Ringalda, CESG (the Information Security Arm of GCHQ), Sascha Just, Jesse Ruderman, Christian Holler, Tyson Smith, Boris Zbarsky, David Bolter, Carsten Book, Mats Palmgren, Gary Kwong, and Randell Jesup as the original reporters.
    last seen2020-05-31
    modified2016-04-27
    plugin id90747
    published2016-04-27
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90747
    titleOracle Linux 5 / 6 / 7 : firefox (ELSA-2016-0695)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201701-35.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201701-35 (Mozilla SeaMonkey: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla SeaMonkey. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, or obtain sensitive information. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id96515
    published2017-01-16
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96515
    titleGLSA-201701-35 : Mozilla SeaMonkey: Multiple vulnerabilities
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-338A7E9925.NASL
    descriptionUnspecified security fixes ---- Security fix for CVE-2016-1521, CVE-2016-1522, CVE-2016-1523 and CVE-2016-1526 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-05-12
    plugin id91060
    published2016-05-12
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/91060
    titleFedora 22 : graphite2-1.3.6-1.fc22 (2016-338a7e9925)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-349.NASL
    descriptionThis update for graphite2 fixes the following issues : - CVE-2016-1521: The directrun function in directmachine.cpp in Libgraphite did not validate a certain skip operation, which allowed remote attackers to execute arbitrary code, obtain sensitive information, or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font. - CVE-2016-1522: Code.cpp in Libgraphite did not consider recursive load calls during a size check, which allowed remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via a crafted Graphite smart font. - CVE-2016-1523: The SillMap::readFace function in FeatureMap.cpp in Libgraphite mishandled a return value, which allowed remote attackers to cause a denial of service (missing initialization, NULL pointer dereference, and application crash) via a crafted Graphite smart font. - CVE-2016-1526: The TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite incorrectly validated a size value, which allowed remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font.
    last seen2020-06-05
    modified2016-03-17
    plugin id89975
    published2016-03-17
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/89975
    titleopenSUSE Security Update : graphite2 (openSUSE-2016-349)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20160406_GRAPHITE2_ON_SL7_X.NASL
    descriptionThe following packages have been upgraded to a newer upstream version: graphite2 (1.3.6). Security Fix(es) : - Various vulnerabilities have been discovered in Graphite2. An attacker able to trick an unsuspecting user into opening specially crafted font files in an application using Graphite2 could exploit these flaws to cause the application to crash or, potentially, execute arbitrary code with the privileges of the application. (CVE-2016-1521, CVE-2016-1522, CVE-2016-1523, CVE-2016-1526)
    last seen2020-03-18
    modified2016-04-07
    plugin id90393
    published2016-04-07
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90393
    titleScientific Linux Security Update : graphite2 on SL7.x x86_64 (20160406)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_8F10FA04CF6A11E596D614DAE9D210B8.NASL
    descriptionTalos reports : - An exploitable denial of service vulnerability exists in the font handling of Libgraphite. A specially crafted font can cause an out-of-bounds read potentially resulting in an information leak or denial of service. - A specially crafted font can cause a buffer overflow resulting in potential code execution. - An exploitable NULL pointer dereference exists in the bidirectional font handling functionality of Libgraphite. A specially crafted font can cause a NULL pointer dereference resulting in a crash.
    last seen2020-06-01
    modified2020-06-02
    plugin id88672
    published2016-02-10
    reporterThis script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/88672
    titleFreeBSD : graphite2 -- code execution vulnerability (8f10fa04-cf6a-11e5-96d6-14dae9d210b8)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-0594.NASL
    descriptionAn update for graphite2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Graphite2 is a project within SIL
    last seen2020-06-01
    modified2020-06-02
    plugin id90387
    published2016-04-07
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90387
    titleRHEL 7 : graphite2 (RHSA-2016:0594)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3479.NASL
    descriptionMultiple vulnerabilities have been found in the Graphite font rendering engine which might result in denial of service or the execution of arbitrary code if a malformed font file is processed.
    last seen2020-06-01
    modified2020-06-02
    plugin id88865
    published2016-02-22
    reporterThis script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/88865
    titleDebian DSA-3479-1 : graphite2 - security update
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-389.NASL
    descriptionThis update for graphite2 fixes the following issues : - CVE-2016-1521: The directrun function in directmachine.cpp in Libgraphite did not validate a certain skip operation, which allowed remote attackers to execute arbitrary code, obtain sensitive information, or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font. - CVE-2016-1523: The SillMap::readFace function in FeatureMap.cpp in Libgraphite mishandled a return value, which allowed remote attackers to cause a denial of service (missing initialization, NULL pointer dereference, and application crash) via a crafted Graphite smart font. - CVE-2016-1526: The TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite incorrectly validated a size value, which allowed remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font. This update was imported from the SUSE:SLE-12:Update project.
    last seen2020-06-05
    modified2016-03-25
    plugin id90167
    published2016-03-25
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/90167
    titleopenSUSE Security Update : graphite2 (openSUSE-2016-389)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3477.NASL
    descriptionHolger Fuhrmannek discovered that missing input sanitising in the Graphite font rendering engine could result in the execution of arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id88728
    published2016-02-15
    reporterThis script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/88728
    titleDebian DSA-3477-1 : iceweasel - security update

Redhat

advisories
  • bugzilla
    id1308590
    titleCVE-2016-1526 graphite2: Out-of-bounds read vulnerability in TfUtil:LocaLookup
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentgraphite2 is earlier than 0:1.3.6-1.el7_2
            ovaloval:com.redhat.rhsa:tst:20160594001
          • commentgraphite2 is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20160594002
        • AND
          • commentgraphite2-devel is earlier than 0:1.3.6-1.el7_2
            ovaloval:com.redhat.rhsa:tst:20160594003
          • commentgraphite2-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20160594004
    rhsa
    idRHSA-2016:0594
    released2016-04-05
    severityImportant
    titleRHSA-2016:0594: graphite2 security, bug fix, and enhancement update (Important)
  • rhsa
    idRHSA-2016:0695
rpms
  • graphite2-0:1.3.6-1.el7_2
  • graphite2-debuginfo-0:1.3.6-1.el7_2
  • graphite2-devel-0:1.3.6-1.el7_2
  • firefox-0:45.1.0-1.el5_11
  • firefox-0:45.1.0-1.el6_7
  • firefox-0:45.1.0-1.el7_2
  • firefox-debuginfo-0:45.1.0-1.el5_11
  • firefox-debuginfo-0:45.1.0-1.el6_7
  • firefox-debuginfo-0:45.1.0-1.el7_2

References