Unsolved
This post is more than 5 years old
3 Apprentice
•
15.2K Posts
0
130521
Graphite Font Vulnerability in Firefox, PaleMoon, WordPad, Open/LibreOffice, and Linux
Four vulnerabilities in the Graphite (or libgraphite) font processing library allow attackers to compromise machines by supplying them with malicious fonts...
The worst is an out-of-bounds read bug (CVE-2016-1521) that allows attackers to crash the system and even execute arbitrary code on the machine...
Users don't even have to click on the attacker's links and can be forced to access the malicious Web page hosting weaponized Graphite-enabled fonts via hidden redirects, often used by malvertising campaigns.
Researchers say they tested only Libgraphite 2-1.2.4... [and Softpedia has confirmed that] these issues have been fixed in Graphite 2-1.3.5.
================================================
Remark: It is unclear to me how one determines what version of (lib)graphite they have/are running on their system? And if it's the vulnerable one, how one updates to the newer version?...
Or is this something that THEY (automatically) update at the server-end??
============================================
(With acknowledgment to Minimalist for posting at Wilders)
ky331
3 Apprentice
3 Apprentice
•
15.2K Posts
0
February 16th, 2016 05:00
PaleMoon 26.1 has addressed this issue, by updating its Graphite2 font library to 1.3.5+
http://en.community.dell.com/support-forums/virus-spyware/f/3522/t/19675613
speedstep
8 Wizard
8 Wizard
•
47K Posts
0
February 18th, 2016 10:00
In ubuntu and raspberri pi
Open a terminal (CTRL ALT T)
sudo apt-get update
sudo apt-get upgrade
neither of these commands works if you do not have a password on your root account aka blank password.
ky331
3 Apprentice
3 Apprentice
•
15.2K Posts
0
March 8th, 2016 09:00
Firefox 45.0 has addressed this issue, by updating to Graphite 2 version 1.3.6.
https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/