ky331
6 Indium

Graphite Font Vulnerability in Firefox, PaleMoon, WordPad, Open/LibreOffice, and Linux

Four vulnerabilities in the Graphite (or libgraphite) font processing library allow attackers to compromise machines by supplying them with malicious fonts...

The worst is an out-of-bounds read bug (CVE-2016-1521) that allows attackers to crash the system and even execute arbitrary code on the machine...

Users don't even have to click on the attacker's links and can be forced to access the malicious Web page hosting weaponized Graphite-enabled fonts via hidden redirects, often used by malvertising campaigns.

Researchers say they tested only Libgraphite 2-1.2.4... [and Softpedia has confirmed that] these issues have been fixed in Graphite 2-1.3.5.

http://news.softpedia.com/news/vulnerability-in-font-processing-library-affects-linux-openoffice-fir...

================================================

Remark:  It is unclear to me how one determines what version of (lib)graphite they have/are running on their system? And if it's the vulnerable one, how one updates to the newer version?...
Or is this something that THEY (automatically) update at the server-end??

============================================

(With acknowledgment to Minimalist for posting at Wilders)

Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware


Windows 7 Pro SP1 (64-bit), avast! v17 Free, MBAM3 Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, MBAE Premium, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, IE11 & Firefox (both using WOT [IE set to WARN, FF set to BLOCK]), uBlock Origin, CryptoPrevent.


[I believe computer-users who sandbox (Sandboxie) are acting prudently.]

0 Kudos
3 Replies
ky331
6 Indium

RE: Graphite Font Vulnerability in Firefox, PaleMoon, WordPad, Open/LibreOffice, and Linux

PaleMoon 26.1 has addressed this issue, by updating its Graphite2 font library to 1.3.5+

http://en.community.dell.com/support-forums/virus-spyware/f/3522/t/19675613

Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware


Windows 7 Pro SP1 (64-bit), avast! v17 Free, MBAM3 Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, MBAE Premium, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, IE11 & Firefox (both using WOT [IE set to WARN, FF set to BLOCK]), uBlock Origin, CryptoPrevent.


[I believe computer-users who sandbox (Sandboxie) are acting prudently.]

0 Kudos
7 Plutonium

RE: Graphite Font Vulnerability in Firefox, PaleMoon, WordPad, Open/LibreOffice, and Linux

In ubuntu and raspberri pi

Open a terminal  (CTRL ALT T)

sudo apt-get update

sudo apt-get upgrade

neither of these commands works if you do not have a password on your root account aka blank password.


Report Unresolved Customer Service Issues
here

I do not work for Dell. I too am a user.

The forum is primarily user to user, with Dell employees moderating
Contact USA Technical Support






Get Support on Twitter @DellCaresPro

0 Kudos
ky331
6 Indium

RE: Graphite Font Vulnerability in Firefox, PaleMoon, WordPad, Open/LibreOffice, and Linux

Firefox 45.0 has addressed this issue, by updating to Graphite 2 version 1.3.6.

https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/ 

Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware


Windows 7 Pro SP1 (64-bit), avast! v17 Free, MBAM3 Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, MBAE Premium, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, IE11 & Firefox (both using WOT [IE set to WARN, FF set to BLOCK]), uBlock Origin, CryptoPrevent.


[I believe computer-users who sandbox (Sandboxie) are acting prudently.]

0 Kudos