Bug 965803 - (CVE-2016-1521) VUL-0: CVE-2016-1521: graphite2: An exploitable out-of-bounds read vulnerability exists in the opcodehandling functionality of Libgr...
(CVE-2016-1521)
VUL-0: CVE-2016-1521: graphite2: An exploitable out-of-bounds read vulnerabil...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/161682/
CVSSv2:SUSE:CVE-2016-1526:6.8:(AV:N/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-02-09 09:20 UTC by Sebastian Krahmer
Modified: 2016-04-27 20:22 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sebastian Krahmer 2016-02-09 09:20:23 UTC
Quoting from Canonical:

"An exploitable out-of-bounds read vulnerability exists in the opcode
handling functionality of Libgraphite. A specially crafted font can
cause an out-of-bounds read resulting in arbitrary code execution. An
attacker can provide a malicious font to trigger this vulnerability."

CVE-2016-1521



References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1521
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1521.html
Comment 2 Swamp Workflow Management 2016-02-09 23:00:36 UTC
bugbot adjusting priority
Comment 3 Petr Gajdos 2016-02-15 12:02:38 UTC
I am afraid I will need more information.

This bug appears to be connected to 'Out-of-Bounds Read' of 
http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html

There are several commits in the ubuntu bug but I am not sure which is actually fixing the issue.

Either provide relevant commit or at least testcase to check we have picked the correct one.

Thank you
Comment 4 Sebastian Krahmer 2016-02-15 13:33:45 UTC
From what it looks, three git commits need to be applied in order to fix
TALOS-2016-0058 and TALOS-2016-0061, both of which are combined in above CVE.
Comment 5 Tomáš Chvátal 2016-02-16 17:58:42 UTC
Also for everyone to be aware graphite2 is bundled in libreoffice on sle11.
Comment 6 Bernhard Wiedemann 2016-02-16 19:00:08 UTC
This is an autogenerated message for OBS integration:
This bug (965803) was mentioned in
https://build.opensuse.org/request/show/359654 Factory / graphite2
Comment 9 Bernhard Wiedemann 2016-03-07 11:00:11 UTC
This is an autogenerated message for OBS integration:
This bug (965803) was mentioned in
https://build.opensuse.org/request/show/367416 13.2 / graphite2
Comment 10 Petr Gajdos 2016-03-07 13:15:28 UTC
Packages submitted.
Comment 11 Swamp Workflow Management 2016-03-15 20:12:24 UTC
SUSE-SU-2016:0779-1: An update that fixes three vulnerabilities is now available.

Category: security (important)
Bug References: 965803,965807,965810
CVE References: CVE-2016-1521,CVE-2016-1523,CVE-2016-1526
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    graphite2-1.3.1-6.1
SUSE Linux Enterprise Software Development Kit 12 (src):    graphite2-1.3.1-6.1
SUSE Linux Enterprise Server 12-SP1 (src):    graphite2-1.3.1-6.1
SUSE Linux Enterprise Server 12 (src):    graphite2-1.3.1-6.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    graphite2-1.3.1-6.1
SUSE Linux Enterprise Desktop 12 (src):    graphite2-1.3.1-6.1
Comment 12 Swamp Workflow Management 2016-03-16 18:13:14 UTC
openSUSE-SU-2016:0791-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 965803,965806,965807,965810
CVE References: CVE-2016-1521,CVE-2016-1522,CVE-2016-1523,CVE-2016-1526
Sources used:
openSUSE 13.2 (src):    graphite2-1.2.4-2.4.1
Comment 13 Marcus Meissner 2016-03-18 14:18:00 UTC
released
Comment 14 Swamp Workflow Management 2016-03-24 14:08:45 UTC
openSUSE-SU-2016:0875-1: An update that fixes three vulnerabilities is now available.

Category: security (important)
Bug References: 965803,965807,965810
CVE References: CVE-2016-1521,CVE-2016-1523,CVE-2016-1526
Sources used:
openSUSE Leap 42.1 (src):    graphite2-1.3.1-3.1