[SECURITY] Fedora 23 Update: graphite2-1.3.5-1.fc23

updates at fedoraproject.org updates at fedoraproject.org
Sun Feb 21 16:32:47 UTC 2016

Fedora Update Notification
2016-02-21 16:23:38.006893

Name        : graphite2
Product     : Fedora 23
Version     : 1.3.5
Release     : 1.fc23
URL         : http://sourceforge.net/projects/silgraphite/
Summary     : Font rendering capabilities for complex non-Roman writing systems
Description :
Graphite2 is a project within SIL’s Non-Roman Script Initiative and Language
Software Development groups to provide rendering capabilities for complex
non-Roman writing systems. Graphite can be used to create “smart fonts” capable
of displaying writing systems with various complex behaviors. With respect to
the Text Encoding Model, Graphite handles the "Rendering" aspect of writing
system implementation.

Update Information:

Security fix for CVE-2016-1521, CVE-2016-1522, CVE-2016-1523 and CVE-2016-1526

  [ 1 ] Bug #1305806 - CVE-2016-1521 graphite2: Two out-of-bound read vulnerabilities triggered by crafted fonts [fedora-all]
  [ 2 ] Bug #1308591 - CVE-2016-1526 graphite2: Out-of-bounds read vulnerability in TfUtil:LocaLookup [fedora-all]
  [ 3 ] Bug #1305814 - CVE-2016-1523 graphite2: Heap-based buffer overflow in context item handling functionality [fedora-all]
  [ 4 ] Bug #1305811 - CVE-2016-1522 graphite2: Null pointer dereference and out-of-bounds access vulnerabilities [fedora-all]

This update can be installed with the "yum" update program. Use
su -c 'yum update graphite2' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at

More information about the package-announce mailing list