Cloud Foundry Logo
blog single gear
Security Advisory

USN-2927-1 Graphite2 vulnerabilities

USN-2927-1 Graphite2 vulnerabilities

Severity

Medium

Vendor

Graphite2

Versions Affected

  • Ubuntu 14.04

Description

Graphite2 could be made to crash or run programs as your login if it opened a specially crafted font.

It was discovered that graphite2 incorrectly handled certain malformed fonts. If a user or automated system were tricked into opening a specially-crafted font file, a remote attacker could use this issue to cause graphite2 to crash, resulting in a denial of service, or possibly execute arbitrary code.

Affected Products and Versions

Severity is medium unless otherwise noted.

  • All versions of Cloud Foundry rootfs prior to 1.44.0

Mitigation

Users of affected versions should apply the following mitigation:

  • The Cloud Foundry project recommends that Cloud Foundry deployments run with rootfs version 1.44.0 and higher

Credit

None

References

Cloud Foundry Foundation Security Team Profile Image

Cloud Foundry Foundation Security Team, AUTHOR

SEE ALL ARTICLES