关键漏洞信息 漏洞标题 USN-2902-1: graphite2 vulnerabilities 发布日期 17 February 2016 概述 Graphite2 could be made to crash or run programs as your login if it opened a specially crafted font. 影响的版本 15.10 14.04 LTS 漏洞详细信息 Yves Younan discovered that graphite2 incorrectly handled certain malformed fonts. If a user or automated system were tricked into opening a specially-crafted font file, a remote attacker could use this issue to cause graphite2 to crash, resulting in a denial of service, or possibly execute arbitrary code. 更新说明 After a standard system update you need to restart applications using graphite2, such as LibreOffice, to make all the necessary changes. 固定版本 15.10 wily: libgraphite2-3 – 1.2.4-3ubuntu1.1 14.04 LTS trusty: libgraphite2-3 – 1.2.4-1ubuntu1.1 参考 CVE-2016-1526 CVE-2016-1523 CVE-2016-1522 CVE-2016-1521 相关通知 USN-2904-1