Vulnerability in Font Processing Library Affects Linux, OpenOffice, Firefox

Discussion in 'other security issues & news' started by Minimalist, Feb 7, 2016.

  1. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,069
    http://news.softpedia.com/news/vuln...affects-linux-openoffice-firefox-500027.shtml
     
  2. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,985
    Location:
    Brasil
    I wonder why the Linux Kernel would allow code execution from a font in the first place. User programs, be them Libreoffice or not, should never touch the Kernel. Ever.
     
  3. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,461
    It doesn't. This is not a kernel vulnerability. It is strictly userspace, will not bypass mandatory access control, and does not provide root privileges out of the box (unless you like to browse as root).

    Also, the Softpedia article is wrong. This vulnerability cannot "crash your system", only the target application. (Which is not necessarily a good thing, since that makes it more reliable as compromise instead of DoS.)

    Please refer to the original advisory from Cisco. Thx.
     
  4. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,461
    @amarildojr re fonts being executable: this is because TrueType font bytecode is Turing-complete.

    (And the above vulnerability is an example of why you only want to run that bytecode in userspace.)
     
  5. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,985
    Location:
    Brasil
  6. ky331

    ky331 Registered Member

    Joined:
    Jun 25, 2008
    Posts:
    143
    How does one determine what version of (lib)graphite they have/are running on their system? And if it's the vulnerable one, how does one update to the newer version?...
    Or is this something that they (automatically) update at the server-end??
     
Loading...