Headline
Debian Security Advisory 5641-1
Debian Linux Security Advisory 5641-1 - It was discovered that fontforge, a font editor, is prone to shell command injection vulnerabilities when processing specially crafted files.
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5641-1 [email protected]://www.debian.org/security/ Salvatore BonaccorsoMarch 19, 2024 https://www.debian.org/security/faq- -------------------------------------------------------------------------Package : fontforgeCVE ID : CVE-2024-25081 CVE-2024-25082Debian Bug : 1064967It was discovered that fontforge, a font editor, is prone to shell commandinjection vulnerabilities when processing specially crafted files.For the oldstable distribution (bullseye), these problems have been fixedin version 1:20201107~dfsg-4+deb11u1.For the stable distribution (bookworm), these problems have been fixed inversion 1:20230101~dfsg-1.1~deb12u1.We recommend that you upgrade your fontforge packages.For the detailed security status of fontforge please refer toits security tracker page at:https://security-tracker.debian.org/tracker/fontforgeFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: [email protected] PGP SIGNATURE-----iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmX5+otfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xNDz0QM6w/+I599jlPtxJcdadbT6efjRaGYhhj3ICkPG+l3Y+h7hcPAW8VbfdxR3ztPjYbqf1a6R1cb67NAunRLIkouA7uf1o5zix6bGmcLSmuwiqfoqGQOrQXKMZE6fvovYjzWVbQ+W9P+b3fywip7VI+pjC+coliYO/Y+6E0Ylg3GmVq5p/W9SGjefSNI8SKvQmZaUaVnEBVrX+riQ4AncOTKrIrV19mmbwKzZ5FgYLQVvhNrWimNO04RbNi/t+Dcr7rITXc4+e3guBlKjEuOaTdvWtMpwXxxAUU+Tqvgya8OQc10dHHKIIPbvJ1rhi2qk/+vdy6rbde7hwMqgBNUOFoJsIrn5+1bu7BPwU7IDp5C0ibZ/jtisc3JjtxHj5yz61n/d8+/+usRjKcAos/MKZa988KSNXUyqIv0NQ4Xk5l3AxDdBArDtxfMGKLuzYWMsVD7tlFuu7UcuyI7YY1FJcTDygoDb/CunXBq7yjMh9DEPQEMkWu6gFdge1gXWw20s0dko9Ypwtoe3BZ5ucbcyHjcfyAzlk+m2LIVO7TQJ5NvRuNuuE/kr+SDWbx4PIjidr5VslvGp2Nx784163P8fduUTxfSNLktsGdqPZmJI6R4FslQjd9oIgTd+/f1VU6tRTu8OcCqREfkwRVhtYrsTjwVvZ4x1OqAnKoxAGMCCCC7jzdk0JM==0dXN-----END PGP SIGNATURE-----
Related news
Red Hat Security Advisory 2024-9439-03
Red Hat Security Advisory 2024-9439-03 - An update for fontforge is now available for Red Hat Enterprise Linux 9. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2024-4267-03
Red Hat Security Advisory 2024-4267-03 - An update for fontforge is now available for Red Hat Enterprise Linux 8. Issues addressed include a code execution vulnerability.