Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-6062-1

Ubuntu Security Notice 6062-1 - It was discovered that FreeType incorrectly handled certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash, or possibly execute arbitrary code.

Packet Storm
#vulnerability#ubuntu

=========================================================================
Ubuntu Security Notice USN-6062-1
May 09, 2023

freetype vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 23.04
  • Ubuntu 22.10
  • Ubuntu 22.04 LTS
  • Ubuntu 20.04 LTS

Summary:

FreeType could be made to crash or possibly execute arbitrary
code if it opened a specially crafted font file.

Software Description:

  • freetype: FreeType 2 is a font engine library

Details:

It was discovered that FreeType incorrectly handled certain malformed
font files. If a user were tricked into using a specially crafted font
file, a remote attacker could cause FreeType to crash, or possibly execute
arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.04:
libfreetype6 2.12.1+dfsg-4ubuntu0.1

Ubuntu 22.10:
libfreetype6 2.12.1+dfsg-3ubuntu0.1

Ubuntu 22.04 LTS:
libfreetype6 2.11.1+dfsg-1ubuntu0.2

Ubuntu 20.04 LTS:
libfreetype6 2.10.1-2ubuntu0.3

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6062-1
CVE-2023-2004

Package Information:
https://launchpad.net/ubuntu/+source/freetype/2.12.1+dfsg-4ubuntu0.1
https://launchpad.net/ubuntu/+source/freetype/2.12.1+dfsg-3ubuntu0.1
https://launchpad.net/ubuntu/+source/freetype/2.11.1+dfsg-1ubuntu0.2
https://launchpad.net/ubuntu/+source/freetype/2.10.1-2ubuntu0.3

Related news

Gentoo Linux Security Advisory 202402-06

Gentoo Linux Security Advisory 202402-6 - Multiple vulnerabilities have been discovered in FreeType, the worst of which can lead to remote code execution. Versions greater than or equal to 2.13.0 are affected.

Red Hat Security Advisory 2023-5745-01

Red Hat Security Advisory 2023-5745-01 - The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. This release of the Red Hat build of OpenJDK 17 for portable Linux serves as a replacement for the Red Hat build of OpenJDK 17 and includes security and bug fixes, and enhancements. Issues addressed include an integer overflow vulnerability.

CVE-2023-2004: Invalid Bug ID

An integer overflow vulnerability was discovered in Freetype in tt_hvadvance_adjust() function in src/truetype/ttgxvar.c.

Packet Storm: Latest News

Acronis Cyber Protect/Backup Remote Code Execution