Debian Security Advisory 5641-1

Debian Security Advisory 5641-1: Posted Mar 20, 2024; Authored by Debian | Site debian.org; Debian Linux Security Advisory 5641-1 - It was discovered that fontforge, a font editor, is prone to shell command injection vulnerabilities when processing specially crafted files.; tags | advisory, shell, vulnerability; systems | linux, debian; advisories | CVE-2024-25081, CVE-2024-25082; SHA-256 | 9b3201adff6afbd1a97b1cdf43d27c97115dada38acd1dbb20e51e10c8d2ca91; Download | Favorite | View

Debian Security Advisory 5641-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5641-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
March 19, 2024                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : fontforge
CVE ID         : CVE-2024-25081 CVE-2024-25082
Debian Bug     : 1064967

It was discovered that fontforge, a font editor, is prone to shell command
injection vulnerabilities when processing specially crafted files.

For the oldstable distribution (bullseye), these problems have been fixed
in version 1:20201107~dfsg-4+deb11u1.

For the stable distribution (bookworm), these problems have been fixed in
version 1:20230101~dfsg-1.1~deb12u1.

We recommend that you upgrade your fontforge packages.

For the detailed security status of fontforge please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/fontforge

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmX5+otfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0QM6w/+I599jlPtxJcdadbT6efjRaGYhhj3ICkPG+l3Y+h7hcPAW8VbfdxR3ztP
jYbqf1a6R1cb67NAunRLIkouA7uf1o5zix6bGmcLSmuwiqfoqGQOrQXKMZE6fvov
YjzWVbQ+W9P+b3fywip7VI+pjC+coliYO/Y+6E0Ylg3GmVq5p/W9SGjefSNI8SKv
QmZaUaVnEBVrX+riQ4AncOTKrIrV19mmbwKzZ5FgYLQVvhNrWimNO04RbNi/t+Dc
r7rITXc4+e3guBlKjEuOaTdvWtMpwXxxAUU+Tqvgya8OQc10dHHKIIPbvJ1rhi2q
k/+vdy6rbde7hwMqgBNUOFoJsIrn5+1bu7BPwU7IDp5C0ibZ/jtisc3JjtxHj5yz
61n/d8+/+usRjKcAos/MKZa988KSNXUyqIv0NQ4Xk5l3AxDdBArDtxfMGKLuzYWM
sVD7tlFuu7UcuyI7YY1FJcTDygoDb/CunXBq7yjMh9DEPQEMkWu6gFdge1gXWw20
s0dko9Ypwtoe3BZ5ucbcyHjcfyAzlk+m2LIVO7TQJ5NvRuNuuE/kr+SDWbx4PIji
dr5VslvGp2Nx784163P8fduUTxfSNLktsGdqPZmJI6R4FslQjd9oIgTd+/f1VU6t
RTu8OcCqREfkwRVhtYrsTjwVvZ4x1OqAnKoxAGMCCCC7jzdk0JM=
=0dXN
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 308 files
Ubuntu 67 files
Debian 24 files
Gentoo 8 files
Google Security Research 7 files
LiquidWorm 6 files
Apple 5 files
Jann Horn 3 files
Spencer McIntyre 3 files
Milad Karimi 3 files

File Archives

Systems

AIX (430)
Apple (2,133)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,177)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,160)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,495)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,025)
UNIX (9,482)
UnixWare (188)
Windows (6,786)
Other

Debian Security Advisory 5641-1

Debian Security Advisory 5641-1

File Archive:

December 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 5641-1

Share This

Debian Security Advisory 5641-1

File Archive:

December 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems