Fedora 39: 2024-6d1d9f70d2 critical: fonttools XML Injection
fedora
January 25, 2024
Security fix for CVE-2023-45139
Summary
fontTools is a library for manipulating fonts, written in Python. The project
includes the TTX tool, that can convert TrueType and OpenType fonts to and
from an XML text format, which is also called TTX. It supports TrueType,
OpenType, AFM and to an extent Type 1 and some Mac-specific formats.
Update Information:
Security fix for CVE-2023-45139
Topics Covered
Change Log
* Sun Oct 8 2023 Parag Nemade
References
[ 1 ] Bug #2257808 - CVE-2023-45139 fonttools: XML External Entity Injection (XXE) Vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=2257808
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-6d1d9f70d2' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Name: fonttools
Product: Fedora 39
Version: 4.43.1
Release: 1.fc39
Summary: Tools to manipulate font files
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!