Fedora 40: 2024-a51b83e37e Major Security Vulnerability Patch
fedora
March 23, 2024
Security fix for CVE-2024-25081 and CVE-2024-25082
Summary
FontForge (former PfaEdit) is a font editor for outline and bitmap
fonts. It supports a range of font formats, including PostScript
(ASCII and binary Type 1, some Type 3 and Type 0), TrueType, OpenType
(Type2) and CID-keyed fonts.
Update Information:
Security fix for CVE-2024-25081 and CVE-2024-25082
Topics Covered
Change Log
* Wed Feb 28 2024 Parag Nemade
References
[ 1 ] Bug #2266180 - CVE-2024-25082 fontforge: command injection via crafted archives or compressed files.
https://bugzilla.redhat.com/show_bug.cgi?id=2266180
[ 2 ] Bug #2266181 - CVE-2024-25081 fontforge: command injection via crafted filenames.
https://bugzilla.redhat.com/show_bug.cgi?id=2266181
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-e01ef71e64' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Name: fontforge
Product: Fedora 40
Version: 20230101
Release: 11.fc40
Summary: Outline and bitmap font editor
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!