Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Ubuntu 23.10: USN-6856-1 Moderate: FontForge Command Injection Issues

ubuntu
Calendar Grey June 27, 2024
Dist Ubuntu Esm H88
Multiple vulnerabilities addressed in FontForge for Ubuntu. Ensure you keep your system current to uphold security standards.
Several security issues were fixed in FontForge.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in FontForge. Software Description: - fontforge: Free (libre) font editor for Windows, Mac OS X and GNU+Linux Details: It was discovered that FontForge incorrectly handled filenames. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to perform a command injection. (CVE-2024-25081) It was discovered that FontForge incorrectly handled archives and compressed files. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to perform command injection. (CVE-2024-25082)

Topics%20covered

Topics Covered

security advisory security update Ubuntu command injection FontForge

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 23.10 fontforge 1:20230101~dfsg-1ubuntu0.1 python3-fontforge 1:20230101~dfsg-1ubuntu0.1 Ubuntu 22.04 LTS fontforge 1:20201107~dfsg-4+deb11u1build0.22.04.1 python3-fontforge 1:20201107~dfsg-4+deb11u1build0.22.04.1 Ubuntu 20.04 LTS fontforge 1:20190801~dfsg-4ubuntu0.1 python3-fontforge 1:20190801~dfsg-4ubuntu0.1 Ubuntu 18.04 LTS fontforge 1:20170731~dfsg-1ubuntu0.1~esm1 Available with Ubuntu Pro python-fontforge 1:20170731~dfsg-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 16.04 LTS fontforge 20120731.b-7.1ubuntu0.1+esm1 Available with Ubuntu Pro python-fontforge 20120731.b-7.1ubuntu0.1+esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6856-1

CVE-2024-25081, CVE-2024-25082

Ubuntu Security Notice USN-6856-1

Topics%20covered

Topics Covered

security advisory security update Ubuntu command injection FontForge

Package Information

https://launchpad.net/ubuntu/+source/fontforge/1:20230101~dfsg-1ubuntu0.1 https://launchpad.net/ubuntu/+source/fontforge/1:20201107~dfsg-4+deb11u1build0.22.04.1 https://launchpad.net/ubuntu/+source/fontforge/1:20190801~dfsg-4ubuntu0.1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here