Home[1] Files[2] News[3] &[SERVICES_TAB] Contact[4] Add New[5]
- Debian Security Advisory 5641-1[6]
- Authored by Debian[7] | Site debian.org[8]
-
Debian Linux Security Advisory 5641-1 - It was discovered that fontforge, a font editor, is prone to shell command injection vulnerabilities when processing specially crafted files.
- systems | linux[9], debian[10]
- advisories | CVE-2024-25081[11], CVE-2024-25082[12]
- SHA-256 |
9b3201adff6afbd1a97b1cdf43d27c97115dada38acd1dbb20e51e10c8d2ca91
- Download[13] | Favorite[14] | View[15]
Change Mirror[16] Download[17]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5641-1Cette adresse e-mail est protégée contre les robots spammeurs. Vous devez activer le JavaScript pour la visualiser.
https://www.debian.org/security/ Salvatore Bonaccorso
March 19, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : fontforge
CVE ID : CVE-2024-25081 CVE-2024-25082
Debian Bug : 1064967
It was discovered that fontforge, a font editor, is prone to shell command
injection vulnerabilities when processing specially crafted files.
For the oldstable distribution (bullseye), these problems have been fixed
in version 1:20201107~dfsg-4+deb11u1.
For the stable distribution (bookworm), these problems have been fixed in
version 1:20230101~dfsg-1.1~deb12u1.
We recommend that you upgrade your fontforge packages.
For the detailed security status of fontforge please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/fontforge
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list:Cette adresse e-mail est protégée contre les robots spammeurs. Vous devez activer le JavaScript pour la visualiser.
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmX5+otfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0QM6w/+I599jlPtxJcdadbT6efjRaGYhhj3ICkPG+l3Y+h7hcPAW8VbfdxR3ztP
jYbqf1a6R1cb67NAunRLIkouA7uf1o5zix6bGmcLSmuwiqfoqGQOrQXKMZE6fvov
YjzWVbQ+W9P+b3fywip7VI+pjC+coliYO/Y+6E0Ylg3GmVq5p/W9SGjefSNI8SKv
QmZaUaVnEBVrX+riQ4AncOTKrIrV19mmbwKzZ5FgYLQVvhNrWimNO04RbNi/t+Dc
r7rITXc4+e3guBlKjEuOaTdvWtMpwXxxAUU+Tqvgya8OQc10dHHKIIPbvJ1rhi2q
k/+vdy6rbde7hwMqgBNUOFoJsIrn5+1bu7BPwU7IDp5C0ibZ/jtisc3JjtxHj5yz
61n/d8+/+usRjKcAos/MKZa988KSNXUyqIv0NQ4Xk5l3AxDdBArDtxfMGKLuzYWM
sVD7tlFuu7UcuyI7YY1FJcTDygoDb/CunXBq7yjMh9DEPQEMkWu6gFdge1gXWw20
s0dko9Ypwtoe3BZ5ucbcyHjcfyAzlk+m2LIVO7TQJ5NvRuNuuE/kr+SDWbx4PIji
dr5VslvGp2Nx784163P8fduUTxfSNLktsGdqPZmJI6R4FslQjd9oIgTd+/f1VU6t
RTu8OcCqREfkwRVhtYrsTjwVvZ4x1OqAnKoxAGMCCCC7jzdk0JM=
=0dXN
-----END PGP SIGNATURE-----
File Tags
- ActiveX[23] (933)
- Advisory[24] (84,552)
- Arbitrary[25] (16,610)
- BBS[26] (2,859)
- Bypass[27] (1,826)
- CGI[28] (1,032)
- Code Execution[29] (7,610)
- Conference[30] (687)
- Cracker[31] (844)
- CSRF[32] (3,370)
- DoS[33] (24,449)
- Encryption[34] (2,383)
- Exploit[35] (52,690)
- File Inclusion[36] (4,248)
- File Upload[37] (984)
- Firewall[38] (822)
- Info Disclosure[39] (2,836)
- Intrusion Detection[40] (906)
- Java[41] (3,118)
- JavaScript[42] (888)
- Kernel[43] (6,975)
- Local[44] (14,680)
- Magazine[45] (586)
- Overflow[46] (13,010)
- Perl[47] (1,430)
- PHP[48] (5,180)
- Proof of Concept[49] (2,365)
- Protocol[50] (3,691)
- Python[51] (1,596)
- Remote[52] (31,346)
- Root[53] (3,616)
- Rootkit[54] (520)
- Ruby[55] (618)
- Scanner[56] (1,649)
- Security Tool[57] (7,970)
- Shell[58] (3,242)
- Shellcode[59] (1,217)
- Sniffer[60] (899)
- Spoof[61] (2,256)
- SQL Injection[62] (16,506)
- TCP[63] (2,422)
- Trojan[64] (688)
- UDP[65] (897)
- Virus[66] (668)
- Vulnerability[67] (32,513)
- Web[68] (9,852)
- Whitepaper[69] (3,770)
- x86[70] (967)
- XSS[71] (18,143)
- Other[72]
File Archives
- March 2024[73]
- February 2024[74]
- January 2024[75]
- December 2023[76]
- November 2023[77]
- October 2023[78]
- September 2023[79]
- August 2023[80]
- July 2023[81]
- June 2023[82]
- May 2023[83]
- April 2023[84]
- Older[85]
Systems
- AIX[86] (429)
- Apple[87] (2,070)
- BSD[88] (376)
- CentOS[89] (57)
- Cisco[90] (1,927)
- Debian[91] (6,985)
- Fedora[92] (1,693)
- FreeBSD[93] (1,246)
- Gentoo[94] (4,466)
- HPUX[95] (880)
- iOS[96] (371)
- iPhone[97] (108)
- IRIX[98] (220)
- Juniper[99] (69)
- Linux[100] (48,957)
- Mac OS X[101] (691)
- Mandriva[102] (3,105)
- NetBSD[103] (256)
- OpenBSD[104] (488)
- RedHat[105] (15,322)
- Slackware[106] (941)
- Solaris[107] (1,611)
- SUSE[108] (1,444)
- Ubuntu[109] (9,379)
- UNIX[110] (9,379)
- UnixWare[111] (187)
- Windows[112] (6,641)
- Other[113]
- Services
- Security Services[124]
- Hosting By
- Rokasec[125]

Read more https://packetstormsecurity.com/files/177711/dsa-5641-1.txt