drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in FontForge
Name: |
Mehrere Probleme in FontForge |
|
ID: |
USN-3409-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 14.04 LTS |
|
Datum: |
Mo, 4. September 2017, 20:36 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11576
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11574
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11569
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11577
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11572
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11575
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11568 |
|
Applikationen: |
FontForge |
|
Originalnachricht |
--===============7520872141957293312== Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="=-KxznmuUU++mVnmQPf0Jx"
--=-KxznmuUU++mVnmQPf0Jx Content-Type: text/plain; charset="UTF-8 Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-3409-1 September 04, 2017
fontforge vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in FontForge.
Software Description: - fontforge: font editor
Details:
It was discovered that FontForge was vulnerable to a heap-based buffer over-read. A remote attacker could use a crafted file to DoS or execute arbitrary code. (CVE-2017-11568, CVE-2017-11569, CVE-2017-11572)
It was discovered that FontForge was vulnerable to a stack-based buffer overflow. A remote attacker could use a crafted file to DoS or execute arbitrary code. (CVE-2017-11571)
It was discovered that FontForge was vulnerable to a heap-based buffer overflow. A remote attacker could use a crafted file to DoS or execute arbitrary code. (CVE-2017-11574)
It was discovered that FontForge was vulnerable to a buffer over-read. A remote attacker could use a crafted file to DoS or execute arbitrary code. (CVE-2017-11575, CVE-2017-11577)
It was discovered that FontForge wasn't correctly checking the sign of a vector size. A remote attacker could use a crafted file to DoS. (CVE-2017-11576)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 LTS:  fontforge                       20120731.b-5ubuntu0.1  fontforge-common                20120731.b-5ubuntu0.1
In general, a standard system update will make all the necessary changes.
References: Â https://www.ubuntu.com/usn/usn-3409-1 Â CVE-2017-11568, CVE-2017-11569, CVE-2017-11571, CVE-2017-11572, Â CVE-2017-11574, CVE-2017-11575, CVE-2017-11576, CVE-2017-11577
Package Information: Â https://launchpad.net/ubuntu/+source/fontforge/20120731.b-5ubuntu0.1
--ÔxznmuUU++mVnmQPf0Jx Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iQIcBAABCAAGBQJZrX0SAAoJEEW851uECx9pdccP/RJOj2x7lDFg8w7TSgGRvQpF krN9U8BXoSie1sTlVKEB/wMelYsHDObrijZnfGIWrJ4dc/VKcy7CzcYLMd7dYowY 0mDtk4qqMmDR6IqSe9Vjp+oV0QvLWCiCD74xkByrikpcjbg2/FRbJrQUAWGVxfBe eKlGzYTviZfn9fCKUriYmI2QY3qezqWcl0dDmKHi2fooT9nvTF8m5LCs7Vz92LdJ /7AsWSlAfEIfL96o29f46+p4pzMwrFs9Zcia/SLfNhARjOycUG5ecw8UlwdHGKxy hZcX09wKv2s614Ij4rcGBtBhWhCkdglWF6w1Zp/fP/t727/JdhpP7tavLL3DSFMA QQ0lKCvtSG5kjQhbWogDKB2YSTHZuQCO7a/LstKmTNU6vOLiiTeKqswxfbGTxbPt wJvugQEk1vUbmYHHp1imIrXWrWdiqtmJcp3bOF+o8+oY+YD6TxmptLgtjMYQi3G9 mD835uENcuiwSsWD0R1x0URl0EgI+NmzzfacVNEjKOfxCvrBmClYveYeh9Iq5Hqv fofuHuLPUP9Tkfi1VuqeNYibnUbadC9lirEunp2rpQ+0xF9//WOOvVcAAHZASFcN p6YZ9APAOOpjGjJE/Y1QirYlqj4IBJQ3s1hFk73vBpPyztDqimr7mWjY661UuDJE JBpvT3/ktHqjUcgzLXi7 =33va -----END PGP SIGNATURE-----
--=-KxznmuUU++mVnmQPf0Jx--
--===============7520872141957293312== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5 LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj dXJpdHktYW5ub3VuY2UK
--===============7520872141957293312==--
|
|
|
|