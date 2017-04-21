

==========================================================================

Ubuntu Security Notice USN-3263-1

April 21, 2017



freetype vulnerability

==========================================================================



A security issue affects these releases of Ubuntu and its derivatives:



- Ubuntu 17.04

- Ubuntu 16.10

- Ubuntu 16.04 LTS

- Ubuntu 14.04 LTS

- Ubuntu 12.04 LTS



Summary:



FreeType could be made to crash or run programs if it opened a specially

crafted font file.



Software Description:

- freetype: FreeType 2 is a font engine library



Details:



It was discovered that a heap-based buffer overflow existed in the

FreeType library. If a user were tricked into using a specially

crafted font file, a remote attacker could cause FreeType to crash,

resulting in a denial of service, or possibly execute arbitrary code.



Update instructions:



The problem can be corrected by updating your system to the following

package versions:



Ubuntu 17.04:

libfreetype6 2.6.3-3ubuntu2.1



Ubuntu 16.10:

libfreetype6 2.6.3-3ubuntu1.2



Ubuntu 16.04 LTS:

libfreetype6 2.6.1-0.1ubuntu2.2



Ubuntu 14.04 LTS:

libfreetype6 2.5.2-1ubuntu2.7



Ubuntu 12.04 LTS:

libfreetype6 2.4.8-1ubuntu2.5



After a standard system update you need to restart your session to make

all the necessary changes.



References:

http://www.ubuntu.com/usn/usn-3263-1

CVE-2016-10328



Package Information:

https://launchpad.net/ubuntu/+source/freetype/2.6.3-3ubuntu2.1

https://launchpad.net/ubuntu/+source/freetype/2.6.3-3ubuntu1.2

https://launchpad.net/ubuntu/+source/freetype/2.6.1-0.1ubuntu2.2

https://launchpad.net/ubuntu/+source/freetype/2.5.2-1ubuntu2.7

https://launchpad.net/ubuntu/+source/freetype/2.4.8-1ubuntu2.5





-----BEGIN PGP SIGNATURE-----

-----END PGP SIGNATURE-----



