drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in t1lib
Name: |
Mehrere Probleme in t1lib |
|
ID: |
USN-1335-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 10.04 LTS, Ubuntu 10.10, Ubuntu 11.04, Ubuntu 11.10 |
|
Datum: |
Do, 19. Januar 2012, 22:20 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2642
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0433
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1552
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1553
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1554 |
|
Applikationen: |
t1lib |
|
Originalnachricht |
--===============3051479878042981670== Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-d0wpKFm+7Brt9CeujUz1"
--=-d0wpKFm+7Brt9CeujUz1 Content-Type: text/plain; charset="UTF-8 Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-1335-1 January 19, 2012
t1lib vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS
Summary:
t1lib could be made to crash or run programs as your login if it opened a specially crafted font file.
Software Description: - t1lib: Type 1 font rasterizer library - runtime
Details:
Jon Larimer discovered that t1lib did not properly parse AFM fonts. If a user were tricked into using a specially crafted font file, a remote attacker could cause t1lib to crash or possibly execute arbitrary code with user privileges. (CVE-2010-2642, CVE-2011-0433)
Jonathan Brossard discovered that t1lib did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause t1lib to crash. (CVE-2011-1552, CVE-2011-1553, CVE-2011-1554)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 11.10: libt1-5 5.1.2-3ubuntu0.11.10.2
Ubuntu 11.04: libt1-5 5.1.2-3ubuntu0.11.04.2
Ubuntu 10.10: libt1-5 5.1.2-3ubuntu0.10.10.2
Ubuntu 10.04 LTS: libt1-5 5.1.2-3ubuntu0.10.04.2
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-1335-1 CVE-2010-2642, CVE-2011-0433, CVE-2011-1552, CVE-2011-1553, CVE-2011-1554
Package Information: https://launchpad.net/ubuntu/+source/t1lib/5.1.2-3ubuntu0.11.10.2 https://launchpad.net/ubuntu/+source/t1lib/5.1.2-3ubuntu0.11.04.2 https://launchpad.net/ubuntu/+source/t1lib/5.1.2-3ubuntu0.10.10.2 https://launchpad.net/ubuntu/+source/t1lib/5.1.2-3ubuntu0.10.04.2
--Ý0wpKFm+7Brt9CeujUz1 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABCgAGBQJPGHsEAAoJEFHb3FjMVZVzMLEP/jwFYjUsRA9d+Mqxf2+DTdUb 29D6PGVVM3cVG1O8S0zgLX3XaI7Scd0oDxQ5M2Q+LoHCj95BY1bPaJEmIxxBLbyj j46tOLRN2VHWF4xca6GtPWvqibMODrqVoipuSBhMtaHwjMvaJ/gn1ezDOvDwvklv ZWjkTWYAZnEyJR3VPgz1nG4120bMPux7sunQB0zAYTKDxb2LVCMZdeL79/d0tgDK zEQRtlgzUPbJdbrAHnY+dwo8SgFH0joVPbPCEUxdHGUaONdYZ9NhHiWh9gsNByPh 7TYzPCSeeGvTQZKjwSosVqM19TYMQkz2PLlJNEQIHaZuKvD4b+Nmt4slgTN0t3Uj zYP8cTm5AHIo0QL2hC4DD+2Q2ElQIzjieCNXlQp+u0RDUnDYIZXJ1RBO3EFCaELH tG+efSmysWxBj1mz0n6BRhWASTQos+pbCzvF9a9hFEZjta5eZDq6fTx4bEmt0XnH JOjEPcW9UKmG3/lr2fexdnuiiC9QSa0M6/w9QjY6dqzHcBj3gqJ4r9oCMuL6Er9U tDaC0uut6EJgdsPzSgFIH2ggbx9fKRshPgpJXY+ji/tAnbRwkNhATzUhsg3/Gcpy cIeKFIUjQvilqT/If7FNRmLzEN6UIf0pyX2dLbTBELWbrSiU71ifnahdawxBvdpe H+dNEnMIl+C5LWRwzhSM =ApSj -----END PGP SIGNATURE-----
--=-d0wpKFm+7Brt9CeujUz1--
--===============3051479878042981670== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============3051479878042981670==--
|
|
|
|