fontforge-20200314-6.el8

エラータID: AXSA:2024-8552:01

Release date: 
Wednesday, July 10, 2024 - 17:27
Subject: 
fontforge-20200314-6.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

FontForge is a font editor for outline and bitmap fonts. It supports a range of font formats, including PostScript (ASCII and binary Type 1, some Type 3 and Type 0), TrueType, OpenType (Type2) and CID-keyed fonts.

Security Fix(es):

* fontforge: command injection via crafted filenames (CVE-2024-25081)
* fontforge: command injection via crafted archives or compressed files (CVE-2024-25082)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-25081
Splinefont in FontForge through 20230101 allows command injection via crafted filenames.
CVE-2024-25082
Splinefont in FontForge through 20230101 allows command injection via crafted archives or compressed files.

Solution: 

Update packages.

CVEs: 
CVE-2024-25081
Splinefont in FontForge through 20230101 allows command injection via crafted filenames.
CVE-2024-25082
Splinefont in FontForge through 20230101 allows command injection via crafted archives or compressed files.
Additional Info: 

N/A

Download: 

SRPMS
  1. fontforge-20200314-6.el8.src.rpm
    MD5: bdf1b428732a3d5eb8d4ce51c671a1bd
    SHA-256: b23a423f9c1faea2c25370b00af58e60ad348065dfdf2c6970f68133d90b7068
    Size: 17.78 MB

Asianux Server 8 for x86_64
  1. fontforge-20200314-6.el8.i686.rpm
    MD5: 4ed752a2aa7586d20b5be9b12a80c17f
    SHA-256: d078c1c140245a491d4d7508b5115ec3456bc1d381b492c1ade91a743c94cf4a
    Size: 5.55 MB
  2. fontforge-20200314-6.el8.x86_64.rpm
    MD5: f5bb9eec1adea1b80b42d84e88320db1
    SHA-256: 2bae81e4e9dd131c21f75aff013eab6326c25885dce7175dd4f9f490a2683a42
    Size: 5.39 MB