fontforge-20201107-6.el9

エラータID: AXSA:2024-9309:02

Release date: 
Thursday, December 12, 2024 - 21:35
Subject: 
fontforge-20201107-6.el9
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

FontForge is a font editor for outline and bitmap fonts. It supports a range of font formats, including PostScript (ASCII and binary Type 1, some Type 3 and Type 0), TrueType, OpenType (Type2) and CID-keyed fonts.

Security Fix(es):

* fontforge: command injection via crafted archives or compressed files (CVE-2024-25082)
* fontforge: command injection via crafted filenames (CVE-2024-25081)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the MIRACLE LINUX 9.5 Release Notes linked from the References section.

CVE-2024-25081
Splinefont in FontForge through 20230101 allows command injection via crafted filenames.
CVE-2024-25082
Splinefont in FontForge through 20230101 allows command injection via crafted archives or compressed files.

Solution: 

Update packages.

CVEs: 
CVE-2024-25081
Splinefont in FontForge through 20230101 allows command injection via crafted filenames.
CVE-2024-25082
Splinefont in FontForge through 20230101 allows command injection via crafted archives or compressed files.
Additional Info: 

N/A

Download: 

SRPMS
  1. fontforge-20201107-6.el9.src.rpm
    MD5: 0f49d8d0d5c84753823f93572559022b
    SHA-256: 2f5510cc0acb9f448bbffc8379808659ddef435672de87f2c713014199a8f7c3
    Size: 18.14 MB

Asianux Server 9 for x86_64
  1. fontforge-20201107-6.el9.i686.rpm
    MD5: 080e597d5f93b58cad331ab01f906043
    SHA-256: d91e6d9a5bbf9d124240502067b14885074e522b51130989b3200264be940ab6
    Size: 6.02 MB
  2. fontforge-20201107-6.el9.x86_64.rpm
    MD5: 081ff82254c4bca029694a4c138aa968
    SHA-256: 8896d10cf6441baaa2cf859ec2eaee867edce1575a62d7a66a73057cdf66b00f
    Size: 5.86 MB