[ALSA-2024:9439] Moderate: fontforge security update
Type:
security
Severity:
moderate
Release date:
2024-11-18
Description:
FontForge is a font editor for outline and bitmap fonts. It supports a range of font formats, including PostScript (ASCII and binary Type 1, some Type 3 and Type 0), TrueType, OpenType (Type2) and CID-keyed fonts. Security Fix(es): * fontforge: command injection via crafted archives or compressed files (CVE-2024-25082) * fontforge: command injection via crafted filenames (CVE-2024-25081) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 fontforge-20201107-6.el9.aarch64.rpm d66c8ff824d5c7d8a6a928435a0b417625a515339a9e615d6d057ac7f3a91f7d
i686 fontforge-20201107-6.el9.i686.rpm 702d5256b986bd6bd7e3d7326779d2a2e9f7b7e2fb9421d55e0d0023fa08183b
ppc64le fontforge-20201107-6.el9.ppc64le.rpm 9fe1327a8bbcfe2e032d7ed2be50364aaa49a95a4e672c19e9c66b94147d21ad
s390x fontforge-20201107-6.el9.s390x.rpm f282e4142f9e64540475d754ae3bed76845a102c5ab8e20dbf6b7044ba05e645
x86_64 fontforge-20201107-6.el9.x86_64.rpm d0d77f39a1f2dfdb55076a7b0fd0e897b83b65d0ff41f2683e85bb881aeeffe2
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.