Updated fontforge packages fix security vulnerability
Publication date: 03 Jan 2018Modification date: 03 Jan 2018
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-11568 , CVE-2017-11569 , CVE-2017-11571 , CVE-2017-11572 , CVE-2017-11574 , CVE-2017-11575 , CVE-2017-11576 , CVE-2017-11577
Description
It was discovered that FontForge, a font editor, did not correctly
validate its input. An attacker could use this flaw by tricking a user
into opening a maliciously crafted OpenType font file, thus causing a
denial-of-service via application crash, or execution of arbitrary code
(CVE-2017-11568, CVE-2017-11569, CVE-2017-11571, CVE-2017-11572,
CVE-2017-11574, CVE-2017-11575, CVE-2017-11576, CVE-2017-11577).
References
- https://bugs.mageia.org/show_bug.cgi?id=21634
- https://www.debian.org/security/2017/dsa-3958
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11568
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11569
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11571
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11572
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11574
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11575
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11576
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11577
SRPMS
5/core
- fontforge-1.0-1.20120731.10.mga5
6/core
- fontforge-20161012-4.1.mga6