You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa FreeType

Sigurnosni nedostaci programskog paketa FreeType

==========================================================================
Ubuntu Security Notice USN-4126-1
September 09, 2019

freetype vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 16.04 LTS

Summary:

FreeType could be made to expose sensitive information if
if it opened a specially crafted font file.

Software Description:
– freetype: FreeType 2 is a font engine library

Details:

It was discovered that FreeType incorrectly handled certain font files.
An attacker could possibly use this issue to access sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
libfreetype6 2.6.1-0.1ubuntu2.4

After a standard system update you need to restart your session to make
all the necessary changes.

References:
https://usn.ubuntu.com/4126-1
CVE-2015-9383

Package Information:
https://launchpad.net/ubuntu/+source/freetype/2.6.1-0.1ubuntu2.4
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBAgAGBQJddppeAAoJEEW851uECx9paycQAJLVYcITOBHz4jP4b9PWl33O
UVoADXCL4cZl3LD4fZVq70vikP2xexGg3Y6QhhG65oNNCyoJ296ctoiQ9jqvzfyb
AGWH8gRV5y9OLTqgK6HiIYttBtUMaulO0ks9AumeUe4iiXsMnsUYwmcH4Lt7JR9v
DmkA8SMiTBxeJz7JLKv3ieXLE7W7mn/SSlZUAmtcXUkRd+ePCTZ6Pya1ZpAqb/Kp
AotURf0Wt1J5rIEdxhWPvvK2kKqUGTsboqJXhbItjp2sqB2zvTONPk3+QqNzdk1/
Juw/3/TIXzgzdHKsD8uvrR6RtN9b6XgwWmO5hxJtu1CePPu9LHByNX5x2RbTyWmN
PqelrEDjC0RY1aApH07Xg4o53CrasGukKb5cSxNGRx9Zxy4t5zyxba0OQ5GqEvfa
e3+Ux8hO3KL1ryFKYs79Q3aE0/KcNBusVct9FIRqyc4HvQtduLNOgCiKN/C3a1oz
/7Vowf4L5W2hQExSMMzh54axv5/DWOGdVdlvzKmI8FK0Szz8LUB8hGBbkVbAxQKO
9wZjs3oOGzuAexZcPoqnF2ptfFpRI1YnKF4nDQGySJZcWVE6fWCRPapNg7l5HtB+
Eyksme2Miw408iYQQ/aPa95Lc0nI0fsii2VJH3zixIIjRPiuEYniF7ZUQfSKJilC
2/t0HYeV3a0nyfGxvADS
=ZRjz
—–END PGP SIGNATURE—–

==========================================================================
Ubuntu Security Notice USN-4126-2
September 09, 2019

freetype vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 ESM
– Ubuntu 12.04 ESM

Summary:

FreeType could be made to expose sensitive information if it opened a
specially crafted font file.

Software Description:
– freetype: FreeType 2 is a font engine library

Details:

USN-4126-1 fixed a vulnerability in FreeType. This update provides
the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

It was discovered that FreeType incorrectly handled certain font files.
An attacker could possibly use this issue to access sensitive information.
(CVE-2015-9381, CVE-2015-9382)

Original advisory details:

It was discovered that FreeType incorrectly handled certain font files.
An attacker could possibly use this issue to access sensitive information.
(CVE-2015-9383)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
libfreetype6 2.5.2-1ubuntu2.8+esm1

Ubuntu 12.04 ESM:
libfreetype6 2.4.8-1ubuntu2.7

After a standard system update you need to restart your session to make
all the necessary changes.

References:
https://usn.ubuntu.com/4126-2
https://usn.ubuntu.com/4126-1
CVE-2015-9381, CVE-2015-9382, CVE-2015-9383
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBAgAGBQJddqVnAAoJEEW851uECx9p0ggP/2IapELOQcX0hNdNzL2DyVPZ
wY3Uk2uYN90RjOQS0jH/+vVwVdcVvRfYVWZIkB+YXHboHo9WpV2BMoSkXahJIn1D
uqaBsrZyYCUnlYdUrwt3sj+C+B5j2WQra8FnBRG1A1PkhU47cOoWJxtHdM/m8d0X
F4mWh19daxOzpuYK+HeVWAD2Pvuk7mQKDLxnD3Uow0QBfA/xTBhytCVfaPdTCdrN
XGimSegGDxA/AtrRcLr4iWVuiTcbkg4ICktYf7HEVQXelsGuUrxtGiAvkiZMge9I
3vKPE043wEdYRAhJpGEyj3R0gHXtJEsR/aoGPfS7QurMYR37O21xtcMTG54I86ux
pysiBCCuq+2chH2HIamT7ajt+fmjLWXYa+G57sv8B8hyLhbNqiIG5Pal10+ybulX
r+3/TvruGTNoUNnr90lsj5ctbemg94Rc66ZmdtrAtEqR/V6mK5/rffOx0eUirtPG
mOkknidrXQAQS8E13MA/mmhyEYp6CYTXTCzHWV3qkCHc/zEzDTWbNegEQSk84hHh
9Fy1TVHhdgfpCzgykVHwWQSgloSdGRCjsyXBEg06ncA/y7NQj5zvR6rJqQD5p6lb
UqzsPxmED+5LmqYe0uz8MxXLcfptef+r+iBnIdnjTe5yrXbnXIXoLPYjLpX8w9GC
DF6KFqKsrYAO/hqWVHLh
=oVKX
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostatak programskog paketa memcached

Otkriven je sigurnosni nedostatak u programskom paketu memcached za operacijski sustav Ubuntu. Otkriveni nedostatak potencijalnim napadačima omogućuje otkrivanje osjetljivih informacija....

Close