==========================================================================
Ubuntu Security Notice USN-2739-1
September 10, 2015
freetype vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 15.04
– Ubuntu 14.04 LTS
– Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in FreeType.
Software Description:
– freetype: FreeType 2 is a font engine library
Details:
It was discovered that FreeType did not correctly handle certain malformed
font files. If a user were tricked into using a specially crafted font
file, a remote attacker could cause FreeType to crash or hang, resulting in
a denial of service, or possibly expose uninitialized memory.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 15.04:
libfreetype6 2.5.2-2ubuntu3.1
Ubuntu 14.04 LTS:
libfreetype6 2.5.2-1ubuntu2.5
Ubuntu 12.04 LTS:
libfreetype6 2.4.8-1ubuntu2.3
After a standard system update you need to restart your session to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2739-1
https://launchpad.net/bugs/1449225, https://launchpad.net/bugs/1492124
Package Information:
https://launchpad.net/ubuntu/+source/freetype/2.5.2-2ubuntu3.1
https://launchpad.net/ubuntu/+source/freetype/2.5.2-1ubuntu2.5
https://launchpad.net/ubuntu/+source/freetype/2.4.8-1ubuntu2.3
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2
iQIcBAEBCgAGBQJV8cEEAAoJEGVp2FWnRL6Tj4gP/1bQeFpy4K2Md1JY1+x4j6Av
FjOYUWixfzD1kKZRz80jDv4bsrR3KDopCrF1jo48BvJRIxLP8qYA5QM98yZg0f0l
hMXoMSLeORx3drnv4dXXD0y0nwuWi1He7Y/ssipmZqi6av2hQjA9s/TSyZXMXAiP
2HHUgvic+LbjTLX5P8bfjogyuFE0K2PswOpW7F3uDnhUJJ/O61F/PwlM6hzMlvIq
G8awXUVkMoBW/Z/r1LIIMMSd2q/kXcDy+ulIm3KN5mWMiwK7zkVos+QThfoVZTYo
ROB4iwShKpMlhtZcicnmhdq9DSuu/w2tf0YgqTPFzcYV8nobG3xDBnLVoyBjoCIq
mNHUIjy4m/1wQEhcJQ2yYC85VRWV0pBPEjNCeBq8Fo6DmIh7Dfwt5nr4s4gt9IlH
ZpXP/Qh4SIQ4SG7SXcRACZmleLjA7alWlgWwoYuh98J6I5LrkAEPPwvXhkYt4Erp
T91axxmNbf2DyCF2OJhG2KdzDJIgCGhT0z7eidsYVwy6BBNIaGmMxpILaQrFIG3r
uuSkgeXR0oo0arNCKzH+oV65Yu9baSaVvbV5t8NVPAn8BcY0nyDvYD3WlQk1PwuZ
bgyM/0Fusg/SoVNL+zl0t1ytnffKKQP7NhTeSRid0gtFyl679wLHeaupevU44yHZ
kPOfijkrTJnCFm4Up1dr
=OIz4
—–END PGP SIGNATURE—–
—