1. Forum
  2. Fsxnet Message
  3. FSX BOT

  • FreeType vulnerability

    From boo_ubuntu@21:4/110 to Ubuntu Users on Tuesday, October 20, 2020 12:10:08
    freetype vulnerability

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 20.04 LTS
    * Ubuntu 18.04 LTS
    * Ubuntu 16.04 LTS

    Summary

    FreeType could be made to crash or run programs as your login if
    it opened a specially crafted file.

    Software Description

    * freetype - FreeType 2 is a font engine library

    Details

    Sergei Glazunov discovered that FreeType did not correctly handle
    certain malformed font files. If a user were tricked into using a
    specially crafted font file, a remote attacker could cause
    FreeType to crash or possibly execute arbitrary code with user
    privileges.

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 20.04 LTS
    libfreetype6 - 2.10.1-2ubuntu0.1

    Ubuntu 18.04 LTS
    libfreetype6 - 2.8.1-2ubuntu2.1

    Ubuntu 16.04 LTS
    libfreetype6 - 2.6.1-0.1ubuntu2.5

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    After a standard system update you need to restart your session to
    make all the necessary changes.

    References

    * CVE-2020-15999

    --- Mystic BBS v1.12 A46 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)
  • From boo_ubuntu@21:4/110 to Ubuntu Users on Thursday, October 22, 2020 12:10:06
    freetype vulnerability

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 14.04 ESM

    Summary

    FreeType could be made to crash or run programs as your login if
    it opened a specially crafted file.

    Software Description

    * freetype - FreeType 2 is a font engine library

    Details

    USN-4593-1 fixed a vulnerability in FreeType. This update provides
    the corresponding update for Ubuntu 14.04 ESM.

    Original advisory details:

    Sergei Glazunov discovered that FreeType did not correctly handle
    certain malformed font files. If a user were tricked into using a
    specially crafted font file, a remote attacker could cause
    FreeType to crash or possibly execute arbitrary code with user
    privileges.

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 14.04 ESM
    libfreetype6 - 2.5.2-1ubuntu2.8+esm2

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    After a standard system update you need to restart your session to
    make all the necessary changes.

    References

    * USN-4593-1
    * CVE-2020-15999

    --- Mystic BBS v1.12 A46 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)