exploitDog

SUSE-SU-2020:0393-1

Опубликовано: 18 фев. 2020

Источник: suse-cvrf

Описание

Security update for fontforge

This update for fontforge fixes the following issues:

CVE-2020-5395: Fixed a use-after-free in SFD_GetFontMetaData() (bsc#1160220).
CVE-2020-5496: Fixed a heap-based buffer overflow in Type2NotDefSplines() (bsc#1160236).

Список пакетов

SUSE Linux Enterprise Software Development Kit 12 SP4

fontforge-20170731-11.11.1

SUSE Linux Enterprise Software Development Kit 12 SP5

fontforge-20170731-11.11.1

Ссылки

https://www.suse.com/support/update/announcement/2020/suse-su-20200393-1/
Link for SUSE-SU-2020:0393-1
https://lists.suse.com/pipermail/sle-security-updates/2020-February/006489.html
E-Mail link for SUSE-SU-2020:0393-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1160220
SUSE Bug 1160220
https://bugzilla.suse.com/1160236
SUSE Bug 1160236
https://www.suse.com/security/cve/CVE-2020-5395/
SUSE CVE CVE-2020-5395 page
https://www.suse.com/security/cve/CVE-2020-5496/
SUSE CVE CVE-2020-5496 page

Описание

FontForge 20190801 has a use-after-free in SFD_GetFontMetaData in sfd.c.

Затронутые продукты

SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.11.1

SUSE Linux Enterprise Software Development Kit 12 SP5:fontforge-20170731-11.11.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-5395.html
CVE-2020-5395
https://bugzilla.suse.com/1160220
SUSE Bug 1160220
https://bugzilla.suse.com/1178308
SUSE Bug 1178308

Описание

FontForge 20190801 has a heap-based buffer overflow in the Type2NotDefSplines() function in splinesave.c.

Затронутые продукты

SUSE Linux Enterprise Software Development Kit 12 SP4:fontforge-20170731-11.11.1

SUSE Linux Enterprise Software Development Kit 12 SP5:fontforge-20170731-11.11.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-5496.html
CVE-2020-5496
https://bugzilla.suse.com/1160236
SUSE Bug 1160236