exploitDog

SUSE-SU-2024:0863-1

Опубликовано: 13 мар. 2024

Источник: suse-cvrf

Описание

Security update for fontforge

This update for fontforge fixes the following issues:

CVE-2024-25081: Fixed command injection via crafted filenames (bsc#1220404).
CVE-2024-25082: Fixed command injection via crafted archives or compressed files (bsc#1220405).

Список пакетов

SUSE Linux Enterprise Software Development Kit 12 SP5

fontforge-20170731-11.17.1

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20240863-1/
Link for SUSE-SU-2024:0863-1
https://lists.suse.com/pipermail/sle-security-updates/2024-March/018157.html
E-Mail link for SUSE-SU-2024:0863-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1220404
SUSE Bug 1220404
https://bugzilla.suse.com/1220405
SUSE Bug 1220405
https://www.suse.com/security/cve/CVE-2024-25081/
SUSE CVE CVE-2024-25081 page
https://www.suse.com/security/cve/CVE-2024-25082/
SUSE CVE CVE-2024-25082 page

Описание

Splinefont in FontForge through 20230101 allows command injection via crafted filenames.

Затронутые продукты

SUSE Linux Enterprise Software Development Kit 12 SP5:fontforge-20170731-11.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-25081.html
CVE-2024-25081
https://bugzilla.suse.com/1220404
SUSE Bug 1220404

Описание

Splinefont in FontForge through 20230101 allows command injection via crafted archives or compressed files.

Затронутые продукты

SUSE Linux Enterprise Software Development Kit 12 SP5:fontforge-20170731-11.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-25082.html
CVE-2024-25082
https://bugzilla.suse.com/1220405
SUSE Bug 1220405