Описание
Security update for fontforge
This update for fontforge fixes the following issues:
- CVE-2024-25081: Fixed command injection via crafted filenames (bsc#1220404).
- CVE-2024-25082: Fixed command injection via crafted archives or compressed files (bsc#1220405).
Список пакетов
SUSE Enterprise Storage 7.1
fontforge-20200314-150200.3.6.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
fontforge-20200314-150200.3.6.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
fontforge-20200314-150200.3.6.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
fontforge-20200314-150200.3.6.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
fontforge-20200314-150200.3.6.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP5
fontforge-20200314-150200.3.6.1
SUSE Linux Enterprise Server 15 SP2-LTSS
fontforge-20200314-150200.3.6.1
SUSE Linux Enterprise Server 15 SP3-LTSS
fontforge-20200314-150200.3.6.1
SUSE Linux Enterprise Server 15 SP4-LTSS
fontforge-20200314-150200.3.6.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
fontforge-20200314-150200.3.6.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
fontforge-20200314-150200.3.6.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4
fontforge-20200314-150200.3.6.1
openSUSE Leap 15.5
fontforge-20200314-150200.3.6.1
fontforge-devel-20200314-150200.3.6.1
fontforge-doc-20200314-150200.3.6.1
Ссылки
- Link for SUSE-SU-2024:0864-1
- E-Mail link for SUSE-SU-2024:0864-1
- SUSE Security Ratings
- SUSE Bug 1220404
- SUSE Bug 1220405
- SUSE CVE CVE-2024-25081 page
- SUSE CVE CVE-2024-25082 page
Описание
Splinefont in FontForge through 20230101 allows command injection via crafted filenames.
Затронутые продукты
SUSE Enterprise Storage 7.1:fontforge-20200314-150200.3.6.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:fontforge-20200314-150200.3.6.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:fontforge-20200314-150200.3.6.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:fontforge-20200314-150200.3.6.1
Ссылки
- CVE-2024-25081
- SUSE Bug 1220404
Описание
Splinefont in FontForge through 20230101 allows command injection via crafted archives or compressed files.
Затронутые продукты
SUSE Enterprise Storage 7.1:fontforge-20200314-150200.3.6.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:fontforge-20200314-150200.3.6.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:fontforge-20200314-150200.3.6.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:fontforge-20200314-150200.3.6.1
Ссылки
- CVE-2024-25082
- SUSE Bug 1220405