|
|
Subscribe / Log in / New account

Debian-LTS alert DLA-256-1 (t1utils)



From:
    	      Santiago Ruano Rincón <santiagorr@riseup.net> 


To:
    	      debian-lts-announce@lists.debian.org 


Subject:
    	      [SECURITY] [DLA 256-1] t1utils security update 


Date:
    	      Mon, 29 Jun 2015 13:07:07 +0200


Message-ID:
    	      <20150629110707.GA23871@nomada>


Package        : t1utils
Version        : 1.36-1+deb6u1
CVE ID         : CVE-2015-3905
Debian Bug     : 779274

Jakub Wilk found a vulnerability in the Type 1 font manipulation
programs, t1utils:

CVE-2015-3905

    Buffer overflow in the set_cs_start function in t1disasm.c in t1utils
    before 1.39 allows remote attackers to cause a denial of service (crash)
    and possibly execute arbitrary code via a crafted font file.

For Debian 6 "Squeeze", this issue has been fixed in t1utils version
1.36-1+deb6u1.
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds