Debian Long Term Support / LTS Security Information / 2015 / Security Information -- DLA-319-1 freetype

Debian Security Advisory

DLA-319-1 freetype -- LTS security update

Date Reported:

30 Sep 2015

Affected Packages:

freetype

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 798619, Bug 798620.
In Mitre's CVE dictionary: CVE-2014-9745, CVE-2014-9746, CVE-2014-9747.

More information:

Sergey Gorbaty reported issues related to the FreeType font engine. FreeType improperly handled certain malformed font files, allowing remote attackers to cause a Denial of Service when specially crafted font files were used.

For Debian 6 Squeeze, these issues have been fixed in freetype version 2.4.2-2.1+squeeze6. We recommend you to upgrade your freetype packages.