Debian Security Advisory

DLA-319-1 freetype -- LTS security update

Date Reported:
30 Sep 2015
Affected Packages:
Security database references:
In the Debian bugtracking system: Bug 798619, Bug 798620.
In Mitre's CVE dictionary: CVE-2014-9745, CVE-2014-9746, CVE-2014-9747.
More information:

Sergey Gorbaty reported issues related to the FreeType font engine. FreeType improperly handled certain malformed font files, allowing remote attackers to cause a Denial of Service when specially crafted font files were used.

For Debian 6 Squeeze, these issues have been fixed in freetype version 2.4.2-2.1+squeeze6. We recommend you to upgrade your freetype packages.