USN-4126-2

Source
https://ubuntu.com/security/notices/USN-4126-2
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4126-2.json
JSON Data
https://api.osv.dev/v1/vulns/USN-4126-2
Related
Published
2019-09-09T19:06:18.299926Z
Modified
2019-09-09T19:06:18.299926Z
Summary
freetype vulnerabilities
Details

USN-4126-1 fixed a vulnerability in FreeType. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

It was discovered that FreeType incorrectly handled certain font files. An attacker could possibly use this issue to access sensitive information. (CVE-2015-9381, CVE-2015-9382)

Original advisory details:

It was discovered that FreeType incorrectly handled certain font files. An attacker could possibly use this issue to access sensitive information. (CVE-2015-9383)

References

Affected packages

Ubuntu:14.04:LTS / freetype

Package

Name
freetype
Purl
pkg:deb/ubuntu/freetype?arch=src?distro=trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.5.2-1ubuntu2.8+esm1

Affected versions

2.*

2.4.12-0ubuntu1
2.5.0.1-0ubuntu2
2.5.1-1ubuntu1
2.5.1-1ubuntu2
2.5.1-2ubuntu1
2.5.2-1ubuntu1
2.5.2-1ubuntu2
2.5.2-1ubuntu2.1
2.5.2-1ubuntu2.2
2.5.2-1ubuntu2.3
2.5.2-1ubuntu2.4
2.5.2-1ubuntu2.5
2.5.2-1ubuntu2.6
2.5.2-1ubuntu2.7
2.5.2-1ubuntu2.8

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "2.5.2-1ubuntu2.8+esm1",
            "binary_name": "libfreetype6-dev"
        },
        {
            "binary_version": "2.5.2-1ubuntu2.8+esm1",
            "binary_name": "libfreetype6-udeb"
        },
        {
            "binary_version": "2.5.2-1ubuntu2.8+esm1",
            "binary_name": "freetype2-demos"
        },
        {
            "binary_version": "2.5.2-1ubuntu2.8+esm1",
            "binary_name": "libfreetype6"
        }
    ]
}