Linux News Today: FreeType Vulnerabilities Closed in All Supported Ubuntu OSes
Details about some FreeType vulnerabilities that have been found and fixed in Ubuntu 15.04, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS have been revealed in a new security notice.
A new version of FreeType has been pushed into the repositories and it’s actually fixing a number of security issues. FreeType 2 is a font engine library, so it’s not exactly an inconspicuous library.
“It was discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or hang, resulting in a denial of service, or possibly expose uninitialized memory,” reads the security notice.
These issues have been identified and corrected with this new update. For a more detailed description of the problems, you can see Canonical’s security notification. Users have been advised to upgrade their systems.
The problems can be repaired if you upgrade your system to the latest libfreetype6 packages specific to each distribution. To apply the patch, users will have to run the Update Manager application. A reboot of the system is not required, but users will need to log out and log back in to complete the procedure.
You can also choose to upgrade from the terminal. All you have to do is enter these commands in a terminal near you:
sudo apt-get update
sudo apt-get dist-upgrade