moderate: fonttools security update
moderate
An update for fonttools is now available for NewStart CGSL MAIN 7.02.
NewStart Security has rated this update as having a security impact of moderate. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
fonttools:
Security Fix(es):
fonttools: A flaw was found in the subsetting module of FontTools, which contains an XML External Entity Injection (XXE) vulnerability. This flaw allows malicious actors to exploit the parsing of candidate fonts, particularly those with an OT-SVG format that includes an SVG table. Through this vulnerability, attackers can manipulate the system to resolve arbitrary entities, potentially allowing them to include files from the filesystem where FontTools is operating or even initiate web requests from the host system.(CVE-2023-45139)
fonttools: bugfix
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 7.02.03B8.