- Detalji os-a: FED
- Važnost: IMP
- Operativni sustavi: L
- Kategorije: LFE
——————————————————————————–
Fedora Update Notification
FEDORA-2015-2237
2015-02-18 00:29:04
——————————————————————————–
Name : freetype
Product : Fedora 21
Version : 2.5.3
Release : 15.fc21
URL : http://www.freetype.org
Summary : A free and portable font rendering engine
Description :
The FreeType engine is a free and portable font rendering
engine, developed to provide advanced font support for a variety of
platforms and environments. FreeType is a library which can open and
manages font files as well as efficiently load, hint and render
individual glyphs. FreeType is not a font server or a complete
text-rendering library.
——————————————————————————–
Update Information:
This update fixes several security issues.
——————————————————————————–
ChangeLog:
* Tue Feb 17 2015 Marek Kasik <mkasik@redhat.com> – 2.5.3-15
– Fixes CVE-2014-9656
– Check `p’ before `num_glyphs’.
– Fixes CVE-2014-9657
– Check minimum size of `record_size’.
– Fixes CVE-2014-9658
– Use correct value for minimum table length test.
– Fixes CVE-2014-9675
– New macro that checks one character more than `strncmp’.
– Fixes CVE-2014-9660
– Check `_BDF_GLYPH_BITS’.
– Fixes CVE-2014-9661
– Initialize `face->ttf_size’.
– Always set `face->ttf_size’ directly.
– Exclusively use the `truetype’ font driver for loading
the font contained in the `sfnts’ array.
– Fixes CVE-2014-9662
– Handle return values of point allocation routines.
– Fixes CVE-2014-9663
– Fix order of validity tests.
– Fixes CVE-2014-9664
– Add another boundary testing.
– Fix boundary testing.
– Fixes CVE-2014-9665
– Protect against too large bitmaps.
– Fixes CVE-2014-9666
– Protect against addition and multiplication overflow.
– Fixes CVE-2014-9667
– Protect against addition overflow.
– Fixes CVE-2014-9668
– Protect against addition overflow.
– Fixes CVE-2014-9669
– Protect against overflow in additions and multiplications.
– Fixes CVE-2014-9670
– Add sanity checks for row and column values.
– Fixes CVE-2014-9671
– Check `size’ and `offset’ values.
– Fixes CVE-2014-9672
– Prevent a buffer overrun caused by a font including too many (> 63)
strings to store names[] table.
– Fixes CVE-2014-9673
– Fix integer overflow by a broken POST table in resource-fork.
– Fixes CVE-2014-9674
– Fix integer overflow by a broken POST table in resource-fork.
– Additional overflow check in the summation of POST fragment lengths.
– Resolves: #1191099, #1191191, #1191193
* Wed Dec 17 2014 Marek Kasik <mkasik@redhat.com> – 2.5.3-14
– Fix of URL of the bug #1172634
* Thu Dec 11 2014 Marek Kasik <mkasik@redhat.com> – 2.5.3-13
– Suppress an assert when hintMap.count == 0 in specific situations.
– Related: #1172634
* Wed Dec 10 2014 Marek Kasik <mkasik@redhat.com> – 2.5.3-12
– Don’t append to stem arrays after hintmask is constructed.
– Related: #1172634
——————————————————————————–
References:
[ 1 ] Bug #1191078 – CVE-2014-9656 freetype: integer overflow in the tt_sbit_decoder_load_image function in sfnt/ttsbit.c
https://bugzilla.redhat.com/show_bug.cgi?id=1191078
[ 2 ] Bug #1191081 – CVE-2014-9659 freetype: stack-based buffer overflow in cff/cf2intrp.c in the CFF CharString interpreter
https://bugzilla.redhat.com/show_bug.cgi?id=1191081
[ 3 ] Bug #1191083 – CVE-2014-9661 freetype: use-after-free in type42/t42parse.c
https://bugzilla.redhat.com/show_bug.cgi?id=1191083
[ 4 ] Bug #1191085 – CVE-2014-9663 freetype: out-of-bounds read in the tt_cmap4_validate function in sfnt/ttcmap.c
https://bugzilla.redhat.com/show_bug.cgi?id=1191085
[ 5 ] Bug #1191087 – CVE-2014-9665 freetype: integer overflow and heap-based buffer overflow in the Load_SBit_Png function in sfnt/pngshim.c
https://bugzilla.redhat.com/show_bug.cgi?id=1191087
[ 6 ] Bug #1191090 – CVE-2014-9667 freetype: integer overflow and out-of-bounds read in sfnt/ttload.c
https://bugzilla.redhat.com/show_bug.cgi?id=1191090
[ 7 ] Bug #1191092 – CVE-2014-9669 freetype: Multiple integer overflows in sfnt/ttcmap.c
https://bugzilla.redhat.com/show_bug.cgi?id=1191092
[ 8 ] Bug #1191093 – CVE-2014-9670 freetype: Multiple integer signedness errors in the pcf_get_encodings function inpcf/pcfread.c
https://bugzilla.redhat.com/show_bug.cgi?id=1191093
[ 9 ] Bug #1191079 – CVE-2014-9657 freetype: DoS in the tt_face_load_hdmx function in truetype/ttpload.c
https://bugzilla.redhat.com/show_bug.cgi?id=1191079
[ 10 ] Bug #1191080 – CVE-2014-9658 freetype: DoS in the tt_face_load_kern function in sfnt/ttkern.c
https://bugzilla.redhat.com/show_bug.cgi?id=1191080
[ 11 ] Bug #1191082 – CVE-2014-9660 freetype: NULL pointer dereference in the _bdf_parse_glyphs function in bdf/bdflib.c
https://bugzilla.redhat.com/show_bug.cgi?id=1191082
[ 12 ] Bug #1191084 – CVE-2014-9662 freetype: heap-based buffer overflow in cff/cf2ft.c
https://bugzilla.redhat.com/show_bug.cgi?id=1191084
[ 13 ] Bug #1191086 – CVE-2014-9664 freetype: out-of-bounds read via a crafted Type42 font
https://bugzilla.redhat.com/show_bug.cgi?id=1191086
[ 14 ] Bug #1191089 – CVE-2014-9666 freetype: integer overflow and out-of-bounds read in the tt_sbit_decoder_init function in sfnt/ttsbit.c
https://bugzilla.redhat.com/show_bug.cgi?id=1191089
[ 15 ] Bug #1191091 – CVE-2014-9668 freetype: integer overflow and heap-based buffer overflow in the woff_open_font function in sfnt/sfobjs.c
https://bugzilla.redhat.com/show_bug.cgi?id=1191091
[ 16 ] Bug #1191190 – CVE-2014-9674 freetype: integer overflow and heap-based buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c
https://bugzilla.redhat.com/show_bug.cgi?id=1191190
[ 17 ] Bug #1191192 – CVE-2014-9675 freetype: bypass the ASLR protection mechanism via a crafted BDF font
https://bugzilla.redhat.com/show_bug.cgi?id=1191192
——————————————————————————–
This update can be installed with the “yum” update program. Use
su -c ‘yum update freetype’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
——————————————————————————–
Fedora Update Notification
FEDORA-2015-2216
2015-02-18 00:28:13
——————————————————————————–
Name : freetype
Product : Fedora 20
Version : 2.5.0
Release : 9.fc20
URL : http://www.freetype.org
Summary : A free and portable font rendering engine
Description :
The FreeType engine is a free and portable font rendering
engine, developed to provide advanced font support for a variety of
platforms and environments. FreeType is a library which can open and
manages font files as well as efficiently load, hint and render
individual glyphs. FreeType is not a font server or a complete
text-rendering library.
——————————————————————————–
Update Information:
This update fixes several security issues.
——————————————————————————–
ChangeLog:
* Tue Feb 17 2015 Marek Kasik <mkasik@redhat.com> – 2.5.0-9
– Fixes CVE-2014-9656
– Check `p’ before `num_glyphs’.
– Fixes CVE-2014-9657
– Check minimum size of `record_size’.
– Fixes CVE-2014-9658
– Use correct value for minimum table length test.
– Fixes CVE-2014-9675
– New macro that checks one character more than `strncmp’.
– Fixes CVE-2014-9660
– Check `_BDF_GLYPH_BITS’.
– Fixes CVE-2014-9661
– Initialize `face->ttf_size’.
– Always set `face->ttf_size’ directly.
– Exclusively use the `truetype’ font driver for loading
the font contained in the `sfnts’ array.
– Fixes CVE-2014-9662
– Handle return values of point allocation routines.
– Fixes CVE-2014-9663
– Fix order of validity tests.
– Fixes CVE-2014-9664
– Add another boundary testing.
– Fix boundary testing.
– Fixes CVE-2014-9666
– Protect against addition and multiplication overflow.
– Fixes CVE-2014-9667
– Protect against addition overflow.
– Fixes CVE-2014-9669
– Protect against overflow in additions and multiplications.
– Fixes CVE-2014-9670
– Add sanity checks for row and column values.
– Fixes CVE-2014-9671
– Check `size’ and `offset’ values.
– Fixes CVE-2014-9672
– Prevent a buffer overrun caused by a font including too many (> 63)
strings to store names[] table.
– Fixes CVE-2014-9673
– Fix integer overflow by a broken POST table in resource-fork.
– Fixes CVE-2014-9674
– Fix integer overflow by a broken POST table in resource-fork.
– Additional overflow check in the summation of POST fragment lengths.
– Resolves: #1191099, #1191191, #1191193
* Wed Dec 17 2014 Marek Kasik <mkasik@redhat.com> – 2.5.0-8
– Fix of URL of the bug #1172634
* Thu Dec 11 2014 Marek Kasik <mkasik@redhat.com> – 2.5.0-7
– Suppress an assert when hintMap.count == 0 in specific situations.
– Resolves: #1172634
* Wed Dec 10 2014 Marek Kasik <mkasik@redhat.com> – 2.5.0-6
– Don’t append to stem arrays after hintmask is constructed.
– Resolves: #1172634
* Tue Mar 11 2014 Marek Kasik <mkasik@redhat.com> – 2.5.0-5
– Add freetype-2.5.0-CVE-2014-2240.patch
(Return when `hintMask’ is invalid.)
– Add freetype-2.5.0-CVE-2014-2241.patch
(Don’t call non-existing subroutines.)
– Resolves: #1074647
——————————————————————————–
References:
[ 1 ] Bug #1191192 – CVE-2014-9675 freetype: bypass the ASLR protection mechanism via a crafted BDF font
https://bugzilla.redhat.com/show_bug.cgi?id=1191192
[ 2 ] Bug #1191078 – CVE-2014-9656 freetype: integer underflow in the tt_sbit_decoder_load_image()
https://bugzilla.redhat.com/show_bug.cgi?id=1191078
[ 3 ] Bug #1191079 – CVE-2014-9657 freetype: off-by-one buffer over-read in tt_face_load_hdmx()
https://bugzilla.redhat.com/show_bug.cgi?id=1191079
[ 4 ] Bug #1191080 – CVE-2014-9658 freetype: DoS in the tt_face_load_kern function in sfnt/ttkern.c
https://bugzilla.redhat.com/show_bug.cgi?id=1191080
[ 5 ] Bug #1191081 – CVE-2014-9659 freetype: stack-based buffer overflow in cff/cf2intrp.c in the CFF CharString interpreter
https://bugzilla.redhat.com/show_bug.cgi?id=1191081
[ 6 ] Bug #1191082 – CVE-2014-9660 freetype: NULL pointer dereference in the _bdf_parse_glyphs function in bdf/bdflib.c
https://bugzilla.redhat.com/show_bug.cgi?id=1191082
[ 7 ] Bug #1191083 – CVE-2014-9661 freetype: use-after-free in type42/t42parse.c
https://bugzilla.redhat.com/show_bug.cgi?id=1191083
[ 8 ] Bug #1191084 – CVE-2014-9662 freetype: heap-based buffer overflow in cff/cf2ft.c
https://bugzilla.redhat.com/show_bug.cgi?id=1191084
[ 9 ] Bug #1191085 – CVE-2014-9663 freetype: out-of-bounds read in the tt_cmap4_validate function in sfnt/ttcmap.c
https://bugzilla.redhat.com/show_bug.cgi?id=1191085
[ 10 ] Bug #1191086 – CVE-2014-9664 freetype: out-of-bounds read via a crafted Type42 font
https://bugzilla.redhat.com/show_bug.cgi?id=1191086
[ 11 ] Bug #1191087 – CVE-2014-9665 freetype: integer overflow and heap-based buffer overflow in the Load_SBit_Png function in sfnt/pngshim.c
https://bugzilla.redhat.com/show_bug.cgi?id=1191087
[ 12 ] Bug #1191089 – CVE-2014-9666 freetype: integer overflow and out-of-bounds read in the tt_sbit_decoder_init function in sfnt/ttsbit.c
https://bugzilla.redhat.com/show_bug.cgi?id=1191089
[ 13 ] Bug #1191090 – CVE-2014-9667 freetype: integer overflow and out-of-bounds read in sfnt/ttload.c
https://bugzilla.redhat.com/show_bug.cgi?id=1191090
[ 14 ] Bug #1191091 – CVE-2014-9668 freetype: integer overflow and heap-based buffer overflow in the woff_open_font function in sfnt/sfobjs.c
https://bugzilla.redhat.com/show_bug.cgi?id=1191091
[ 15 ] Bug #1191092 – CVE-2014-9669 freetype: Multiple integer overflows in sfnt/ttcmap.c
https://bugzilla.redhat.com/show_bug.cgi?id=1191092
[ 16 ] Bug #1191093 – CVE-2014-9670 freetype: Multiple integer signedness errors in the pcf_get_encodings function inpcf/pcfread.c
https://bugzilla.redhat.com/show_bug.cgi?id=1191093
[ 17 ] Bug #1191190 – CVE-2014-9674 freetype: integer overflow and heap-based buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c
https://bugzilla.redhat.com/show_bug.cgi?id=1191190
——————————————————————————–
This update can be installed with the “yum” update program. Use
su -c ‘yum update freetype’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
| Autor | Tomislav Protega |
| Cert id | NCERT-REF-2015-02-0016-ADV |
| Cve | CVE-2010-2883 CVE-2010-2884 CVE-2010-2887 CVE-2010-2888 |
| ID izvornika | FEDORA-2015-2237 |
| Proizvod | freetype |
| Izvor | http://www.redhat.com |
