Login
Login-Name Passwort


 
Newsletter
Werbung

Sicherheit: Mehrere Probleme in Freetype
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Freetype
ID: FEDORA-2015-2216
Distribution: Fedora
Plattformen: Fedora 20
Datum: Fr, 20. Februar 2015, 12:38
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9659
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9662
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9665
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9668
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9674
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675

Originalnachricht

Name        : freetype
Product : Fedora 20
Version : 2.5.0
Release : 9.fc20
URL : http://www.freetype.org
Summary : A free and portable font rendering engine
Description :
The FreeType engine is a free and portable font rendering
engine, developed to provide advanced font support for a variety of
platforms and environments. FreeType is a library which can open and
manages font files as well as efficiently load, hint and render
individual glyphs. FreeType is not a font server or a complete
text-rendering library.

-------------------------------------------------------------------------------
-
Update Information:

This update fixes several security issues.

-------------------------------------------------------------------------------
-
ChangeLog:

* Tue Feb 17 2015 Marek Kasik <mkasik@redhat.com> - 2.5.0-9
- Fixes CVE-2014-9656
- Check `p' before `num_glyphs'.
- Fixes CVE-2014-9657
- Check minimum size of `record_size'.
- Fixes CVE-2014-9658
- Use correct value for minimum table length test.
- Fixes CVE-2014-9675
- New macro that checks one character more than `strncmp'.
- Fixes CVE-2014-9660
- Check `_BDF_GLYPH_BITS'.
- Fixes CVE-2014-9661
- Initialize `face->ttf_size'.
- Always set `face->ttf_size' directly.
- Exclusively use the `truetype' font driver for loading
the font contained in the `sfnts' array.
- Fixes CVE-2014-9662
- Handle return values of point allocation routines.
- Fixes CVE-2014-9663
- Fix order of validity tests.
- Fixes CVE-2014-9664
- Add another boundary testing.
- Fix boundary testing.
- Fixes CVE-2014-9666
- Protect against addition and multiplication overflow.
- Fixes CVE-2014-9667
- Protect against addition overflow.
- Fixes CVE-2014-9669
- Protect against overflow in additions and multiplications.
- Fixes CVE-2014-9670
- Add sanity checks for row and column values.
- Fixes CVE-2014-9671
- Check `size' and `offset' values.
- Fixes CVE-2014-9672
- Prevent a buffer overrun caused by a font including too many (> 63)
strings to store names[] table.
- Fixes CVE-2014-9673
- Fix integer overflow by a broken POST table in resource-fork.
- Fixes CVE-2014-9674
- Fix integer overflow by a broken POST table in resource-fork.
- Additional overflow check in the summation of POST fragment lengths.
- Resolves: #1191099, #1191191, #1191193
* Wed Dec 17 2014 Marek Kasik <mkasik@redhat.com> - 2.5.0-8
- Fix of URL of the bug #1172634
* Thu Dec 11 2014 Marek Kasik <mkasik@redhat.com> - 2.5.0-7
- Suppress an assert when hintMap.count == 0 in specific situations.
- Resolves: #1172634
* Wed Dec 10 2014 Marek Kasik <mkasik@redhat.com> - 2.5.0-6
- Don't append to stem arrays after hintmask is constructed.
- Resolves: #1172634
* Tue Mar 11 2014 Marek Kasik <mkasik@redhat.com> - 2.5.0-5
- Add freetype-2.5.0-CVE-2014-2240.patch
(Return when `hintMask' is invalid.)
- Add freetype-2.5.0-CVE-2014-2241.patch
(Don't call non-existing subroutines.)
- Resolves: #1074647
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1191192 - CVE-2014-9675 freetype: bypass the ASLR protection
mechanism via a crafted BDF font
https://bugzilla.redhat.com/show_bug.cgi?id=1191192
[ 2 ] Bug #1191078 - CVE-2014-9656 freetype: integer underflow in the
tt_sbit_decoder_load_image()
https://bugzilla.redhat.com/show_bug.cgi?id=1191078
[ 3 ] Bug #1191079 - CVE-2014-9657 freetype: off-by-one buffer over-read in
tt_face_load_hdmx()
https://bugzilla.redhat.com/show_bug.cgi?id=1191079
[ 4 ] Bug #1191080 - CVE-2014-9658 freetype: DoS in the tt_face_load_kern
function in sfnt/ttkern.c
https://bugzilla.redhat.com/show_bug.cgi?id=1191080
[ 5 ] Bug #1191081 - CVE-2014-9659 freetype: stack-based buffer overflow in
cff/cf2intrp.c in the CFF CharString interpreter
https://bugzilla.redhat.com/show_bug.cgi?id=1191081
[ 6 ] Bug #1191082 - CVE-2014-9660 freetype: NULL pointer dereference in the
_bdf_parse_glyphs function in bdf/bdflib.c
https://bugzilla.redhat.com/show_bug.cgi?id=1191082
[ 7 ] Bug #1191083 - CVE-2014-9661 freetype: use-after-free in
type42/t42parse.c
https://bugzilla.redhat.com/show_bug.cgi?id=1191083
[ 8 ] Bug #1191084 - CVE-2014-9662 freetype: heap-based buffer overflow in
cff/cf2ft.c
https://bugzilla.redhat.com/show_bug.cgi?id=1191084
[ 9 ] Bug #1191085 - CVE-2014-9663 freetype: out-of-bounds read in the
tt_cmap4_validate function in sfnt/ttcmap.c
https://bugzilla.redhat.com/show_bug.cgi?id=1191085
[ 10 ] Bug #1191086 - CVE-2014-9664 freetype: out-of-bounds read via a
crafted Type42 font
https://bugzilla.redhat.com/show_bug.cgi?id=1191086
[ 11 ] Bug #1191087 - CVE-2014-9665 freetype: integer overflow and heap-based
buffer overflow in the Load_SBit_Png function in sfnt/pngshim.c
https://bugzilla.redhat.com/show_bug.cgi?id=1191087
[ 12 ] Bug #1191089 - CVE-2014-9666 freetype: integer overflow and
out-of-bounds read in the tt_sbit_decoder_init function in sfnt/ttsbit.c
https://bugzilla.redhat.com/show_bug.cgi?id=1191089
[ 13 ] Bug #1191090 - CVE-2014-9667 freetype: integer overflow and
out-of-bounds read in sfnt/ttload.c
https://bugzilla.redhat.com/show_bug.cgi?id=1191090
[ 14 ] Bug #1191091 - CVE-2014-9668 freetype: integer overflow and heap-based
buffer overflow in the woff_open_font function in sfnt/sfobjs.c
https://bugzilla.redhat.com/show_bug.cgi?id=1191091
[ 15 ] Bug #1191092 - CVE-2014-9669 freetype: Multiple integer overflows in
sfnt/ttcmap.c
https://bugzilla.redhat.com/show_bug.cgi?id=1191092
[ 16 ] Bug #1191093 - CVE-2014-9670 freetype: Multiple integer signedness
errors in the pcf_get_encodings function inpcf/pcfread.c
https://bugzilla.redhat.com/show_bug.cgi?id=1191093
[ 17 ] Bug #1191190 - CVE-2014-9674 freetype: integer overflow and heap-based
buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c
https://bugzilla.redhat.com/show_bug.cgi?id=1191190
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update freetype' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung