Sicherheit: Denial of Service in freetype2

Lesezeichen hinzufügen

openSUSE Security Update: Security update for freetype2
______________________________________________________________________________

Announcement ID: openSUSE-SU-2020:0704-1
Rating: moderate
References: #1079603 #1091109
Cross-References: CVE-2018-6942
Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________

An update that solves one vulnerability and has one errata
is now available.

Description:

This update for freetype2 to version 2.10.1 fixes the following issues:

Security issue fixed:

- CVE-2018-6942: Fixed a NULL pointer dereference within ttinerp.c
(bsc#1079603).

Non-security issues fixed:

- Update to version 2.10.1
* The bytecode hinting of OpenType variation fonts was flawed, since the
data in the `CVAR' table wasn't correctly applied.
* Auto-hinter support for Mongolian.
* The handling of the default character in PCF fonts as introduced in
version 2.10.0 was partially broken, causing premature abortion
of charmap iteration for many fonts.
* If `FT_Set_Named_Instance' was called with the same arguments
twice in a row, the function returned an incorrect error code the
second time.
* Direct rendering using FT_RASTER_FLAG_DIRECT crashed (bug
introduced in version 2.10.0).
* Increased precision while computing OpenType font variation
instances.
* The flattening algorithm of cubic Bezier curves was slightly
changed to make it faster. This can cause very subtle rendering
changes, which aren't noticeable by the eye, however.
* The auto-hinter now disables hinting if there are blue zones
defined for a `style' (i.e., a certain combination of a script and
its
related typographic features) but the font doesn't contain any
characters needed to set up at least one blue zone.
- Add tarball signatures and freetype2.keyring

- Update to version 2.10.0
* A bunch of new functions has been added to access and process
COLR/CPAL data of OpenType fonts with color-layered glyphs.
* As a GSoC 2018 project, Nikhil Ramakrishnan completely
overhauled and modernized the API reference.
* The logic for computing the global ascender, descender, and height of
OpenType fonts has been slightly adjusted for consistency.
* `TT_Set_MM_Blend' could fail if called repeatedly with the same
arguments.
* The precision of handling deltas in Variation Fonts has been
increased.The problem did only show up with multidimensional
designspaces.
* New function `FT_Library_SetLcdGeometry' to set up the geometry
of LCD subpixels.
* FreeType now uses the `defaultChar' property of PCF fonts to set the
glyph for the undefined character at glyph index 0 (as FreeType
already does for all other supported font formats). As a consequence,
the order of glyphs of a PCF font if accessed with FreeType can be
different now compared to previous versions. This change doesn't
affect PCF font access with cmaps.
* `FT_Select_Charmap' has been changed to allow parameter value
`FT_ENCODING_NONE', which is valid for BDF, PCF, and Windows FNT
formats to access built-in cmaps that don't have a predefined
`FT_Encoding' value.
* A previously reserved field in the `FT_GlyphSlotRec' structure now
holds the glyph index.
* The usual round of fuzzer bug fixes to better reject malformed fonts.
* `FT_Outline_New_Internal' and `FT_Outline_Done_Internal' have
been
removed.These two functions were public by oversight only and were
never documented.
* A new function `FT_Error_String' returns descriptions of error codes
if configuration macro FT_CONFIG_OPTION_ERROR_STRINGS is defined.
* `FT_Set_MM_WeightVector' and `FT_Get_MM_WeightVector' are new
functions limited to Adobe MultiMaster fonts to directly set and get
the weight vector.

- Enable subpixel rendering with infinality config:

- Re-enable freetype-config, there is just too many fallouts.

- Update to version 2.9.1
* Type 1 fonts containing flex features were not rendered correctly (bug
introduced in version 2.9).
* CVE-2018-6942: Older FreeType versions can crash with certain
malformed variation fonts.
* Bug fix: Multiple calls to `FT_Get_MM_Var' returned garbage.
* Emboldening of bitmaps didn't work correctly sometimes, showing
various artifacts (bug introduced in version 2.8.1).
* The auto-hinter script ranges have been updated for Unicode 11. No
support for new scripts have been added, however, with the exception
of Georgian Mtavruli.
- freetype-config is now deprecated by upstream and not enabled by default.

- Update to version 2.10.1
* The `ftmulti' demo program now supports multiple hidden axes with
the
same name tag.
* `ftview', `ftstring', and `ftgrid' got a `-k' command
line option to
emulate a sequence of keystrokes at start-up.
* `ftview', `ftstring', and `ftgrid' now support screen
dumping to a PNG
file.
* The bytecode debugger, `ttdebug', now supports variation TrueType
fonts; a variation font instance can be selected with the new `-d'
command line option.
- Add tarball signatures and freetype2.keyring

- Update to version 2.10.0
* The `ftdump' demo program has new options `-c' and `-C'
to display
charmaps in compact and detailed format, respectively. Option `-V'
has
been removed.
* The `ftview', `ftstring', and `ftgrid' demo programs use a
new command
line option `-d' to specify the program window's width, height,
and
color depth.
* The `ftview' demo program now displays red boxes for zero-width
glyphs.
* `ftglyph' has limited support to display fonts with color-layered
glyphs.This will be improved later on.
* `ftgrid' can now display bitmap fonts also.
* The `ttdebug' demo program has a new option `-f' to select a
member of
a TrueType collection (TTC).
* Other various improvements to the demo programs.

- Remove "Supplements: fonts-config" to avoid accidentally pulling
in Qt
dependencies on some non-Qt based desktops.(bsc#1091109) fonts-config is
fundamental but ft2demos seldom installs by end users.
only fonts-config maintainers/debuggers may use ft2demos along to debug
some issues.

- Update to version 2.9.1
* No changelog upstream.

This update was imported from the SUSE:SLE-15:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended
installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.1:

zypper in -t patch openSUSE-2020-704=1

Package List:

- openSUSE Leap 15.1 (i586 x86_64):

freetype2-debugsource-2.10.1-lp151.4.3.1
freetype2-devel-2.10.1-lp151.4.3.1
libfreetype6-2.10.1-lp151.4.3.1
libfreetype6-debuginfo-2.10.1-lp151.4.3.1

- openSUSE Leap 15.1 (x86_64):

freetype2-devel-32bit-2.10.1-lp151.4.3.1
ft2demos-2.10.1-lp151.4.3.1
ftbench-2.10.1-lp151.4.3.1
ftdiff-2.10.1-lp151.4.3.1
ftdump-2.10.1-lp151.4.3.1
ftgamma-2.10.1-lp151.4.3.1
ftgrid-2.10.1-lp151.4.3.1
ftinspect-2.10.1-lp151.4.3.1
ftlint-2.10.1-lp151.4.3.1
ftmulti-2.10.1-lp151.4.3.1
ftstring-2.10.1-lp151.4.3.1
ftvalid-2.10.1-lp151.4.3.1
ftview-2.10.1-lp151.4.3.1
libfreetype6-32bit-2.10.1-lp151.4.3.1
libfreetype6-32bit-debuginfo-2.10.1-lp151.4.3.1

- openSUSE Leap 15.1 (noarch):

freetype2-profile-tti35-2.10.1-lp151.4.3.1

References:

https://www.suse.com/security/cve/CVE-2018-6942.html
https://bugzilla.suse.com/1079603
https://bugzilla.suse.com/1091109

--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org