Security update for freetype2 SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:0420-1 Final 1 1 2018-02-12T06:41:34Z current 2018-02-12T06:41:34Z 2018-02-12T06:41:34Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for freetype2 This update for freetype2 fixes the following security issues: - CVE-2016-10244: Make sure that the parse_charstrings function in type1/t1load.c does ensure that a font contains a glyph name to prevent a DoS through a heap-based buffer over-read or possibly have unspecified other impact via a crafted file (bsc#1028103) - CVE-2017-8105: Fix an out-of-bounds write caused by a heap-based buffer overflow related to the t1_decoder_parse_charstrings function in psaux/t1decode.ca (bsc#1035807) - CVE-2017-8287: an out-of-bounds write caused by a heap-based buffer overflow related to the t1_builder_close_contour function in psaux/psobjs.c (bsc#1036457) - Fix several integer overflow issues in truetype/ttinterp.c (bsc#1079600) This update was imported from the SUSE:SLE-12-SP2:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2018-02/msg00016.html E-Mail link for openSUSE-SU-2018:0420-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 freetype2-2.6.3-5.3.1 freetype2-devel-2.6.3-5.3.1 freetype2-devel-32bit-2.6.3-5.3.1 ft2demos-2.6.3-5.3.1 libfreetype6-2.6.3-5.3.1 libfreetype6-32bit-2.6.3-5.3.1 freetype2-2.6.3-5.3.1 as a component of openSUSE Leap 42.3 freetype2-devel-2.6.3-5.3.1 as a component of openSUSE Leap 42.3 freetype2-devel-32bit-2.6.3-5.3.1 as a component of openSUSE Leap 42.3 ft2demos-2.6.3-5.3.1 as a component of openSUSE Leap 42.3 libfreetype6-2.6.3-5.3.1 as a component of openSUSE Leap 42.3 libfreetype6-32bit-2.6.3-5.3.1 as a component of openSUSE Leap 42.3 The parse_charstrings function in type1/t1load.c in FreeType 2 before 2.7 does not ensure that a font contains a glyph name, which allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted file. CVE-2016-10244 openSUSE Leap 42.3:freetype2-2.6.3-5.3.1 openSUSE Leap 42.3:freetype2-devel-2.6.3-5.3.1 openSUSE Leap 42.3:freetype2-devel-32bit-2.6.3-5.3.1 openSUSE Leap 42.3:ft2demos-2.6.3-5.3.1 openSUSE Leap 42.3:libfreetype6-2.6.3-5.3.1 openSUSE Leap 42.3:libfreetype6-32bit-2.6.3-5.3.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-02/msg00016.html https://www.suse.com/security/cve/CVE-2016-10244.html CVE-2016-10244 https://bugzilla.suse.com/1028103 SUSE Bug 1028103 FreeType 2 before 2017-02-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tt_size_reset function in truetype/ttobjs.c. CVE-2017-7864 openSUSE Leap 42.3:freetype2-2.6.3-5.3.1 openSUSE Leap 42.3:freetype2-devel-2.6.3-5.3.1 openSUSE Leap 42.3:freetype2-devel-32bit-2.6.3-5.3.1 openSUSE Leap 42.3:ft2demos-2.6.3-5.3.1 openSUSE Leap 42.3:libfreetype6-2.6.3-5.3.1 openSUSE Leap 42.3:libfreetype6-32bit-2.6.3-5.3.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-02/msg00016.html https://www.suse.com/security/cve/CVE-2017-7864.html CVE-2017-7864 https://bugzilla.suse.com/1034178 SUSE Bug 1034178 FreeType 2 before 2017-03-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_decoder_parse_charstrings function in psaux/t1decode.c. CVE-2017-8105 openSUSE Leap 42.3:freetype2-2.6.3-5.3.1 openSUSE Leap 42.3:freetype2-devel-2.6.3-5.3.1 openSUSE Leap 42.3:freetype2-devel-32bit-2.6.3-5.3.1 openSUSE Leap 42.3:ft2demos-2.6.3-5.3.1 openSUSE Leap 42.3:libfreetype6-2.6.3-5.3.1 openSUSE Leap 42.3:libfreetype6-32bit-2.6.3-5.3.1 moderate 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-02/msg00016.html https://www.suse.com/security/cve/CVE-2017-8105.html CVE-2017-8105 https://bugzilla.suse.com/1034186 SUSE Bug 1034186 https://bugzilla.suse.com/1035807 SUSE Bug 1035807 https://bugzilla.suse.com/1036457 SUSE Bug 1036457 https://bugzilla.suse.com/1079459 SUSE Bug 1079459 FreeType 2 before 2017-03-26 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_builder_close_contour function in psaux/psobjs.c. CVE-2017-8287 openSUSE Leap 42.3:freetype2-2.6.3-5.3.1 openSUSE Leap 42.3:freetype2-devel-2.6.3-5.3.1 openSUSE Leap 42.3:freetype2-devel-32bit-2.6.3-5.3.1 openSUSE Leap 42.3:ft2demos-2.6.3-5.3.1 openSUSE Leap 42.3:libfreetype6-2.6.3-5.3.1 openSUSE Leap 42.3:libfreetype6-32bit-2.6.3-5.3.1 moderate 2.6 AV:N/AC:H/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-02/msg00016.html https://www.suse.com/security/cve/CVE-2017-8287.html CVE-2017-8287 https://bugzilla.suse.com/1034186 SUSE Bug 1034186 https://bugzilla.suse.com/1035807 SUSE Bug 1035807 https://bugzilla.suse.com/1036457 SUSE Bug 1036457 https://bugzilla.suse.com/1079459 SUSE Bug 1079459