Security update for freetype2 SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2020:1734-1 Final 1 1 2020-10-25T13:21:03Z current 2020-10-25T13:21:03Z 2020-10-25T13:21:03Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for freetype2 This update for freetype2 fixes the following issues: - CVE-2020-15999: fixed a heap buffer overflow found in the handling of embedded PNG bitmaps (bsc#1177914). This update was imported from the SUSE:SLE-15:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2020-1734 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/Z6MSPBOHA3QD3XDIF4K4XJIZRWNJYUFS/ E-Mail link for openSUSE-SU-2020:1734-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1177914 SUSE Bug 1177914 https://www.suse.com/security/cve/CVE-2020-15999/ SUSE CVE CVE-2020-15999 page openSUSE Leap 15.1 freetype2-devel-2.10.1-lp151.4.6.1 freetype2-devel-32bit-2.10.1-lp151.4.6.1 freetype2-profile-tti35-2.10.1-lp151.4.6.1 ft2demos-2.10.1-lp151.4.6.1 ftbench-2.10.1-lp151.4.6.1 ftdiff-2.10.1-lp151.4.6.1 ftdump-2.10.1-lp151.4.6.1 ftgamma-2.10.1-lp151.4.6.1 ftgrid-2.10.1-lp151.4.6.1 ftinspect-2.10.1-lp151.4.6.1 ftlint-2.10.1-lp151.4.6.1 ftmulti-2.10.1-lp151.4.6.1 ftstring-2.10.1-lp151.4.6.1 ftvalid-2.10.1-lp151.4.6.1 ftview-2.10.1-lp151.4.6.1 libfreetype6-2.10.1-lp151.4.6.1 libfreetype6-32bit-2.10.1-lp151.4.6.1 freetype2-devel-2.10.1-lp151.4.6.1 as a component of openSUSE Leap 15.1 freetype2-devel-32bit-2.10.1-lp151.4.6.1 as a component of openSUSE Leap 15.1 freetype2-profile-tti35-2.10.1-lp151.4.6.1 as a component of openSUSE Leap 15.1 ft2demos-2.10.1-lp151.4.6.1 as a component of openSUSE Leap 15.1 ftbench-2.10.1-lp151.4.6.1 as a component of openSUSE Leap 15.1 ftdiff-2.10.1-lp151.4.6.1 as a component of openSUSE Leap 15.1 ftdump-2.10.1-lp151.4.6.1 as a component of openSUSE Leap 15.1 ftgamma-2.10.1-lp151.4.6.1 as a component of openSUSE Leap 15.1 ftgrid-2.10.1-lp151.4.6.1 as a component of openSUSE Leap 15.1 ftinspect-2.10.1-lp151.4.6.1 as a component of openSUSE Leap 15.1 ftlint-2.10.1-lp151.4.6.1 as a component of openSUSE Leap 15.1 ftmulti-2.10.1-lp151.4.6.1 as a component of openSUSE Leap 15.1 ftstring-2.10.1-lp151.4.6.1 as a component of openSUSE Leap 15.1 ftvalid-2.10.1-lp151.4.6.1 as a component of openSUSE Leap 15.1 ftview-2.10.1-lp151.4.6.1 as a component of openSUSE Leap 15.1 libfreetype6-2.10.1-lp151.4.6.1 as a component of openSUSE Leap 15.1 libfreetype6-32bit-2.10.1-lp151.4.6.1 as a component of openSUSE Leap 15.1 Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-15999 openSUSE Leap 15.1:freetype2-devel-2.10.1-lp151.4.6.1 openSUSE Leap 15.1:freetype2-devel-32bit-2.10.1-lp151.4.6.1 openSUSE Leap 15.1:freetype2-profile-tti35-2.10.1-lp151.4.6.1 openSUSE Leap 15.1:ft2demos-2.10.1-lp151.4.6.1 openSUSE Leap 15.1:ftbench-2.10.1-lp151.4.6.1 openSUSE Leap 15.1:ftdiff-2.10.1-lp151.4.6.1 openSUSE Leap 15.1:ftdump-2.10.1-lp151.4.6.1 openSUSE Leap 15.1:ftgamma-2.10.1-lp151.4.6.1 openSUSE Leap 15.1:ftgrid-2.10.1-lp151.4.6.1 openSUSE Leap 15.1:ftinspect-2.10.1-lp151.4.6.1 openSUSE Leap 15.1:ftlint-2.10.1-lp151.4.6.1 openSUSE Leap 15.1:ftmulti-2.10.1-lp151.4.6.1 openSUSE Leap 15.1:ftstring-2.10.1-lp151.4.6.1 openSUSE Leap 15.1:ftvalid-2.10.1-lp151.4.6.1 openSUSE Leap 15.1:ftview-2.10.1-lp151.4.6.1 openSUSE Leap 15.1:libfreetype6-2.10.1-lp151.4.6.1 openSUSE Leap 15.1:libfreetype6-32bit-2.10.1-lp151.4.6.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/Z6MSPBOHA3QD3XDIF4K4XJIZRWNJYUFS/ https://www.suse.com/security/cve/CVE-2020-15999.html CVE-2020-15999 https://bugzilla.suse.com/1177914 SUSE Bug 1177914 https://bugzilla.suse.com/1177936 SUSE Bug 1177936 https://bugzilla.suse.com/1178824 SUSE Bug 1178824 https://bugzilla.suse.com/1178894 SUSE Bug 1178894