LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

SCIENTIFIC-LINUX-ERRATA Archives

March 2015

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-ERRATA Home
	SCIENTIFIC-LINUX-ERRATA March 2015

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Security ERRATA Important: freetype on SL6.x, SL7.x i386/x86_64
From:	Pat Riehecky <[log in to unmask]>
Reply To:	[log in to unmask]
Date:	Wed, 25 Mar 2015 15:16:21 +0000
Content-Type:	text/plain
Parts/Attachments:	text/plain (62 lines)

Synopsis:          Important: freetype security update
Advisory ID:       SLSA-2015:0696-1
Issue Date:        2015-03-18
CVE Numbers:       CVE-2014-9657
                   CVE-2014-9658
                   CVE-2014-9660
                   CVE-2014-9661
                   CVE-2014-9663
                   CVE-2014-9664
                   CVE-2014-9667
                   CVE-2014-9669
                   CVE-2014-9670
                   CVE-2014-9671
                   CVE-2014-9673
                   CVE-2014-9674
                   CVE-2014-9675
--

Multiple integer overflow flaws and an integer signedness flaw, leading to
heap-based buffer overflows, were found in the way FreeType handled Mac
fonts. If a specially crafted font file was loaded by an application
linked against FreeType, it could cause the application to crash or,
potentially, execute arbitrary code with the privileges of the user
running the application. (CVE-2014-9673, CVE-2014-9674)

Multiple flaws were found in the way FreeType handled fonts in various
formats. If a specially crafted font file was loaded by an application
linked against FreeType, it could cause the application to crash or,
possibly, disclose a portion of the application memory. (CVE-2014-9657,
CVE-2014-9658, CVE-2014-9660, CVE-2014-9661, CVE-2014-9663, CVE-2014-9664,
CVE-2014-9667, CVE-2014-9669, CVE-2014-9670, CVE-2014-9671, CVE-2014-9675)

The X server must be restarted (log out, then log back in) for this update
to take effect.
--

SL6
  x86_64
    freetype-2.3.11-15.el6_6.1.i686.rpm
    freetype-2.3.11-15.el6_6.1.x86_64.rpm
    freetype-debuginfo-2.3.11-15.el6_6.1.i686.rpm
    freetype-debuginfo-2.3.11-15.el6_6.1.x86_64.rpm
    freetype-demos-2.3.11-15.el6_6.1.x86_64.rpm
    freetype-devel-2.3.11-15.el6_6.1.i686.rpm
    freetype-devel-2.3.11-15.el6_6.1.x86_64.rpm
  i386
    freetype-2.3.11-15.el6_6.1.i686.rpm
    freetype-debuginfo-2.3.11-15.el6_6.1.i686.rpm
    freetype-demos-2.3.11-15.el6_6.1.i686.rpm
    freetype-devel-2.3.11-15.el6_6.1.i686.rpm
SL7
  x86_64
    freetype-2.4.11-10.el7_1.1.i686.rpm
    freetype-2.4.11-10.el7_1.1.x86_64.rpm
    freetype-debuginfo-2.4.11-10.el7_1.1.i686.rpm
    freetype-debuginfo-2.4.11-10.el7_1.1.x86_64.rpm
    freetype-demos-2.4.11-10.el7_1.1.x86_64.rpm
    freetype-devel-2.4.11-10.el7_1.1.i686.rpm
    freetype-devel-2.4.11-10.el7_1.1.x86_64.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV