SCIENTIFIC-LINUX-ERRATA Archives

December 2019

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Moderate: freetype on SL6.x i386/x86_64
From:
Farhan Ahmed <[log in to unmask]>
Reply To:
[log in to unmask]
Date:
Wed, 18 Dec 2019 16:01:45 -0000
Content-Type:
text/plain
Parts/Attachments:
text/plain (34 lines) 
Synopsis: Moderate: freetype security update
Advisory ID:       SLSA-2019:4254-1
Issue Date:        2019-12-17
CVE Numbers:       CVE-2015-9381
                   CVE-2015-9382
--

Security Fix(es):

* freetype: a heap-based buffer over-read in T1_Get_Private_Dict in
type1/t1parse.c leading to information disclosure (CVE-2015-9381)

* freetype: mishandling ps_parser_skip_PS_token in an FT_New_Memory_Face
operation in skip_comment, psaux/psobjs.c, leads to a buffer over-read
(CVE-2015-9382)
--

SL6
  x86_64
    freetype-2.3.11-19.el6_10.i686.rpm
    freetype-2.3.11-19.el6_10.x86_64.rpm
    freetype-debuginfo-2.3.11-19.el6_10.i686.rpm
    freetype-debuginfo-2.3.11-19.el6_10.x86_64.rpm
    freetype-demos-2.3.11-19.el6_10.x86_64.rpm
    freetype-devel-2.3.11-19.el6_10.i686.rpm
    freetype-devel-2.3.11-19.el6_10.x86_64.rpm
  i386
    freetype-2.3.11-19.el6_10.i686.rpm
    freetype-debuginfo-2.3.11-19.el6_10.i686.rpm
    freetype-demos-2.3.11-19.el6_10.i686.rpm
    freetype-devel-2.3.11-19.el6_10.i686.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2