SCIENTIFIC-LINUX-ERRATA Archives

December 2019

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Moderate: freetype on SL6.x i386/x86_64
From:
Farhan Ahmed <[log in to unmask]>
Reply To:
[log in to unmask]
Date:
Wed, 18 Dec 2019 16:01:45 -0000
Content-Type:
text/plain
Parts/Attachments:
text/plain (34 lines) 
Synopsis: Moderate: freetype security update

Advisory ID:       SLSA-2019:4254-1

Issue Date:        2019-12-17

CVE Numbers:       CVE-2015-9381

                   CVE-2015-9382

--



Security Fix(es):



* freetype: a heap-based buffer over-read in T1_Get_Private_Dict in

type1/t1parse.c leading to information disclosure (CVE-2015-9381)



* freetype: mishandling ps_parser_skip_PS_token in an FT_New_Memory_Face

operation in skip_comment, psaux/psobjs.c, leads to a buffer over-read

(CVE-2015-9382)

--



SL6

  x86_64

    freetype-2.3.11-19.el6_10.i686.rpm

    freetype-2.3.11-19.el6_10.x86_64.rpm

    freetype-debuginfo-2.3.11-19.el6_10.i686.rpm

    freetype-debuginfo-2.3.11-19.el6_10.x86_64.rpm

    freetype-demos-2.3.11-19.el6_10.x86_64.rpm

    freetype-devel-2.3.11-19.el6_10.i686.rpm

    freetype-devel-2.3.11-19.el6_10.x86_64.rpm

  i386

    freetype-2.3.11-19.el6_10.i686.rpm

    freetype-debuginfo-2.3.11-19.el6_10.i686.rpm

    freetype-demos-2.3.11-19.el6_10.i686.rpm

    freetype-devel-2.3.11-19.el6_10.i686.rpm



- Scientific Linux Development Team

ATOM RSS1 RSS2