exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Red Hat Security Advisory 2015-0696-01

Red Hat Security Advisory 2015-0696-01
Posted Mar 19, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0696-01 - FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. Multiple integer overflow flaws and an integer signedness flaw, leading to heap-based buffer overflows, were found in the way FreeType handled Mac fonts. If a specially crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2014-9657, CVE-2014-9658, CVE-2014-9660, CVE-2014-9661, CVE-2014-9663, CVE-2014-9664, CVE-2014-9667, CVE-2014-9669, CVE-2014-9670, CVE-2014-9671, CVE-2014-9673, CVE-2014-9674, CVE-2014-9675
SHA-256 | 8aad9aa06e8c0583d9c577fe84ecb24280a7c96637da84542f66b7720c6336bf

Red Hat Security Advisory 2015-0696-01

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Important: freetype security update
Advisory ID: RHSA-2015:0696-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0696.html
Issue date: 2015-03-17
CVE Names: CVE-2014-9657 CVE-2014-9658 CVE-2014-9660
CVE-2014-9661 CVE-2014-9663 CVE-2014-9664
CVE-2014-9667 CVE-2014-9669 CVE-2014-9670
CVE-2014-9671 CVE-2014-9673 CVE-2014-9674
CVE-2014-9675
=====================================================================

1. Summary:

Updated freetype packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 6 and 7.

Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

3. Description:

FreeType is a free, high-quality, portable font engine that can open and
manage font files. It also loads, hints, and renders individual glyphs
efficiently.

Multiple integer overflow flaws and an integer signedness flaw, leading to
heap-based buffer overflows, were found in the way FreeType handled Mac
fonts. If a specially crafted font file was loaded by an application linked
against FreeType, it could cause the application to crash or, potentially,
execute arbitrary code with the privileges of the user running the
application. (CVE-2014-9673, CVE-2014-9674)

Multiple flaws were found in the way FreeType handled fonts in various
formats. If a specially crafted font file was loaded by an application
linked against FreeType, it could cause the application to crash or,
possibly, disclose a portion of the application memory. (CVE-2014-9657,
CVE-2014-9658, CVE-2014-9660, CVE-2014-9661, CVE-2014-9663, CVE-2014-9664,
CVE-2014-9667, CVE-2014-9669, CVE-2014-9670, CVE-2014-9671, CVE-2014-9675)

All freetype users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. The X server must be
restarted (log out, then log back in) for this update to take effect.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1191079 - CVE-2014-9657 freetype: off-by-one buffer over-read in tt_face_load_hdmx()
1191080 - CVE-2014-9658 freetype: buffer over-read and integer underflow in tt_face_load_kern()
1191082 - CVE-2014-9660 freetype: missing ENDCHAR NULL pointer dereference in the _bdf_parse_glyphs()
1191083 - CVE-2014-9661 freetype: out of bounds read in Type42 font parser
1191085 - CVE-2014-9663 freetype: out-of-bounds read in tt_cmap4_validate()
1191086 - CVE-2014-9664 freetype: off-by-one buffer over-read in parse_charstrings() / t42_parse_charstrings()
1191090 - CVE-2014-9667 freetype: integer overflow in tt_face_load_font_dir() leading to out-of-bounds read
1191092 - CVE-2014-9669 freetype: multiple integer overflows leading to buffer over-reads in cmap handling
1191093 - CVE-2014-9670 freetype: integer overflow in pcf_get_encodings() leading to NULL pointer dereference
1191094 - CVE-2014-9671 freetype: integer overflow in pcf_get_properties() leading to NULL pointer dereference
1191096 - CVE-2014-9673 freetype: integer signedness error in Mac_Read_POST_Resource() leading to heap-based buffer overflow
1191190 - CVE-2014-9674 freetype: multiple integer overflows Mac_Read_POST_Resource() leading to heap-based buffer overflows
1191192 - CVE-2014-9675 freetype: information leak in _bdf_add_property()

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
freetype-2.3.11-15.el6_6.1.src.rpm

i386:
freetype-2.3.11-15.el6_6.1.i686.rpm
freetype-debuginfo-2.3.11-15.el6_6.1.i686.rpm

x86_64:
freetype-2.3.11-15.el6_6.1.i686.rpm
freetype-2.3.11-15.el6_6.1.x86_64.rpm
freetype-debuginfo-2.3.11-15.el6_6.1.i686.rpm
freetype-debuginfo-2.3.11-15.el6_6.1.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386:
freetype-debuginfo-2.3.11-15.el6_6.1.i686.rpm
freetype-demos-2.3.11-15.el6_6.1.i686.rpm
freetype-devel-2.3.11-15.el6_6.1.i686.rpm

x86_64:
freetype-debuginfo-2.3.11-15.el6_6.1.i686.rpm
freetype-debuginfo-2.3.11-15.el6_6.1.x86_64.rpm
freetype-demos-2.3.11-15.el6_6.1.x86_64.rpm
freetype-devel-2.3.11-15.el6_6.1.i686.rpm
freetype-devel-2.3.11-15.el6_6.1.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
freetype-2.3.11-15.el6_6.1.src.rpm

x86_64:
freetype-2.3.11-15.el6_6.1.i686.rpm
freetype-2.3.11-15.el6_6.1.x86_64.rpm
freetype-debuginfo-2.3.11-15.el6_6.1.i686.rpm
freetype-debuginfo-2.3.11-15.el6_6.1.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

x86_64:
freetype-debuginfo-2.3.11-15.el6_6.1.i686.rpm
freetype-debuginfo-2.3.11-15.el6_6.1.x86_64.rpm
freetype-demos-2.3.11-15.el6_6.1.x86_64.rpm
freetype-devel-2.3.11-15.el6_6.1.i686.rpm
freetype-devel-2.3.11-15.el6_6.1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
freetype-2.3.11-15.el6_6.1.src.rpm

i386:
freetype-2.3.11-15.el6_6.1.i686.rpm
freetype-debuginfo-2.3.11-15.el6_6.1.i686.rpm
freetype-devel-2.3.11-15.el6_6.1.i686.rpm

ppc64:
freetype-2.3.11-15.el6_6.1.ppc.rpm
freetype-2.3.11-15.el6_6.1.ppc64.rpm
freetype-debuginfo-2.3.11-15.el6_6.1.ppc.rpm
freetype-debuginfo-2.3.11-15.el6_6.1.ppc64.rpm
freetype-devel-2.3.11-15.el6_6.1.ppc.rpm
freetype-devel-2.3.11-15.el6_6.1.ppc64.rpm

s390x:
freetype-2.3.11-15.el6_6.1.s390.rpm
freetype-2.3.11-15.el6_6.1.s390x.rpm
freetype-debuginfo-2.3.11-15.el6_6.1.s390.rpm
freetype-debuginfo-2.3.11-15.el6_6.1.s390x.rpm
freetype-devel-2.3.11-15.el6_6.1.s390.rpm
freetype-devel-2.3.11-15.el6_6.1.s390x.rpm

x86_64:
freetype-2.3.11-15.el6_6.1.i686.rpm
freetype-2.3.11-15.el6_6.1.x86_64.rpm
freetype-debuginfo-2.3.11-15.el6_6.1.i686.rpm
freetype-debuginfo-2.3.11-15.el6_6.1.x86_64.rpm
freetype-devel-2.3.11-15.el6_6.1.i686.rpm
freetype-devel-2.3.11-15.el6_6.1.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386:
freetype-debuginfo-2.3.11-15.el6_6.1.i686.rpm
freetype-demos-2.3.11-15.el6_6.1.i686.rpm

ppc64:
freetype-debuginfo-2.3.11-15.el6_6.1.ppc64.rpm
freetype-demos-2.3.11-15.el6_6.1.ppc64.rpm

s390x:
freetype-debuginfo-2.3.11-15.el6_6.1.s390x.rpm
freetype-demos-2.3.11-15.el6_6.1.s390x.rpm

x86_64:
freetype-debuginfo-2.3.11-15.el6_6.1.x86_64.rpm
freetype-demos-2.3.11-15.el6_6.1.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
freetype-2.3.11-15.el6_6.1.src.rpm

i386:
freetype-2.3.11-15.el6_6.1.i686.rpm
freetype-debuginfo-2.3.11-15.el6_6.1.i686.rpm
freetype-devel-2.3.11-15.el6_6.1.i686.rpm

x86_64:
freetype-2.3.11-15.el6_6.1.i686.rpm
freetype-2.3.11-15.el6_6.1.x86_64.rpm
freetype-debuginfo-2.3.11-15.el6_6.1.i686.rpm
freetype-debuginfo-2.3.11-15.el6_6.1.x86_64.rpm
freetype-devel-2.3.11-15.el6_6.1.i686.rpm
freetype-devel-2.3.11-15.el6_6.1.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386:
freetype-debuginfo-2.3.11-15.el6_6.1.i686.rpm
freetype-demos-2.3.11-15.el6_6.1.i686.rpm

x86_64:
freetype-debuginfo-2.3.11-15.el6_6.1.x86_64.rpm
freetype-demos-2.3.11-15.el6_6.1.x86_64.rpm

Red Hat Enterprise Linux Client (v. 7):

Source:
freetype-2.4.11-10.el7_1.1.src.rpm

x86_64:
freetype-2.4.11-10.el7_1.1.i686.rpm
freetype-2.4.11-10.el7_1.1.x86_64.rpm
freetype-debuginfo-2.4.11-10.el7_1.1.i686.rpm
freetype-debuginfo-2.4.11-10.el7_1.1.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:
freetype-debuginfo-2.4.11-10.el7_1.1.i686.rpm
freetype-debuginfo-2.4.11-10.el7_1.1.x86_64.rpm
freetype-demos-2.4.11-10.el7_1.1.x86_64.rpm
freetype-devel-2.4.11-10.el7_1.1.i686.rpm
freetype-devel-2.4.11-10.el7_1.1.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
freetype-2.4.11-10.el7_1.1.src.rpm

x86_64:
freetype-2.4.11-10.el7_1.1.i686.rpm
freetype-2.4.11-10.el7_1.1.x86_64.rpm
freetype-debuginfo-2.4.11-10.el7_1.1.i686.rpm
freetype-debuginfo-2.4.11-10.el7_1.1.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64:
freetype-debuginfo-2.4.11-10.el7_1.1.i686.rpm
freetype-debuginfo-2.4.11-10.el7_1.1.x86_64.rpm
freetype-demos-2.4.11-10.el7_1.1.x86_64.rpm
freetype-devel-2.4.11-10.el7_1.1.i686.rpm
freetype-devel-2.4.11-10.el7_1.1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
freetype-2.4.11-10.el7_1.1.src.rpm

ppc64:
freetype-2.4.11-10.el7_1.1.ppc.rpm
freetype-2.4.11-10.el7_1.1.ppc64.rpm
freetype-debuginfo-2.4.11-10.el7_1.1.ppc.rpm
freetype-debuginfo-2.4.11-10.el7_1.1.ppc64.rpm
freetype-devel-2.4.11-10.el7_1.1.ppc.rpm
freetype-devel-2.4.11-10.el7_1.1.ppc64.rpm

s390x:
freetype-2.4.11-10.el7_1.1.s390.rpm
freetype-2.4.11-10.el7_1.1.s390x.rpm
freetype-debuginfo-2.4.11-10.el7_1.1.s390.rpm
freetype-debuginfo-2.4.11-10.el7_1.1.s390x.rpm
freetype-devel-2.4.11-10.el7_1.1.s390.rpm
freetype-devel-2.4.11-10.el7_1.1.s390x.rpm

x86_64:
freetype-2.4.11-10.el7_1.1.i686.rpm
freetype-2.4.11-10.el7_1.1.x86_64.rpm
freetype-debuginfo-2.4.11-10.el7_1.1.i686.rpm
freetype-debuginfo-2.4.11-10.el7_1.1.x86_64.rpm
freetype-devel-2.4.11-10.el7_1.1.i686.rpm
freetype-devel-2.4.11-10.el7_1.1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
freetype-2.4.11-10.ael7b_1.1.src.rpm

ppc64le:
freetype-2.4.11-10.ael7b_1.1.ppc64le.rpm
freetype-debuginfo-2.4.11-10.ael7b_1.1.ppc64le.rpm
freetype-devel-2.4.11-10.ael7b_1.1.ppc64le.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64:
freetype-debuginfo-2.4.11-10.el7_1.1.ppc64.rpm
freetype-demos-2.4.11-10.el7_1.1.ppc64.rpm

s390x:
freetype-debuginfo-2.4.11-10.el7_1.1.s390x.rpm
freetype-demos-2.4.11-10.el7_1.1.s390x.rpm

x86_64:
freetype-debuginfo-2.4.11-10.el7_1.1.x86_64.rpm
freetype-demos-2.4.11-10.el7_1.1.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64le:
freetype-debuginfo-2.4.11-10.ael7b_1.1.ppc64le.rpm
freetype-demos-2.4.11-10.ael7b_1.1.ppc64le.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
freetype-2.4.11-10.el7_1.1.src.rpm

x86_64:
freetype-2.4.11-10.el7_1.1.i686.rpm
freetype-2.4.11-10.el7_1.1.x86_64.rpm
freetype-debuginfo-2.4.11-10.el7_1.1.i686.rpm
freetype-debuginfo-2.4.11-10.el7_1.1.x86_64.rpm
freetype-devel-2.4.11-10.el7_1.1.i686.rpm
freetype-devel-2.4.11-10.el7_1.1.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:
freetype-debuginfo-2.4.11-10.el7_1.1.x86_64.rpm
freetype-demos-2.4.11-10.el7_1.1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2014-9657
https://access.redhat.com/security/cve/CVE-2014-9658
https://access.redhat.com/security/cve/CVE-2014-9660
https://access.redhat.com/security/cve/CVE-2014-9661
https://access.redhat.com/security/cve/CVE-2014-9663
https://access.redhat.com/security/cve/CVE-2014-9664
https://access.redhat.com/security/cve/CVE-2014-9667
https://access.redhat.com/security/cve/CVE-2014-9669
https://access.redhat.com/security/cve/CVE-2014-9670
https://access.redhat.com/security/cve/CVE-2014-9671
https://access.redhat.com/security/cve/CVE-2014-9673
https://access.redhat.com/security/cve/CVE-2014-9674
https://access.redhat.com/security/cve/CVE-2014-9675
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFVCQSFXlSAg2UNWIIRAi09AKCi+NdbNftG8xgFCLHnIYGfonayfwCfbP5t
ZzKu+VCPF8dY67ybuIOxMyk=
=d2k2
-----END PGP SIGNATURE-----


--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
Login or Register to add favorites

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close