RedHat: RHSA-2015-0696:01 Important: freetype security update
Summary
FreeType is a free, high-quality, portable font engine that can open and
manage font files. It also loads, hints, and renders individual glyphs
efficiently.
Multiple integer overflow flaws and an integer signedness flaw, leading to
heap-based buffer overflows, were found in the way FreeType handled Mac
fonts. If a specially crafted font file was loaded by an application linked
against FreeType, it could cause the application to crash or, potentially,
execute arbitrary code with the privileges of the user running the
application. (CVE-2014-9673, CVE-2014-9674)
Multiple flaws were found in the way FreeType handled fonts in various
formats. If a specially crafted font file was loaded by an application
linked against FreeType, it could cause the application to crash or,
possibly, disclose a portion of the application memory. (CVE-2014-9657,
CVE-2014-9658, CVE-2014-9660, CVE-2014-9661, CVE-2014-9663, CVE-2014-9664,
CVE-2014-9667, CVE-2014-9669, CVE-2014-9670, CVE-2014-9671, CVE-2014-9675)
All freetype users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. The X server must be
restarted (log out, then log back in) for this update to take effect.
Summary
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
References
https://access.redhat.com/security/cve/CVE-2014-9657 https://access.redhat.com/security/cve/CVE-2014-9658 https://access.redhat.com/security/cve/CVE-2014-9660 https://access.redhat.com/security/cve/CVE-2014-9661 https://access.redhat.com/security/cve/CVE-2014-9663 https://access.redhat.com/security/cve/CVE-2014-9664 https://access.redhat.com/security/cve/CVE-2014-9667 https://access.redhat.com/security/cve/CVE-2014-9669 https://access.redhat.com/security/cve/CVE-2014-9670 https://access.redhat.com/security/cve/CVE-2014-9671 https://access.redhat.com/security/cve/CVE-2014-9673 https://access.redhat.com/security/cve/CVE-2014-9674 https://access.redhat.com/security/cve/CVE-2014-9675 https://access.redhat.com/security/updates/classification/#important
Package List
Red Hat Enterprise Linux Desktop (v. 6):
Source:
freetype-2.3.11-15.el6_6.1.src.rpm
i386:
freetype-2.3.11-15.el6_6.1.i686.rpm
freetype-debuginfo-2.3.11-15.el6_6.1.i686.rpm
x86_64:
freetype-2.3.11-15.el6_6.1.i686.rpm
freetype-2.3.11-15.el6_6.1.x86_64.rpm
freetype-debuginfo-2.3.11-15.el6_6.1.i686.rpm
freetype-debuginfo-2.3.11-15.el6_6.1.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386:
freetype-debuginfo-2.3.11-15.el6_6.1.i686.rpm
freetype-demos-2.3.11-15.el6_6.1.i686.rpm
freetype-devel-2.3.11-15.el6_6.1.i686.rpm
x86_64:
freetype-debuginfo-2.3.11-15.el6_6.1.i686.rpm
freetype-debuginfo-2.3.11-15.el6_6.1.x86_64.rpm
freetype-demos-2.3.11-15.el6_6.1.x86_64.rpm
freetype-devel-2.3.11-15.el6_6.1.i686.rpm
freetype-devel-2.3.11-15.el6_6.1.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source:
freetype-2.3.11-15.el6_6.1.src.rpm
x86_64:
freetype-2.3.11-15.el6_6.1.i686.rpm
freetype-2.3.11-15.el6_6.1.x86_64.rpm
freetype-debuginfo-2.3.11-15.el6_6.1.i686.rpm
freetype-debuginfo-2.3.11-15.el6_6.1.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64:
freetype-debuginfo-2.3.11-15.el6_6.1.i686.rpm
freetype-debuginfo-2.3.11-15.el6_6.1.x86_64.rpm
freetype-demos-2.3.11-15.el6_6.1.x86_64.rpm
freetype-devel-2.3.11-15.el6_6.1.i686.rpm
freetype-devel-2.3.11-15.el6_6.1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source:
freetype-2.3.11-15.el6_6.1.src.rpm
i386:
freetype-2.3.11-15.el6_6.1.i686.rpm
freetype-debuginfo-2.3.11-15.el6_6.1.i686.rpm
freetype-devel-2.3.11-15.el6_6.1.i686.rpm
ppc64:
freetype-2.3.11-15.el6_6.1.ppc.rpm
freetype-2.3.11-15.el6_6.1.ppc64.rpm
freetype-debuginfo-2.3.11-15.el6_6.1.ppc.rpm
freetype-debuginfo-2.3.11-15.el6_6.1.ppc64.rpm
freetype-devel-2.3.11-15.el6_6.1.ppc.rpm
freetype-devel-2.3.11-15.el6_6.1.ppc64.rpm
s390x:
freetype-2.3.11-15.el6_6.1.s390.rpm
freetype-2.3.11-15.el6_6.1.s390x.rpm
freetype-debuginfo-2.3.11-15.el6_6.1.s390.rpm
freetype-debuginfo-2.3.11-15.el6_6.1.s390x.rpm
freetype-devel-2.3.11-15.el6_6.1.s390.rpm
freetype-devel-2.3.11-15.el6_6.1.s390x.rpm
x86_64:
freetype-2.3.11-15.el6_6.1.i686.rpm
freetype-2.3.11-15.el6_6.1.x86_64.rpm
freetype-debuginfo-2.3.11-15.el6_6.1.i686.rpm
freetype-debuginfo-2.3.11-15.el6_6.1.x86_64.rpm
freetype-devel-2.3.11-15.el6_6.1.i686.rpm
freetype-devel-2.3.11-15.el6_6.1.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386:
freetype-debuginfo-2.3.11-15.el6_6.1.i686.rpm
freetype-demos-2.3.11-15.el6_6.1.i686.rpm
ppc64:
freetype-debuginfo-2.3.11-15.el6_6.1.ppc64.rpm
freetype-demos-2.3.11-15.el6_6.1.ppc64.rpm
s390x:
freetype-debuginfo-2.3.11-15.el6_6.1.s390x.rpm
freetype-demos-2.3.11-15.el6_6.1.s390x.rpm
x86_64:
freetype-debuginfo-2.3.11-15.el6_6.1.x86_64.rpm
freetype-demos-2.3.11-15.el6_6.1.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source:
freetype-2.3.11-15.el6_6.1.src.rpm
i386:
freetype-2.3.11-15.el6_6.1.i686.rpm
freetype-debuginfo-2.3.11-15.el6_6.1.i686.rpm
freetype-devel-2.3.11-15.el6_6.1.i686.rpm
x86_64:
freetype-2.3.11-15.el6_6.1.i686.rpm
freetype-2.3.11-15.el6_6.1.x86_64.rpm
freetype-debuginfo-2.3.11-15.el6_6.1.i686.rpm
freetype-debuginfo-2.3.11-15.el6_6.1.x86_64.rpm
freetype-devel-2.3.11-15.el6_6.1.i686.rpm
freetype-devel-2.3.11-15.el6_6.1.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386:
freetype-debuginfo-2.3.11-15.el6_6.1.i686.rpm
freetype-demos-2.3.11-15.el6_6.1.i686.rpm
x86_64:
freetype-debuginfo-2.3.11-15.el6_6.1.x86_64.rpm
freetype-demos-2.3.11-15.el6_6.1.x86_64.rpm
Red Hat Enterprise Linux Client (v. 7):
Source:
freetype-2.4.11-10.el7_1.1.src.rpm
x86_64:
freetype-2.4.11-10.el7_1.1.i686.rpm
freetype-2.4.11-10.el7_1.1.x86_64.rpm
freetype-debuginfo-2.4.11-10.el7_1.1.i686.rpm
freetype-debuginfo-2.4.11-10.el7_1.1.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64:
freetype-debuginfo-2.4.11-10.el7_1.1.i686.rpm
freetype-debuginfo-2.4.11-10.el7_1.1.x86_64.rpm
freetype-demos-2.4.11-10.el7_1.1.x86_64.rpm
freetype-devel-2.4.11-10.el7_1.1.i686.rpm
freetype-devel-2.4.11-10.el7_1.1.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source:
freetype-2.4.11-10.el7_1.1.src.rpm
x86_64:
freetype-2.4.11-10.el7_1.1.i686.rpm
freetype-2.4.11-10.el7_1.1.x86_64.rpm
freetype-debuginfo-2.4.11-10.el7_1.1.i686.rpm
freetype-debuginfo-2.4.11-10.el7_1.1.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64:
freetype-debuginfo-2.4.11-10.el7_1.1.i686.rpm
freetype-debuginfo-2.4.11-10.el7_1.1.x86_64.rpm
freetype-demos-2.4.11-10.el7_1.1.x86_64.rpm
freetype-devel-2.4.11-10.el7_1.1.i686.rpm
freetype-devel-2.4.11-10.el7_1.1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
freetype-2.4.11-10.el7_1.1.src.rpm
ppc64:
freetype-2.4.11-10.el7_1.1.ppc.rpm
freetype-2.4.11-10.el7_1.1.ppc64.rpm
freetype-debuginfo-2.4.11-10.el7_1.1.ppc.rpm
freetype-debuginfo-2.4.11-10.el7_1.1.ppc64.rpm
freetype-devel-2.4.11-10.el7_1.1.ppc.rpm
freetype-devel-2.4.11-10.el7_1.1.ppc64.rpm
s390x:
freetype-2.4.11-10.el7_1.1.s390.rpm
freetype-2.4.11-10.el7_1.1.s390x.rpm
freetype-debuginfo-2.4.11-10.el7_1.1.s390.rpm
freetype-debuginfo-2.4.11-10.el7_1.1.s390x.rpm
freetype-devel-2.4.11-10.el7_1.1.s390.rpm
freetype-devel-2.4.11-10.el7_1.1.s390x.rpm
x86_64:
freetype-2.4.11-10.el7_1.1.i686.rpm
freetype-2.4.11-10.el7_1.1.x86_64.rpm
freetype-debuginfo-2.4.11-10.el7_1.1.i686.rpm
freetype-debuginfo-2.4.11-10.el7_1.1.x86_64.rpm
freetype-devel-2.4.11-10.el7_1.1.i686.rpm
freetype-devel-2.4.11-10.el7_1.1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
freetype-2.4.11-10.ael7b_1.1.src.rpm
ppc64le:
freetype-2.4.11-10.ael7b_1.1.ppc64le.rpm
freetype-debuginfo-2.4.11-10.ael7b_1.1.ppc64le.rpm
freetype-devel-2.4.11-10.ael7b_1.1.ppc64le.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64:
freetype-debuginfo-2.4.11-10.el7_1.1.ppc64.rpm
freetype-demos-2.4.11-10.el7_1.1.ppc64.rpm
s390x:
freetype-debuginfo-2.4.11-10.el7_1.1.s390x.rpm
freetype-demos-2.4.11-10.el7_1.1.s390x.rpm
x86_64:
freetype-debuginfo-2.4.11-10.el7_1.1.x86_64.rpm
freetype-demos-2.4.11-10.el7_1.1.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64le:
freetype-debuginfo-2.4.11-10.ael7b_1.1.ppc64le.rpm
freetype-demos-2.4.11-10.ael7b_1.1.ppc64le.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source:
freetype-2.4.11-10.el7_1.1.src.rpm
x86_64:
freetype-2.4.11-10.el7_1.1.i686.rpm
freetype-2.4.11-10.el7_1.1.x86_64.rpm
freetype-debuginfo-2.4.11-10.el7_1.1.i686.rpm
freetype-debuginfo-2.4.11-10.el7_1.1.x86_64.rpm
freetype-devel-2.4.11-10.el7_1.1.i686.rpm
freetype-devel-2.4.11-10.el7_1.1.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64:
freetype-debuginfo-2.4.11-10.el7_1.1.x86_64.rpm
freetype-demos-2.4.11-10.el7_1.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
Topic
Updated freetype packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 6 and 7.Red Hat Product Security has rated this update as having Important securityimpact. Common Vulnerability Scoring System (CVSS) base scores, which givedetailed severity ratings, are available for each vulnerability from theCVE links in the References section.
Topic
Relevant Releases Architectures
Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
Bugs Fixed
1191079 - CVE-2014-9657 freetype: off-by-one buffer over-read in tt_face_load_hdmx()
1191080 - CVE-2014-9658 freetype: buffer over-read and integer underflow in tt_face_load_kern()
1191082 - CVE-2014-9660 freetype: missing ENDCHAR NULL pointer dereference in the _bdf_parse_glyphs()
1191083 - CVE-2014-9661 freetype: out of bounds read in Type42 font parser
1191085 - CVE-2014-9663 freetype: out-of-bounds read in tt_cmap4_validate()
1191086 - CVE-2014-9664 freetype: off-by-one buffer over-read in parse_charstrings() / t42_parse_charstrings()
1191090 - CVE-2014-9667 freetype: integer overflow in tt_face_load_font_dir() leading to out-of-bounds read
1191092 - CVE-2014-9669 freetype: multiple integer overflows leading to buffer over-reads in cmap handling
1191093 - CVE-2014-9670 freetype: integer overflow in pcf_get_encodings() leading to NULL pointer dereference
1191094 - CVE-2014-9671 freetype: integer overflow in pcf_get_properties() leading to NULL pointer dereference
1191096 - CVE-2014-9673 freetype: integer signedness error in Mac_Read_POST_Resource() leading to heap-based buffer overflow
1191190 - CVE-2014-9674 freetype: multiple integer overflows Mac_Read_POST_Resource() leading to heap-based buffer overflows
1191192 - CVE-2014-9675 freetype: information leak in _bdf_add_property()