SciLinux: SLSA-2015:0696-1 Important: freetype Security Issue

Mar 25, 2015 •

LinuxSecurity Advisories

2 - 3 min read

Scientific Large Esm H500

Topics Covered

security advisory critical freetype x86_64 i386 SL6 SL7

Important: freetype security update

Date: Wed, 25 Mar 2015 15:16:21 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux

From: Pat Riehecky 
Subject: Security ERRATA Important: freetype on SL6.x, SL7.x i386/x86_64
MIME-Version: 1.0

Synopsis: Important: freetype security update
Advisory ID: SLSA-2015:0696-1
Issue Date: 2015-03-18
CVE Numbers: CVE-2014-9657
 CVE-2014-9658
 CVE-2014-9660
 CVE-2014-9661
 CVE-2014-9663
 CVE-2014-9664
 CVE-2014-9667
 CVE-2014-9669
 CVE-2014-9670
 CVE-2014-9671
 CVE-2014-9673
 CVE-2014-9674
 CVE-2014-9675
--

Multiple integer overflow flaws and an integer signedness flaw, leading to
heap-based buffer overflows, were found in the way FreeType handled Mac
fonts. If a specially crafted font file was loaded by an application
linked against FreeType, it could cause the application to crash or,
potentially, execute arbitrary code with the privileges of the user
running the application. (CVE-2014-9673, CVE-2014-9674)

Multiple flaws were found in the way FreeType handled fonts in various
formats. If a specially crafted font file was loaded by an application
linked against FreeType, it could cause the application to crash or,
possibly, disclose a portion of the application memory. (CVE-2014-9657,
CVE-2014-9658, CVE-2014-9660, CVE-2014-9661, CVE-2014-9663, CVE-2014-9664,
CVE-2014-9667, CVE-2014-9669, CVE-2014-9670, CVE-2014-9671, CVE-2014-9675)

The X server must be restarted (log out, then log back in) for this update
to take effect.
--

SL6
 x86_64
 freetype-2.3.11-15.el6_6.1.i686.rpm
 freetype-2.3.11-15.el6_6.1.x86_64.rpm
 freetype-debuginfo-2.3.11-15.el6_6.1.i686.rpm
 freetype-debuginfo-2.3.11-15.el6_6.1.x86_64.rpm
 freetype-demos-2.3.11-15.el6_6.1.x86_64.rpm
 freetype-devel-2.3.11-15.el6_6.1.i686.rpm
 freetype-devel-2.3.11-15.el6_6.1.x86_64.rpm
 i386
 freetype-2.3.11-15.el6_6.1.i686.rpm
 freetype-debuginfo-2.3.11-15.el6_6.1.i686.rpm
 freetype-demos-2.3.11-15.el6_6.1.i686.rpm
 freetype-devel-2.3.11-15.el6_6.1.i686.rpm
SL7
 x86_64
 freetype-2.4.11-10.el7_1.1.i686.rpm
 freetype-2.4.11-10.el7_1.1.x86_64.rpm
 freetype-debuginfo-2.4.11-10.el7_1.1.i686.rpm
 freetype-debuginfo-2.4.11-10.el7_1.1.x86_64.rpm
 freetype-demos-2.4.11-10.el7_1.1.x86_64.rpm
 freetype-devel-2.4.11-10.el7_1.1.i686.rpm
 freetype-devel-2.4.11-10.el7_1.1.x86_64.rpm

- Scientific Linux Development Team

Powered By

Linux Security Footer

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Your message here