Alerts This Week
Warning Icon 1 697
Alerts This Week
Warning Icon 1 697

Slackware 14.2: SSA:2020-045-02 Moderate: Libpng Memory Corruption

slackware
Calendar Grey May 16, 2017
Dist Slackware Esm H88
Recent updates to the freetype libraries address a critical out-of-bounds write vulnerability affecting multiple versions of the Slackware operating system, thereby improving system security.
New freetype packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue

Summary

Here are the details from the Slackware 14.2 ChangeLog: patches/packages/freetype-2.6.3-i586-2_slack14.2.txz: Rebuilt. This update fixes an out-of-bounds write caused by a heap-based buffer overflow related to the t1_builder_close_contour function in psaux/psobjs.c. For more information, see: https://www.cve.org/CVERecord?id=CVE-2017-8287 (* Security fix *)

Topics%20covered

Topics Covered

security advisory moderate memory corruption slackware freetype

Where Find New Packages

Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/freetype-2.5.5-i486-2_slack13.0.txz
Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/freetype-2.5.5-x86_64-2_slack13.0.txz
Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/freetype-2.5.5-i486-2_slack13.1.txz
Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/freetype-2.5.5-x86_64-2_slack13.1.txz
Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/freetype-2.5.5-i486-2_slack13.37.txz
Updated package fo...

Read the Full Advisory

MD5 Signatures

Slackware 13.0 package: 446731b8fe9d963a92d61fd2b5351fc5 freetype-2.5.5-i486-2_slack13.0.txz
Slackware x86_64 13.0 package: 01625aae45dee3c304411bf1fb351316 freetype-2.5.5-x86_64-2_slack13.0.txz
Slackware 13.1 package: 1fb0d01a3a97f668223a8d285d99ea9f freetype-2.5.5-i486-2_slack13.1.txz
Slackware x86_64 13.1 package: b630acf7704287e30cb3cc7c76db8688 freetype-2.5.5-x86_64-2_slack13.1.txz
Slackware 13.37 package: 548427cfb4a056da78898d99c3fda0b8 freetype-2.5.5-i486-2_slack13.37.txz
Slackware x86_64 13.37 package: 798fead16aa8797c2d8d25fe82f8d817 freetype-2.5.5-x86_64-2_slack13.37.txz
Slackware 14.0 package: 395e23508be4295d021457eddf1e5525 freetype-2.5.5-i486-2_slack14.0.txz
Slackware x86_64 14.0 package: 8f26a6a9feba6c8b5c7bb374409b7f28 freetype-2.5.5-x86_64-2_slack14.0.txz
Slackware 14.1 package: 3bb485a17f53b99061958222414c438f freetype-2.5.5-i486-2_slack14.1.txz
Slackware x86_64 14.1 package: c4f9c2fbad18ca30366a2a733286a21c freetype-2.5.5-x86_64-2_slack14.1.txz
Slackware 14.2 package: c0da023da3bb15bf69fbaec8356a1ddf freetype-2.6.3-i586-2_slack14.2.txz
Slackware x86_64 14.2 package: e715d316951b9fbdc607329d04f32f92 freetype-2.6.3-x86_64-2_slack14.2.txz
Slackware -current package: 9373898b5965010dd6e0ecb9740ed162 l/freetype-2.8-i586-1.txz
Slackware x86_64 -current package: 11bdaa38c2ebb311cc0a26795efe021a l/freetype-2.8-x86_64-1.txz

Topics%20covered

Topics Covered

security advisory moderate memory corruption slackware freetype

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Installation Instructions

Installation instructions: Upgrade the package as root: # upgradepkg freetype-2.6.3-i586-2_slack14.2.txz

Related News

Your message here