AXSA:2019-4408:01

Release date: 
Thursday, December 19, 2019 - 00:04
Subject: 
freetype-2.3.11-19.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
Moderate
Description: 

FreeType is a free, high-quality, portable font engine that can open and manage font files. FreeType loads, hints, and renders individual glyphs efficiently.

Security Fix(es):

* freetype: a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c leading to information disclosure (CVE-2015-9381)

* freetype: mishandling ps_parser_skip_PS_token in an FT_New_Memory_Face operation in skip_comment, psaux/psobjs.c, leads to a buffer over-read (CVE-2015-9382)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2015-9381
FreeType before 2.6.1 has a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c.
CVE-2015-9382
FreeType before 2.6.1 has a buffer over-read in skip_comment in psaux/psobjs.c because ps_parser_skip_PS_token is mishandled in an FT_New_Memory_Face operation.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. freetype-2.3.11-19.AXS4.src.rpm
    MD5: 41891feed1df8eeddda8d6a50b20ad31
    SHA-256: 4fdc23bc6bb9d0cbf13eee1feffca42f69686b92f6e2868469ac0f9b2470f9a5
    Size: 1.70 MB

Asianux Server 4 for x86
  1. freetype-2.3.11-19.AXS4.i686.rpm
    MD5: 0bf06ab1ea7dc845bea101dbf8b40d86
    SHA-256: c927641352e17c41195cbcacf4f067dd8a0b4c43cffae643a80d17b1f3dbe6e1
    Size: 364.82 kB
  2. freetype-devel-2.3.11-19.AXS4.i686.rpm
    MD5: 393349b659b9819e0c1a42ccbf47a8eb
    SHA-256: 1c6bd53b1b0a4ffd24dd99f4274014deb4ab311c1faca27e5e545f8d6a8561c0
    Size: 365.08 kB

Asianux Server 4 for x86_64
  1. freetype-2.3.11-19.AXS4.x86_64.rpm
    MD5: fdf5319f85c17ae059c5e6145b84e521
    SHA-256: f7ce1989833609bf54449482dea8223208d69bcbbe96b52d0fa5219402811ae8
    Size: 360.25 kB
  2. freetype-devel-2.3.11-19.AXS4.x86_64.rpm
    MD5: b0fb2c10d608c9092c56078622d69e52
    SHA-256: aabbf2f0f89471b2fb29e6b28743e5a5a07d8d68777284e714be0119336c6f16
    Size: 364.66 kB
  3. freetype-2.3.11-19.AXS4.i686.rpm
    MD5: 0bf06ab1ea7dc845bea101dbf8b40d86
    SHA-256: c927641352e17c41195cbcacf4f067dd8a0b4c43cffae643a80d17b1f3dbe6e1
    Size: 364.82 kB
  4. freetype-devel-2.3.11-19.AXS4.i686.rpm
    MD5: 393349b659b9819e0c1a42ccbf47a8eb
    SHA-256: 1c6bd53b1b0a4ffd24dd99f4274014deb4ab311c1faca27e5e545f8d6a8561c0
    Size: 365.08 kB
Copyright© 2007-2015 Asianux. All rights reserved.