freetype-2.8-14.el7.1

エラータID: AXSA:2020-868:01

Release date: 
Saturday, November 7, 2020 - 12:29
Subject: 
freetype-2.8-14.el7.1
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

FreeType is a free, high-quality, portable font engine that can open and manage font files. FreeType loads, hints, and renders individual glyphs efficiently.

Security Fix(es):

* freetype: Heap-based buffer overflow due to integer truncation in Load_SBit_Png (CVE-2020-15999)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2020-15999
Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Solution: 

Update packages.

CVEs: 
CVE-2020-15999
Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Additional Info: 

N/A

Download: 

SRPMS
  1. freetype-2.8-14.el7.1.src.rpm
    MD5: 69645a43f5e3d65d3bc6b37b2bc5185d
    SHA-256: eb88b6004a63b50fcfead650fc613e1563bb4c7fac571609dc838c0216989cdd
    Size: 4.08 MB

Asianux Server 7 for x86_64
  1. freetype-2.8-14.el7.1.x86_64.rpm
    MD5: 5b24eb45c5dddadf5871691f5fd8b962
    SHA-256: 4d18a08792852bed85b42a1144d5eb417d3cf1f9cf75eda0a0da9482304a5246
    Size: 379.15 kB
  2. freetype-devel-2.8-14.el7.1.x86_64.rpm
    MD5: 25ee2c394e5bc2b31d5d7658982fbc2b
    SHA-256: 709f0a425457dd2d6563f9a16d6cb3fc468a0b98b91cba9370fe72b1979b2780
    Size: 445.86 kB
  3. freetype-2.8-14.el7.1.i686.rpm
    MD5: 599fdf14044afa7579bc7e5cb374bfc0
    SHA-256: 97838317e6f428e5451cc6be0afc5a37375785061921154298aec02342c19527
    Size: 376.48 kB
  4. freetype-devel-2.8-14.el7.1.i686.rpm
    MD5: bf08909b2c3153b94b68fe18897aaa3c
    SHA-256: f3fc528f22f8901f993b76155f592a55733e4c549e95e8926d412ca23517a74b
    Size: 445.90 kB