freetype-2.9.1-4.el8.1

エラータID: AXSA:2021-1386:01

Release date: 
Thursday, February 4, 2021 - 09:42
Subject: 
freetype-2.9.1-4.el8.1
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

FreeType is a free, high-quality, portable font engine that can open and manage font files. FreeType loads, hints, and renders individual glyphs efficiently.

Security Fix(es):

* freetype: Heap-based buffer overflow due to integer truncation in Load_SBit_Png (CVE-2020-15999)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2020-15999
Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Solution: 

Update packages.

CVEs: 
CVE-2020-15999
Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Additional Info: 

N/A

Download: 

SRPMS
  1. freetype-2.9.1-4.el8.1.src.rpm
    MD5: 75367a125d4b1bcfe9e5d350eabc709d
    SHA-256: 8abfe52687297e544f3fbb4b99cdfd7002efd634c5ec35e4b2a1cde34002c557
    Size: 4.14 MB

Asianux Server 8 for x86_64
  1. freetype-2.9.1-4.el8.1.x86_64.rpm
    MD5: b138ba04b6e87154a31160ea913ad486
    SHA-256: 670d7c5480d0442032bc1dc46d7a7fa9207941f0aac6540337c9179befac6938
    Size: 392.48 kB
  2. freetype-devel-2.9.1-4.el8.1.x86_64.rpm
    MD5: ca1423cd7403c27c56ea09b2ab49b835
    SHA-256: 25b2b0e6bfdc87385d1b99006730aa2e955824efcad5f7fc1fd975569c86a920
    Size: 463.06 kB
  3. freetype-2.9.1-4.el8.1.i686.rpm
    MD5: 05d80d1a2e4f0d6006608c469c4d47d3
    SHA-256: 6c45bbc66354ccffc812cf8265f01e9b4621bda31a7a05fbcf31f33b42d77dbd
    Size: 410.09 kB
  4. freetype-devel-2.9.1-4.el8.1.i686.rpm
    MD5: 6cc4af09b2186b50d69e3bb1739b7101
    SHA-256: a526d60673d6389d2653270a2d2c49e8daae54b13c0fb939900f1aa704192462
    Size: 463.08 kB