freetype-2.10.4-9.el9

エラータID: AXSA:2022-4561:02

Release date: 
Tuesday, December 27, 2022 - 09:03
Subject: 
freetype-2.10.4-9.el9
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

FreeType is a free, high-quality, portable font engine that can open and manage font files. FreeType loads, hints, and renders individual glyphs efficiently.

Security Fix(es):

* FreeType: Buffer overflow in sfnt_init_face (CVE-2022-27404)
* FreeType: Segmentation violation via FNT_Size_Request (CVE-2022-27405)
* Freetype: Segmentation violation via FT_Request_Size (CVE-2022-27406)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the MIRACLE LINUX 9.1 Release Notes linked from the References section.

CVE-2022-27404
FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face.
CVE-2022-27405
FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNT_Size_Request.
CVE-2022-27406
FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation violation via the function FT_Request_Size.

Solution: 

Update packages.

CVEs: 
CVE-2022-27404
FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face.
CVE-2022-27405
FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNT_Size_Request.
CVE-2022-27406
FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation violation via the function FT_Request_Size.
Additional Info: 

N/A

Download: 

SRPMS
  1. freetype-2.10.4-9.el9.src.rpm
    MD5: 0190c40b537af5ec59d6d2f6d212a589
    SHA-256: e7c7944038d82c57383cc83de61309608cca271cf3c800eb2f4e26aa4dcf2ef3
    Size: 4.54 MB

Asianux Server 9 for x86_64
  1. freetype-2.10.4-9.el9.x86_64.rpm
    MD5: defb9ee1f404345ea5c3b4df14706788
    SHA-256: f14113c3d64efdd65eecd82eded3eebfda50fa797c6abc7b1384bda60b11bc20
    Size: 387.02 kB
  2. freetype-devel-2.10.4-9.el9.x86_64.rpm
    MD5: 2d8bcb7d6ff22827e70cc078ebe1c2fe
    SHA-256: d8f10bb8374be6292cdd4d0da32db45648a7d09180e9867f41056eb4254dff82
    Size: 1.05 MB
  3. freetype-2.10.4-9.el9.i686.rpm
    MD5: ace56a59f15595ee713ebc50c4b5edfb
    SHA-256: fd2098d54d5eab97c0d7b7d5dca76fcc0e663b8f2697c546a930de566230ad3a
    Size: 395.44 kB
  4. freetype-devel-2.10.4-9.el9.i686.rpm
    MD5: 32259f7409c4e272e03f7aa346760e9d
    SHA-256: cfc6bd85de2e173a98290810bf7fc7069274fc81603a66ee687b84a0f4d823b3
    Size: 1.06 MB