mingw-freetype-2.8-3.el8_10.1

エラータID: AXSA:2025-9969:01

リリース日: 
2025/05/30 Friday - 13:31
題名: 
mingw-freetype-2.8-3.el8_10.1
影響のあるチャネル: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

MinGW Windows Freetype library.

Security Fix(es):

freetype: OOB write when attempting to parse font subglyph structures
related to TrueType GX and variable font files (CVE-2025-27363)
libsoup: Integer overflow in append_param_quoted (CVE-2025-32050)
libsoup: Heap buffer overflow in sniff_unknown() (CVE-2025-32052)
libsoup: Heap buffer overflows in sniff_feed_or_html() and
skip_insignificant_space() (CVE-2025-32053)
libsoup: Out of bounds reads in soup_headers_parse_request()
(CVE-2025-32906)
libsoup: Denial of service in server when client requests a large amount of
overlapping ranges with Range header (CVE-2025-32907)
libsoup: NULL Pointer Dereference on libsoup through function "sniff_mp4" in
soup-content-sniffer.c (CVE-2025-32909)
libsoup: Null pointer deference on libsoup via /auth/soup-auth-digest.c
through "soup_auth_digest_authenticate" on client when server omits the "realm"
parameter in an Unauthorized response with Digest authentication
(CVE-2025-32910)
libsoup: Double free on soup_message_headers_get_content_disposition()
through "soup-message-headers.c" via "params" GHashTable value (CVE-2025-32911)
libsoup: NULL pointer dereference in
soup_message_headers_get_content_disposition when "filename" parameter is
present, but has no value in Content-Disposition header (CVE-2025-32913)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

CVE(s):
CVE-2025-27363
CVE-2025-32050
CVE-2025-32052
CVE-2025-32053
CVE-2025-32906
CVE-2025-32907
CVE-2025-32909
CVE-2025-32910
CVE-2025-32911
CVE-2025-32913

解決策: 

Update packages.

CVE: 
CVE-2025-27363
An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.
CVE-2025-32050
A flaw was found in libsoup. The libsoup append_param_quoted() function may contain an overflow bug resulting in a buffer under-read.
CVE-2025-32052
A flaw was found in libsoup. A vulnerability in the sniff_unknown() function may lead to heap buffer over-read.
CVE-2025-32053
A flaw was found in libsoup. A vulnerability in sniff_feed_or_html() and skip_insignificant_space() functions may lead to a heap buffer over-read.
CVE-2025-32906
A flaw was found in libsoup, where the soup_headers_parse_request() function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use a specially crafted HTTP request to crash the HTTP server.
CVE-2025-32907
A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. This does not allow for a full denial of service.
CVE-2025-32909
A flaw was found in libsoup. SoupContentSniffer may be vulnerable to a NULL pointer dereference in the sniff_mp4 function. The HTTP server may cause the libsoup client to crash.
CVE-2025-32910
A flaw was found in libsoup, where soup_auth_digest_authenticate() is vulnerable to a NULL pointer dereference. This issue may cause the libsoup client to crash.
CVE-2025-32911
A use-after-free type vulnerability was found in libsoup, in the soup_message_headers_get_content_disposition() function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server.
CVE-2025-32913
A flaw was found in libsoup, where the soup_message_headers_get_content_disposition() function is vulnerable to a NULL pointer dereference. This flaw allows a malicious HTTP peer to crash a libsoup client or server that uses this function.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. mingw-freetype-2.8-3.el8_10.1.src.rpm
    MD5: 196e20fa03e39135fe37b246c9f52eae
    SHA-256: 464264f714e46d21e5efb2c3ce293c9d1e1b968ea354b87c7f711efd4de23aa3
    Size: 1.81 MB

Asianux Server 8 for x86_64
  1. mingw32-freetype-2.8-3.el8_10.1.noarch.rpm
    MD5: f2c6c350c10ccab84ea509598fb03aa9
    SHA-256: d43d1a7e0adaf3f6cde7ca6ebdefd2ae77dcc9c2964058bca1a3a4814f7237f5
    Size: 477.00 kB
  2. mingw32-freetype-static-2.8-3.el8_10.1.noarch.rpm
    MD5: 3d3cbe2a27422d546ea676e3b449f935
    SHA-256: 9466ca786ae59b0714d6626c7fa286cb37c1ad7609fb7c4d09bf2927f4eb5a6e
    Size: 321.31 kB
  3. mingw64-freetype-2.8-3.el8_10.1.noarch.rpm
    MD5: 1a3484315544b887755c0d1406531b97
    SHA-256: 043bce7a311210297ef3e9d1f41128cef38d9db9b499e96a11331e0f368679b9
    Size: 487.61 kB
  4. mingw64-freetype-static-2.8-3.el8_10.1.noarch.rpm
    MD5: f182d9810479ced71210c9d857092b4e
    SHA-256: 721e01e96bac0da2a0c99c435de7003c5b51af75451f87ae06933ca7760f634d
    Size: 342.10 kB