SUSE-RU-2015:1021-1

Опубликовано: 09 июн. 2015

Источник: suse-cvrf

Описание

Recommended update for freetype2

This update for freetype2 adjusts the patch that fixed CVE-2014-9671 for better backwards compatibility.

As the PCF format doesn't have an official specification, we have to exactly follow X11's pcfWriteFont and pcfReadFont functions' behavior.

Список пакетов

SUSE Linux Enterprise Desktop 11 SP3

freetype2-2.3.7-25.35.36.1

freetype2-32bit-2.3.7-25.35.36.1

ft2demos-2.3.7-25.35.36.1

SUSE Linux Enterprise Server 11 SP3

freetype2-2.3.7-25.35.36.1

freetype2-32bit-2.3.7-25.35.36.1

freetype2-x86-2.3.7-25.35.36.1

ft2demos-2.3.7-25.35.36.1

SUSE Linux Enterprise Server 11 SP3-TERADATA

freetype2-2.3.7-25.35.36.1

freetype2-32bit-2.3.7-25.35.36.1

freetype2-x86-2.3.7-25.35.36.1

ft2demos-2.3.7-25.35.36.1

SUSE Linux Enterprise Server for SAP Applications 11 SP3

freetype2-2.3.7-25.35.36.1

freetype2-32bit-2.3.7-25.35.36.1

freetype2-x86-2.3.7-25.35.36.1

ft2demos-2.3.7-25.35.36.1

SUSE Linux Enterprise Software Development Kit 11 SP3

freetype2-devel-2.3.7-25.35.36.1

freetype2-devel-32bit-2.3.7-25.35.36.1

Ссылки

https://www.suse.com/support/update/announcement//suse-ru-20151021-1/
Link for SUSE-RU-2015:1021-1
https://lists.suse.com/pipermail/sle-updates/2015-June/003078.html
E-Mail link for SUSE-RU-2015:1021-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/930711
SUSE Bug 930711
https://www.suse.com/security/cve/CVE-2014-9671/
SUSE CVE CVE-2014-9671 page

Описание

Off-by-one error in the pcf_get_properties function in pcf/pcfread.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PCF file with a 0xffffffff size value that is improperly incremented.

Затронутые продукты

SUSE Linux Enterprise Desktop 11 SP3:freetype2-2.3.7-25.35.36.1

SUSE Linux Enterprise Desktop 11 SP3:freetype2-32bit-2.3.7-25.35.36.1

SUSE Linux Enterprise Desktop 11 SP3:ft2demos-2.3.7-25.35.36.1

SUSE Linux Enterprise Server 11 SP3-TERADATA:freetype2-2.3.7-25.35.36.1

Ссылки

https://www.suse.com/security/cve/CVE-2014-9671.html
CVE-2014-9671
https://bugzilla.suse.com/916872
SUSE Bug 916872
https://bugzilla.suse.com/933247
SUSE Bug 933247

SUSE-RU-2015:1021-1

Описание

Список пакетов

SUSE Linux Enterprise Desktop 11 SP3

SUSE Linux Enterprise Server 11 SP3

SUSE Linux Enterprise Server 11 SP3-TERADATA

SUSE Linux Enterprise Server for SAP Applications 11 SP3

SUSE Linux Enterprise Software Development Kit 11 SP3

Ссылки

Уязвимость: CVE-2014-9671

Описание

Затронутые продукты

Ссылки