Описание
Recommended update for freetype2
This update of freetype2 fixes a regression introduced by the security fix for CVE-2014-9671.
This is not itself a security issue, it just improves on a previous one.
This update is needed for LSB 5 fontconfig usage.
Список пакетов
SUSE Linux Enterprise Desktop 12
ft2demos-2.5.5-7.5.1
libfreetype6-2.5.5-7.5.1
libfreetype6-32bit-2.5.5-7.5.1
SUSE Linux Enterprise Server 12
ft2demos-2.5.5-7.5.1
libfreetype6-2.5.5-7.5.1
libfreetype6-32bit-2.5.5-7.5.1
SUSE Linux Enterprise Server for SAP Applications 12
ft2demos-2.5.5-7.5.1
libfreetype6-2.5.5-7.5.1
libfreetype6-32bit-2.5.5-7.5.1
SUSE Linux Enterprise Software Development Kit 12
freetype2-devel-2.5.5-7.5.1
Ссылки
- Link for SUSE-RU-2015:1239-1
- E-Mail link for SUSE-RU-2015:1239-1
- SUSE Security Ratings
- SUSE Bug 933247
- SUSE CVE CVE-2014-9671 page
Описание
Off-by-one error in the pcf_get_properties function in pcf/pcfread.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PCF file with a 0xffffffff size value that is improperly incremented.
Затронутые продукты
SUSE Linux Enterprise Desktop 12:ft2demos-2.5.5-7.5.1
SUSE Linux Enterprise Desktop 12:libfreetype6-2.5.5-7.5.1
SUSE Linux Enterprise Desktop 12:libfreetype6-32bit-2.5.5-7.5.1
SUSE Linux Enterprise Server 12:ft2demos-2.5.5-7.5.1
Ссылки
- CVE-2014-9671
- SUSE Bug 916872
- SUSE Bug 933247