SUSE-SU-2025:0998-1

Опубликовано: 25 мар. 2025

Источник: suse-cvrf

Описание

Security update for freetype2

This update for freetype2 fixes the following issues:

CVE-2025-27363: Fixed out-of-bounds write when attempting to parse font subglyph structures related to TrueType GX and variable font files (bsc#1239465).

Список пакетов

Container bci/kiwi:latest

libfreetype6-2.10.4-150000.4.18.1

Container bci/openjdk-devel:17

libfreetype6-2.10.4-150000.4.18.1

Container bci/openjdk-devel:latest

libfreetype6-2.10.4-150000.4.18.1

Container bci/openjdk:17

libfreetype6-2.10.4-150000.4.18.1

Container bci/openjdk:latest

libfreetype6-2.10.4-150000.4.18.1

Container containers/open-webui:0

libfreetype6-2.10.4-150000.4.18.1

Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest

libfreetype6-2.10.4-150000.4.18.1

Container suse/nginx:latest

libfreetype6-2.10.4-150000.4.18.1

Container suse/sle-micro-rancher/5.2:latest

libfreetype6-2.10.4-150000.4.18.1

Container suse/sle-micro-rancher/5.3:latest

libfreetype6-2.10.4-150000.4.18.1

Container suse/sle-micro-rancher/5.4:latest

libfreetype6-2.10.4-150000.4.18.1

Container suse/sle-micro/base-5.5:latest

libfreetype6-2.10.4-150000.4.18.1

Image SLES15-SP6

libfreetype6-2.10.4-150000.4.18.1

Image SLES15-SP6-Azure-3P

libfreetype6-2.10.4-150000.4.18.1

Image SLES15-SP6-SAP-Azure-3P

libfreetype6-2.10.4-150000.4.18.1

SUSE Enterprise Storage 7.1

freetype2-devel-2.10.4-150000.4.18.1

ftdump-2.10.4-150000.4.18.1

libfreetype6-2.10.4-150000.4.18.1

libfreetype6-32bit-2.10.4-150000.4.18.1

SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS

freetype2-devel-2.10.4-150000.4.18.1

ftdump-2.10.4-150000.4.18.1

libfreetype6-2.10.4-150000.4.18.1

libfreetype6-32bit-2.10.4-150000.4.18.1

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS

freetype2-devel-2.10.4-150000.4.18.1

ftdump-2.10.4-150000.4.18.1

libfreetype6-2.10.4-150000.4.18.1

libfreetype6-32bit-2.10.4-150000.4.18.1

SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS

freetype2-devel-2.10.4-150000.4.18.1

ftdump-2.10.4-150000.4.18.1

libfreetype6-2.10.4-150000.4.18.1

libfreetype6-32bit-2.10.4-150000.4.18.1

SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS

freetype2-devel-2.10.4-150000.4.18.1

ftdump-2.10.4-150000.4.18.1

libfreetype6-2.10.4-150000.4.18.1

libfreetype6-32bit-2.10.4-150000.4.18.1

SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS

freetype2-devel-2.10.4-150000.4.18.1

ftdump-2.10.4-150000.4.18.1

libfreetype6-2.10.4-150000.4.18.1

libfreetype6-32bit-2.10.4-150000.4.18.1

SUSE Linux Enterprise Micro 5.1

libfreetype6-2.10.4-150000.4.18.1

SUSE Linux Enterprise Micro 5.2

libfreetype6-2.10.4-150000.4.18.1

SUSE Linux Enterprise Micro 5.3

libfreetype6-2.10.4-150000.4.18.1

SUSE Linux Enterprise Micro 5.4

libfreetype6-2.10.4-150000.4.18.1

SUSE Linux Enterprise Micro 5.5

libfreetype6-2.10.4-150000.4.18.1

SUSE Linux Enterprise Module for Basesystem 15 SP6

freetype2-devel-2.10.4-150000.4.18.1

libfreetype6-2.10.4-150000.4.18.1

libfreetype6-32bit-2.10.4-150000.4.18.1

SUSE Linux Enterprise Module for Desktop Applications 15 SP6

ftdump-2.10.4-150000.4.18.1

SUSE Linux Enterprise Server 15 SP3-LTSS

freetype2-devel-2.10.4-150000.4.18.1

ftdump-2.10.4-150000.4.18.1

libfreetype6-2.10.4-150000.4.18.1

libfreetype6-32bit-2.10.4-150000.4.18.1

SUSE Linux Enterprise Server 15 SP4-LTSS

freetype2-devel-2.10.4-150000.4.18.1

ftdump-2.10.4-150000.4.18.1

libfreetype6-2.10.4-150000.4.18.1

libfreetype6-32bit-2.10.4-150000.4.18.1

SUSE Linux Enterprise Server 15 SP5-LTSS

freetype2-devel-2.10.4-150000.4.18.1

ftdump-2.10.4-150000.4.18.1

libfreetype6-2.10.4-150000.4.18.1

libfreetype6-32bit-2.10.4-150000.4.18.1

SUSE Linux Enterprise Server for SAP Applications 15 SP3

freetype2-devel-2.10.4-150000.4.18.1

ftdump-2.10.4-150000.4.18.1

libfreetype6-2.10.4-150000.4.18.1

libfreetype6-32bit-2.10.4-150000.4.18.1

SUSE Linux Enterprise Server for SAP Applications 15 SP4

freetype2-devel-2.10.4-150000.4.18.1

ftdump-2.10.4-150000.4.18.1

libfreetype6-2.10.4-150000.4.18.1

libfreetype6-32bit-2.10.4-150000.4.18.1

SUSE Linux Enterprise Server for SAP Applications 15 SP5

freetype2-devel-2.10.4-150000.4.18.1

ftdump-2.10.4-150000.4.18.1

libfreetype6-2.10.4-150000.4.18.1

libfreetype6-32bit-2.10.4-150000.4.18.1

SUSE Manager Proxy 4.3

freetype2-devel-2.10.4-150000.4.18.1

libfreetype6-2.10.4-150000.4.18.1

libfreetype6-32bit-2.10.4-150000.4.18.1

SUSE Manager Server 4.3

freetype2-devel-2.10.4-150000.4.18.1

libfreetype6-2.10.4-150000.4.18.1

libfreetype6-32bit-2.10.4-150000.4.18.1

openSUSE Leap 15.6

freetype2-devel-2.10.4-150000.4.18.1

freetype2-devel-32bit-2.10.4-150000.4.18.1

freetype2-profile-tti35-2.10.4-150000.4.18.1

ft2demos-2.10.4-150000.4.18.1

ftbench-2.10.4-150000.4.18.1

ftdiff-2.10.4-150000.4.18.1

ftdump-2.10.4-150000.4.18.1

ftgamma-2.10.4-150000.4.18.1

ftgrid-2.10.4-150000.4.18.1

ftinspect-2.10.4-150000.4.18.1

ftlint-2.10.4-150000.4.18.1

ftmulti-2.10.4-150000.4.18.1

ftstring-2.10.4-150000.4.18.1

ftvalid-2.10.4-150000.4.18.1

ftview-2.10.4-150000.4.18.1

libfreetype6-2.10.4-150000.4.18.1

libfreetype6-32bit-2.10.4-150000.4.18.1

Ссылки

https://www.suse.com/support/update/announcement/2025/suse-su-20250998-1/
Link for SUSE-SU-2025:0998-1
https://lists.suse.com/pipermail/sle-security-updates/2025-March/020586.html
E-Mail link for SUSE-SU-2025:0998-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1239465
SUSE Bug 1239465
https://www.suse.com/security/cve/CVE-2025-27363/
SUSE CVE CVE-2025-27363 page

Описание

An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.

Затронутые продукты

Container bci/kiwi:latest:libfreetype6-2.10.4-150000.4.18.1

Container bci/openjdk-devel:17:libfreetype6-2.10.4-150000.4.18.1

Container bci/openjdk-devel:latest:libfreetype6-2.10.4-150000.4.18.1

Container bci/openjdk:17:libfreetype6-2.10.4-150000.4.18.1

Ссылки

https://www.suse.com/security/cve/CVE-2025-27363.html
CVE-2025-27363
https://bugzilla.suse.com/1239465
SUSE Bug 1239465

SUSE-SU-2025:0998-1

Описание

Список пакетов

Container bci/kiwi:latest

Container bci/openjdk-devel:17

Container bci/openjdk-devel:latest

Container bci/openjdk:17

Container bci/openjdk:latest

Container containers/open-webui:0

Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest

Container suse/nginx:latest

Container suse/sle-micro-rancher/5.2:latest

Container suse/sle-micro-rancher/5.3:latest

Container suse/sle-micro-rancher/5.4:latest

Container suse/sle-micro/base-5.5:latest

Image SLES15-SP6

Image SLES15-SP6-Azure-3P

Image SLES15-SP6-SAP-Azure-3P

SUSE Enterprise Storage 7.1

SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS

SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS

SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS

SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS

SUSE Linux Enterprise Micro 5.1

SUSE Linux Enterprise Micro 5.2

SUSE Linux Enterprise Micro 5.3

SUSE Linux Enterprise Micro 5.4

SUSE Linux Enterprise Micro 5.5

SUSE Linux Enterprise Module for Basesystem 15 SP6

SUSE Linux Enterprise Module for Desktop Applications 15 SP6

SUSE Linux Enterprise Server 15 SP3-LTSS

SUSE Linux Enterprise Server 15 SP4-LTSS

SUSE Linux Enterprise Server 15 SP5-LTSS

SUSE Linux Enterprise Server for SAP Applications 15 SP3

SUSE Linux Enterprise Server for SAP Applications 15 SP4

SUSE Linux Enterprise Server for SAP Applications 15 SP5

SUSE Manager Proxy 4.3

SUSE Manager Server 4.3

openSUSE Leap 15.6

Ссылки

Уязвимость: CVE-2025-27363

Описание

Затронутые продукты

Ссылки