stable

freetype-2.5.3-15.fc21

FEDORA-2015-2237 created by mkasik 9 years ago for Fedora 21

This update fixes several security issues.

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2015-2237

This update has been submitted for testing by mkasik.

9 years ago

Taskotron: depcheck test PASSED on x86_64. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/38303/steps/runtask/logs/stdio (results are informative only)

Taskotron: depcheck test PASSED on i386. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/38310/steps/runtask/logs/stdio (results are informative only)

This update is currently being pushed to the Fedora 21 testing updates repository.

9 years ago

This update has been pushed to testing

9 years ago
User Icon hreindl commented & provided feedback 9 years ago
karma

works for me

Critical path update approved

9 years ago
User Icon nonamedotc commented & provided feedback 9 years ago
karma

no font breakages noticed

User Icon yuwata commented & provided feedback 9 years ago
karma

Works for me

This update has reached the stable karma threshold and will be pushed to the stable updates repository

9 years ago

Taskotron: upgradepath test PASSED on noarch. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/39151/steps/runtask/logs/stdio (results are informative only)

This update is currently being pushed to the Fedora 21 stable updates repository.

9 years ago

This update has been pushed to stable

9 years ago

Please login to add feedback.

Metadata
Type
security
Karma
3
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
9 years ago
in testing
9 years ago
in stable
9 years ago
BZ#1191078 CVE-2014-9656 freetype: integer underflow in the tt_sbit_decoder_load_image()
0
0
BZ#1191079 CVE-2014-9657 freetype: off-by-one buffer over-read in tt_face_load_hdmx()
0
0
BZ#1191080 CVE-2014-9658 freetype: DoS in the tt_face_load_kern function in sfnt/ttkern.c
0
0
BZ#1191081 CVE-2014-9659 freetype: stack-based buffer overflow in cff/cf2intrp.c in the CFF CharString interpreter
0
0
BZ#1191082 CVE-2014-9660 freetype: NULL pointer dereference in the _bdf_parse_glyphs function in bdf/bdflib.c
0
0
BZ#1191083 CVE-2014-9661 freetype: use-after-free in type42/t42parse.c
0
0
BZ#1191084 CVE-2014-9662 freetype: heap-based buffer overflow in cff/cf2ft.c
0
0
BZ#1191085 CVE-2014-9663 freetype: out-of-bounds read in the tt_cmap4_validate function in sfnt/ttcmap.c
0
0
BZ#1191086 CVE-2014-9664 freetype: out-of-bounds read via a crafted Type42 font
0
0
BZ#1191087 CVE-2014-9665 freetype: integer overflow and heap-based buffer overflow in the Load_SBit_Png function in sfnt/pngshim.c
0
0
BZ#1191089 CVE-2014-9666 freetype: integer overflow and out-of-bounds read in the tt_sbit_decoder_init function in sfnt/ttsbit.c
0
0
BZ#1191090 CVE-2014-9667 freetype: integer overflow and out-of-bounds read in sfnt/ttload.c
0
0
BZ#1191091 CVE-2014-9668 freetype: integer overflow and heap-based buffer overflow in the woff_open_font function in sfnt/sfobjs.c
0
0
BZ#1191092 CVE-2014-9669 freetype: Multiple integer overflows in sfnt/ttcmap.c
0
0
BZ#1191093 CVE-2014-9670 freetype: Multiple integer signedness errors in the pcf_get_encodings function inpcf/pcfread.c
0
0
BZ#1191099 CVE-2014-9656 CVE-2014-9657 CVE-2014-9661 CVE-2014-9660 CVE-2014-9667 CVE-2014-9666 CVE-2014-9665 CVE-2014-9664 CVE-2014-9669 CVE-2014-9668 CVE-2014-9662 CVE-2014-9658 CVE-2014-9659 CVE-2014-9663 CVE-2014-9670 freetype: various flaws [fedora-all]
0
0
BZ#1191190 CVE-2014-9674 freetype: integer overflow and heap-based buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c
0
0
BZ#1191191 CVE-2014-9674 freetype: integer overflow and heap-based buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c [fedora-all]
0
0
BZ#1191192 CVE-2014-9675 freetype: bypass the ASLR protection mechanism via a crafted BDF font
0
0
BZ#1191193 CVE-2014-9675 freetype: bypass the ASLR protection mechanism via a crafted BDF font [fedora-all]
0
0

Automated Test Results