Stay Connected:

OVMSA-2015-0036

OVMSA-2015-0036 - freetype security update

Type:SECURITY
Severity:IMPORTANT
Release Date:2015-03-18

Description


[2.3.11-15.el6_6.1]
- Fixes CVE-2014-9657
- Check minimum size of record_size.
- Fixes CVE-2014-9658
- Use correct value for minimum table length test.
- Fixes CVE-2014-9675
- New macro that checks one character more than strncmp.
- Fixes CVE-2014-9660
- Check _BDF_GLYPH_BITS.
- Fixes CVE-2014-9661
- Initialize face->ttf_size.
- Always set face->ttf_size directly.
- Exclusively use the truetype font driver for loading
the font contained in the sfnts array.
- Fixes CVE-2014-9663
- Fix order of validity tests.
- Fixes CVE-2014-9664
- Add another boundary testing.
- Fix boundary testing.
- Fixes CVE-2014-9667
- Protect against addition overflow.
- Fixes CVE-2014-9669
- Protect against overflow in additions and multiplications.
- Fixes CVE-2014-9670
- Add sanity checks for row and column values.
- Fixes CVE-2014-9671
- Check size and offset values.
- Fixes CVE-2014-9673
- Fix integer overflow by a broken POST table in resource-fork.
- Fixes CVE-2014-9674
- Fix integer overflow by a broken POST table in resource-fork.
- Additional overflow check in the summation of POST fragment lengths.
- Work around behaviour of X11s pcfWriteFont and pcfReadFont functions
- Resolves: #1197737

[2.3.11-15]
- Fix CVE-2012-5669
(Use correct array size for checking glyph_enc)
- Resolves: #903543


Related CVEs


CVE-2014-9657
CVE-2014-9658
CVE-2014-9660
CVE-2014-9661
CVE-2014-9663
CVE-2014-9664
CVE-2014-9667
CVE-2014-9669
CVE-2014-9670
CVE-2014-9671
CVE-2014-9673
CVE-2014-9674
CVE-2014-9675

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle VM 3.3 (x86_64) freetype-2.3.11-15.el6_6.1.src.rpm7227331a451e5b7afdd5b4b2ea74d0a6OVMSA-2020-0001
freetype-2.3.11-15.el6_6.1.x86_64.rpm543a3d41a1f3b45b9b928cbe09260f41OVMSA-2020-0001
Oracle VM 3.4 (x86_64) freetype-2.3.11-15.el6_6.1.src.rpm7227331a451e5b7afdd5b4b2ea74d0a6OVMSA-2020-0001
freetype-2.3.11-15.el6_6.1.x86_64.rpm543a3d41a1f3b45b9b928cbe09260f41OVMSA-2020-0001



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete
Subscribe | Careers | Contact Us | Legal Notices | Terms of Use | Your Privacy Rights