Advisories » MGASA-2014-0526

Updated freetype2 packages fix security vulnerability

Publication date: 13 Dec 2014
Modification date: 13 Dec 2014
Type: security
Affected Mageia releases : 4

Description

Updated freetype2 packages fix security vulnerability:

It was reported that Freetype before 2.5.4 suffers from an out-of-bounds
stack-based read/write flaw in cf2_hintmap_build() in the CFF rasterizing
code, which could lead to a buffer overflow.  This is due to an incomplete
fix for CVE-2014-2240.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=14771
• http://sourceforge.net/projects/freetype/files/freetype2/2.5.4/
• http://advisories.mageia.org/MGASA-2014-0130.html

SRPMS

4/tainted

• freetype2-2.5.0.1-3.2.mga4.tainted

4/core

• freetype2-2.5.0.1-3.2.mga4