Advisories » MGASA-2015-0367

Updated freetype2 packages fix security vulnerabilities

Publication date: 13 Sep 2015
Modification date: 13 Sep 2015
Type: security
Affected Mageia releases : 4

Description

Updated freetype2 packages fix security vulnerabilities:

It was discovered that FreeType did not correctly handle certain malformed
font files. If a user were tricked into using a specially crafted font
file, a remote attacker could cause FreeType to crash or hang, resulting in
a denial of service, or possibly expose uninitialized memory
(Savannah bugs 41309 and 41590).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=16739
• http://www.ubuntu.com/usn/usn-2739-1/
• https://savannah.nongnu.org/bugs/?41309
• https://savannah.nongnu.org/bugs/index.php?41590
• http://openwall.com/lists/oss-security/2015/09/11/4

SRPMS

4/core

• freetype2-2.5.0.1-3.4.mga4

4/tainted

• freetype2-2.5.0.1-3.4.mga4.tainted