| Summary: | fontforge new security issues CVE-2020-5395 and CVE-2020-5496 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | andrewsfarm, nicolas.salguero, sysadmin-bugs, tarazed25 |
| Version: | 7 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA7-64-OK | ||
| Source RPM: | fontforge-20190413-1.mga7.src.rpm | CVE: | CVE-2020-5395, CVE-2020-5496 |
| Status comment: | |||
|
Description
David Walser
2020-01-16 23:59:59 CET
David Walser
2020-01-17 00:00:11 CET
Whiteboard:
(none) =>
MGA7TOO Assigning globally as there is no obvious maintainer. Assignee:
bugsquad =>
pkg-bugs Suggested advisory: ======================== The updated packages fix security vulnerabilities: FontForge 20190801 has a use-after-free in SFD_GetFontMetaData in sfd.c. (CVE-2020-5395) FontForge 20190801 has a heap-based buffer overflow in the Type2NotDefSplines() function in splinesave.c. (CVE-2020-5496) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5395 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5496 http://lists.suse.com/pipermail/sle-security-updates/2020-January/006374.html ======================== Updated packages in core/updates_testing: ======================== fontforge-20190413-1.1.mga7 lib(64)fontforge-devel-20190413-1.1.mga7 from SRPMS: fontforge-20190413-1.1.mga7.src.rpm Version:
Cauldron =>
7 Mageia7, x86_64 Installed the two packages. CVE-2020-5395 https://github.com/fontforge/fontforge/issues/4084 $ fontforge test01.sfd Copyright (c) 2000-2018 by George Williams. See AUTHORS for Contributors. [...] realloc(): invalid pointer Aborted (core dumped) CVE-2020-5496 https://github.com/fontforge/fontforge/issues/4085 $ fontforge -lang ff -c 'Open("test02.sfd"); Generate("test02.otf")' [...] Warning: Font contained no glyphs Number out of range: 2.14748e+09 in type2 output (must be [-65536,65535]) malloc(): invalid next size (unsorted) Aborted (core dumped) Updated fontforge packages. CVE-2020-5395 $ fontforge test01.sfd.gz [...] sh: /data/qa/fontforge/test01.sfd.gz: No such file or directory <Gui launches, accompanied by an error popup "Decompress Failed!"> On OK, a window comes up, displaying the .sfd and .otf files in the current directory. CVE-2020-5496 $ fontforge -lang ff -c 'Open("test02.sfd"); Generate("test02.otf")' [...] Warning: Font contained no glyphs Number out of range: 2.14748e+09 in type2 output (must be [-65536,65535]) <good result> So, both issues have been dealt with. In the absence of any font-building knowledge, I used this to display fonts only. $ fontforge -display :0 gunplay.ttf The Logo screen popped up for a second or two and the individual characters of the font were displayed in a separate window which also contained a menu for tools and options. The View option allows the user to magnify or diminish the displayed characters. Other fonts may be selected via the File option without removing the original window. Tried a few other TTF fonts - all OK. Also, other formats. $ fontforge vibro.pfb Showed Vibrocentric font OK. $ fontforge bchb.pfa Displays CharterBT-Bold. This all looks good so far. CC:
(none) =>
tarazed25 Validating. Advisory in Comment 2. CC:
(none) =>
andrewsfarm, sysadmin-bugs openSUSE has issued an advisory for this on January 22: https://lists.opensuse.org/opensuse-updates/2020-01/msg00090.html (I'd use that in the advisory instead of the SUSE one, not that it matters much) Heeded the note above for the advisory. Keywords:
(none) =>
advisory An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0057.html Resolution:
(none) =>
FIXED |