Ubuntu has issued an advisory on September 10: http://www.ubuntu.com/usn/usn-2739-1/ CVE request: http://openwall.com/lists/oss-security/2015/09/11/4 The issues were fixed upstream early last year, so Mageia 5 is not affected. Patched package uploaded for Mageia 4. Note that there are core and tainted builds for this package. Advisory: ======================== Updated freetype2 packages fix security vulnerabilities: It was discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or hang, resulting in a denial of service, or possibly expose uninitialized memory (Savannah bugs 41309 and 41590). References: http://www.ubuntu.com/usn/usn-2739-1/ https://savannah.nongnu.org/bugs/?41309 https://savannah.nongnu.org/bugs/index.php?41590 http://openwall.com/lists/oss-security/2015/09/11/4 ======================== Updated packages in {core,tainted}/updates_testing: ======================== libfreetype6-2.5.0.1-3.4.mga4 libfreetype6-devel-2.5.0.1-3.4.mga4 libfreetype6-static-devel-2.5.0.1-3.4.mga4 freetype2-demos-2.5.0.1-3.4.mga4 from freetype2-2.5.0.1-3.4.mga4.src.rpm Reproducible: Steps to Reproduce:
General tests: https://bugs.mageia.org/show_bug.cgi?id=8497#c7 https://bugs.mageia.org/show_bug.cgi?id=14771
Whiteboard: (none) => has_procedure
Trying this in mga4 x86_64 virtualbox. Could not find the POC files referred to elsewhere so installed the rpms from core updates testing and tried out a few commands involving fonts. Libreoffice writer and xpdf functioned normally with several changes of font in the former. Ran ftbench, ftview and ftstring on some system TTF fonts and those behaved normally. I have no idea if these tests are sufficient. Tainted updates next then i586....
CC: (none) => tarazed25
Installed available packages from tainted updates testing lib64freetype6-2.5.0.1-3.4.mga4.tainted.x86_64 lib64freetype6-static-devel-2.5.0.1-3.4.mga4.tainted.x86_64 lib64freetype6-devel-2.5.0.1-3.4.mga4.tainted.x86_64 freetype2-demos-2.5.0.1-3.4.mga4.tainted.x86_64 ftbench, ftview, ftstring tested with same TTF font files as in comment 2. These returned the same results. xpdf and libreoffice also worked fine. Will give this a pass if somebody could agree that the tests are sufficient.
Looks good Len
64bit OK then. Leaving 32bit until tomorrow.
Whiteboard: has_procedure => has_procedure MGA4-64-OK
Testing in mga4 i586 virtualbox Installed these from core updates testing: libfreetype6-static-devel-2.5.0.1-3.4.mga4.i586 libfreetype6-devel-2.5.0.1-3.4.mga4.i586 libfreetype6-2.5.0.1-3.4.mga4.i586 freetype2-demos-2.5.0.1-3.4.mga4.i586 [lcl@alcor ~]$ ftbench /usr/share/fonts/ttf/western/Bluehigh.ttf Load : 2.248 us/op Load_Advances (Normal) : 2.232 us/op Load_Advances (Fast) : 0.018 us/op Render : 1.900 us/op Get_Glyph : 0.541 us/op Get_CBox : 0.241 us/op Get_Char_Index : 0.018 us/op Iterate CMap : 2.011 us/op New_Face : 10.038 us/op Embolden : 0.145 us/op Get_BBox : 0.486 us/op [lcl@alcor ~]$ ftview 22 /usr/share/fonts/default/ghostscript/VikingStencil.pfb This returned detailed information about the font and example text. [lcl@alcor ~]$ ftstring 19 /usr/share/fonts/default/Type1/n019043l.pfb produced the "quick brown fox" message in the selected font.
mga4 i586 in virtualbox Enabled tainted updates testing and installed the four packages as before. All three freetype demos tests matched the previous results. xpdf worked fine and libreoffice write handled font selections without any trouble. Looks like this is good to go for Mageia 4.
Whiteboard: has_procedure MGA4-64-OK => has_procedure MGA4-64-OK MGA4-32-OK
Could someone please push this to Mageia 4 updates. Thanks.
(In reply to Len Lawrence from comment #8) > Could someone please push this to Mageia 4 updates. Thanks. Please add the validated_updates keyword Len. Thanks.
(In reply to David Walser from comment #9) > (In reply to Len Lawrence from comment #8) > > Could someone please push this to Mageia 4 updates. Thanks. > > Please add the validated_updates keyword Len. Thanks. Oops, validate_update.
(In reply to David Walser from comment #10) > (In reply to David Walser from comment #9) > > Please add the validated_updates keyword Len. Thanks. > > Oops, validate_update. validated_update, even :)
Whiteboard: has_procedure MGA4-64-OK MGA4-32-OK => has_procedure MGA4-64-OK MGA4-32-OK validate-update
I must have been sleeping; never seen that one before ;)
(In reply to Len Lawrence from comment #12) > I must have been sleeping; never seen that one before ;) It's a keyword, not a whiteboard entry. I did it this time.
Keywords: (none) => validated_updateWhiteboard: has_procedure MGA4-64-OK MGA4-32-OK validate-update => has_procedure MGA4-64-OK MGA4-32-OKCC: (none) => sysadmin-bugs
Advisory uploaded. Added tainted srpm. Please push to 4 updates Thanks
Whiteboard: has_procedure MGA4-64-OK MGA4-32-OK => has_procedure advisory MGA4-64-OK MGA4-32-OK
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0367.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
URL: (none) => http://lwn.net/Vulnerabilities/657329/
CVE-2014-9745, CVE-2014-9746, CVE-2014-9747 assigned for this: http://openwall.com/lists/oss-security/2015/09/25/4
Summary: freetype2 new DoS security issues => freetype2 new DoS security issues (CVE-2014-974[5-7])