Fedora has issued an advisory on March 12: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QNCBS6GMBNC7CEMRVOAYD7YHSVV6OHSU/ The upstream commit that fixed the issue is linked from the RedHat bug: https://bugzilla.redhat.com/show_bug.cgi?id=1429965 The fix was likely included in the 2.7.0 or 2.7.1 release.
Assigning to package maintainer. I may have a look at it myself in the evening if Shlomi doesn't beat me to it.
Assignee: bugsquad => shlomif
Submitted freetype2-2.5.4-2.1.mga5 to {core,tainted}/updates_testing with the upstream patch. Advisory: ========= Updated freetype2 packages fix security vulnerability The parse_charstrings function in type1/t1load.c in FreeType 2 did not ensure that a font contains a glyph name, which could allow remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted file (CVE-2016-10244). References: - https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36 - http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/src/type1/t1load.c?h=VER-2-7&id=a660e3de422731b94d4a134d27555430cbb6fb39 RPMs in {core,tainted}/updates_testing: ======================================= lib{,64}freetype6-2.5.4-2.1.mga5{,.tainted} lib{,64}freetype6-devel-2.5.4-2.1.mga5{,.tainted} lib{,64}freetype6-static-devel-2.5.4-2.1.mga5{,.tainted} freetype2-demos-2.5.4-2.1.mga5{,.tainted} SRPMs: ====== core/updates_testing: freetype2-2.5.4-2.1.mga5 tainted/updates_testing: freetype2-2.5.4-2.1.mga5.tainted
Assignee: shlomif => qa-bugs
Prior to testing ---------------- Testing ideas: https://bugs.mageia.org/show_bug.cgi?id=16739 freetype2-demos: "The demos package includes a set of useful small utilities showing various capabilities of the FreeType library:" /usr/bin/ftbench run FreeType benchmarks â /usr/bin/ftdiff compare font hinting modes â/usr/bin/ftdump simple font dumper â /usr/bin/ftgamma ? â /usr/bin/ftgrid simple glyph grid viewer â /usr/bin/ftlint simple font tester â /usr/bin/ftmulti multiple masters font viewer â /usr/bin/ftstring string viewer â /usr/bin/ftvalid layout table validator â /usr/bin/ftview simple glyph viewer Fonts are in /usr/share/fonts/... A few likely subdirectories from many more:- âââ default â  âââ ghostscript â  âââ Type1 âââ gnu-free [ttf] âââ ttf â  âââ western âââ Type1 x64: Too late for me to test this now, will return tomorrow morning.
CC: (none) => lewyssmith
Testing M5_84 I could not get some commands to work (notably ftlint), not sure whether they are Type1/ttf specific, or what exact paramater to give. Where fonts have 2-3 component files, you have to find the correct one to give to commands. Some commands require a 'points' parameter, suggested 72. BEFORE update: 1. $ ftbench default/ghostscript/bchb.pfa ftbench results for font `default/ghostscript/bchb.pfa' ------------------------------------------------------- family: Bitstream Charter style: Bold number of seconds for each test: 2.000000 ... executing tests: Load 39.436 us/op ... Get_BBox 3.984 us/op 2. $ ftdump default/Type1/z003034l.pfb There is 1 face in this file. ----- Face number: 0 ----- font name entries family: URW Chancery L style: Medium Italic postscript: URWChanceryL-MediItal font type entries FreeType driver: type1 ... glyph count: 503 charmaps 0: platform 3, encoding 1 language 0 (active) 1: platform 7, encoding 0 language 0 3. $ ftgrid 72 gnu-free/FreeMono.ttf ptsize =72 Execution completed successfully. This opens a window with a detailed graphic view of each glyph, advance with arrow keys. 4. $ ftvalid ttf/western/Adventure.ttf FT_OpenType_Validate is disabled! Recompile FreeType 2 with otvalid module enabled. error = 0x0007 5. $ ftstring 72 Type1/c0419bt_.pfb Execution completed successfully. This displays the "quick brown fox..." string in a window, which you can rotate and resize with the arrow keys. 6. $ ftview 72 ttf/western/Adventure.ttf Execution completed successfully. Fails = 0 Displays a complete character set in a window; use arrow keys to advance and change the font size. AFTER the update: freetype2-demos-2.5.4-2.1.mga5.tainted lib64freetype6-2.5.4-2.1.mga5.tainted lib64freetype6-devel-2.5.4-2.1.mga5.tainted Confused by the presence also of 'lib64freetype2-1.3.1-45.mga5.tainted', but strace of a test showed: open("/usr/lib64/libfreetype.so.6", O_RDONLY|O_CLOEXEC) = 3 [and 'not found' for other paths: /usr/lib64/tls/x86_64/, /usr/lib64/tls/, /usr/lib64/x86_64]. Unsure of the validity of just the 'tainted' version employed. Assuming this OK. Ran the 6 tests noted above, with identical results to previously. Additionally viewed several PDF documents with different viewers; and a sizeable ODT document with LibreOffice Writer, changing fonts & font size. All looks OK.
Whiteboard: (none) => MGA5-64-OK
Whiteboard: MGA5-64-OK => MGA5-64-OK advisory
On i586, just testing that the update installs cleanly, and ftview 18 /usr/share/fonts/Type1/l049036t.pfa works. Validating the update.
Keywords: (none) => validated_updateWhiteboard: MGA5-64-OK advisory => MGA5-64-OK advisory MGA5-32-OKCC: (none) => davidwhodgins, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0085.html
Status: NEW => RESOLVEDResolution: (none) => FIXED