SUSE has issued an advisory on February 9: https://lists.opensuse.org/opensuse-security-announce/2018-02/msg00014.html The SUSE bug with the link to the upstream commit that fixed it is here: https://bugzilla.suse.com/show_bug.cgi?id=1034178
Status comment: (none) => Upstream patch is available
Assigning to the registered maintainer.
CC: (none) => marja11Assignee: bugsquad => shlomif
See the new freetype2 at http://pkgsubmit.mageia.org/ .
Thanks Shlomi! Please push to tainted as well once the build system allows you to. Saving advisory for when we get that pushed. Advisory: ======================== Updated freetype2 packages fix security vulnerability: FreeType 2 before 2017-02-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tt_size_reset function in truetype/ttobjs.c (CVE-2017-7864). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7864 https://bugzilla.suse.com/show_bug.cgi?id=1034178 ======================== Updated packages in {core,tainted}/updates_testing: ======================== libfreetype6-2.7.1-2.1.mga6 libfreetype6-devel-2.7.1-2.1.mga6 libfreetype6-static-devel-2.7.1-2.1.mga6 freetype2-demos-2.7.1-2.1.mga6 from freetype2-2.7.1-2.1.mga6.src.rpm
@Shlomi, you seem to keep forgetting the "Cauldron first" when it comes to bug/security fixes... We need stuff fixed there first to ensure we keep upgrade path and not regress on bug/security fixes... 2 days ago I had to sync the zlib fix to cauldron as you had forgot that too..
CC: (none) => tmb
Thomas, this bug doesn't apply to Cauldron. The upstream fix was already included in the 2.8.1 we have there. But yes in general, when things do apply there they should always be pushed there first.
Ah, my bad .. I just looked at pkgsubmit for a cauldron build of freetype2 :)
Core and tainted builds are now both available. Assigning to QA. Advisory and packages in Comment 3.
CC: (none) => shlomifAssignee: shlomif => qa-bugs
Status comment: Upstream patch is available => (none)
Installed and tested without issues. Tested using firefox, okular, calibre, gimp, inkscape and chromium browser. System: Mageia 6, x86_64, Plasma DE, LXQt DE, Intel CPU, nVidia GPU using nvidia340 proprietary driver. $ uname -a Linux marte 4.14.18-desktop-1.mga6 #1 SMP Wed Feb 7 23:14:33 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ rpm -qa | grep freetype | sort lib64freetype6-2.7.1-2.1.mga6 lib64freetype6-devel-2.7.1-2.1.mga6 lib64freetype-gir2.0-1.52.1-1.mga6 libfreetype6-2.7.1-2.1.mga6
CC: (none) => mageia
Just a follow-up from comment 8 tests. Mageia 6 :: x86_64 Updated from Core Updates Testing: - freetype2-demos-2.7.1-2.1.mga6.x86_64 - lib64freetype-gir2.0-1.54.1-1.mga6.x86_64 - lib64freetype6-2.7.1-2.1.mga6.x86_64 - lib64freetype6-devel-2.7.1-2.1.mga6.x86_64 - lib64freetype6-static-devel-2.7.1-2.1.mga6.x86_64 Ran strace on drakfont while installing a TTF font, Apple_Garamond. # cat trace0 | grep freetype open("/lib64/libfreetype.so.6", O_RDONLY|O_CLOEXEC) = 8 open("/usr/lib64/libfreetype.so.6.13.0", O_RDONLY) = 8 [root@belexeuli lib64]# ls *freetype* libfreetype.a libfreetype.so@ libfreetype.so.6@ libfreetype.so.6.13.0* Opened a document in LibreOffice and successfully changed the font of a paragraph to Apple Garamond. Enabled Tainted Updates Testing and installed: - freetype2-demos-2.7.1-2.1.mga6.tainted.x86_64 - lib64freetype6-2.7.1-2.1.mga6.tainted.x86_64 - lib64freetype6-devel-2.7.1-2.1.mga6.tainted.x86_64 - lib64freetype6-static-devel-2.7.1-2.1.mga6.tainted.x86_64 Ran a trace on drakfont while installing StandingRoomOnly.ttf. # cat trace1 | grep freetype open("/lib64/libfreetype.so.6", O_RDONLY|O_CLOEXEC) = 8 open("/usr/lib64/libfreetype.so.6.13.0", O_RDONLY) = 8 # rpm -qa | grep freetype lib64freetype-gir2.0-1.54.1-1.mga6 lib64freetype6-static-devel-2.7.1-2.1.mga6.tainted freetype2-demos-2.7.1-2.1.mga6.tainted lib64freetype6-2.7.1-2.1.mga6.tainted lib64freetype6-devel-2.7.1-2.1.mga6.tainted Opened the previous document in LibreOffice and changed the font of another paragraph to StandingRoomOnly. This with the tests of comment 8 justify a 64-bit OK.
CC: (none) => tarazed25Whiteboard: (none) => MGA6-64-OK
I have installed the freetype packages from the core updates testing repository. Is there any difference between the tainted and non tainted versions?
@PC LX I would imagine so - probably something to do with accommodating nonfree fonts. We need an expert.
freetype2 from tainted repository. Ran another test to see if freetype2 is involved with Type1 font rendering as opposed to TTF, using a local utility to generate labels. $ strace /home/lcl/bin/paddb 2> trace2 This created a file ~/tmp/abc-0.ps $ gs abc-0.ps GPL Ghostscript 9.22 (2017-10-04) Copyright (C) 2017 Artifex Software, Inc. All rights reserved. This software comes with NO WARRANTY: see the file PUBLIC for details. Loading SaddlebagRegularSWFTE font from /usr/share/fonts/default/ghostscript/Saddlebag.pfb... 4447172 2907352 4076224 2765155 3 done. >>showpage, press <return> to continue<< $ cat trace2 | grep freetype open("/lib64/libfreetype.so.6", O_RDONLY|O_CLOEXEC) = 7 This indicates that freetype2 deals with Type1 fonts OK. Note that the pfb and afm files were generated from an original ttf using ttf2pt1.
Advisory uploaded
Keywords: (none) => advisory, validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0128.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED