Ubuntu has issued an advisory on February 14: https://usn.ubuntu.com/usn/usn-3572-1/ Ubuntu has a link to the upstream commit that fixed the issue: https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-6942.html Mageia 6 is also affected.
Whiteboard: (none) => MGA6TOO
Status comment: (none) => Upstream patch is available
Updated in Cauldron and 2.7.1-2.2 submitted to tainted and core updates_testing for MGA6.
Version: Cauldron => 6Whiteboard: MGA6TOO => (none)
Thanks Shlomi! Advisory: ======================== Updated freetype2 packages fix security vulnerability: An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file (CVE-2018-6942). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6942 https://usn.ubuntu.com/usn/usn-3572-1 ======================== Updated packages in {core,tainted}/updates_testing: ======================== libfreetype6-2.7.1-2.2.mga6 libfreetype6-devel-2.7.1-2.2.mga6 libfreetype6-static-devel-2.7.1-2.2.mga6 freetype2-demos-2.7.1-2.2.mga6 from freetype2-2.7.1-2.2.mga6.src.rpm
Assignee: shlomif => qa-bugsCC: (none) => shlomif
What is the difference between the core and tainted packages?
CC: (none) => mageia
(In reply to PC LX from comment #3) > What is the difference between the core and tainted packages? $ rpm -q -i lib64freetype6|tail -n 2 This package is in the "tainted" section because it has subpixel hinting enabled which is covered by software patents.
CC: (none) => davidwhodgins
Installed the tainted packages and ran strace on drakfont while installing a ttf font. Gunplay3D appeared in the font list in LibreOffice writer and was applied to a paragraph in a document. $ grep freetype trace open("/lib64/libfreetype.so.6", O_RDONLY|O_CLOEXEC) = 8 open("/usr/lib64/libfreetype.so.6.13.0", O_RDONLY) = 8 I was unable to backtrack to the free versions without removing the tainted. Hit a brick wall: # urpme lib64freetype6-2.7.1-2.2.mga6.tainted.x86_64 Removing the following package will break your system: basesystem-6-0.4.mga6.x86_64 (due to missing bootloader) Good for tainted anyway.
CC: (none) => tarazed25
> I was unable to backtrack to the free versions without removing the tainted. > Hit a brick wall: > # urpme lib64freetype6-2.7.1-2.2.mga6.tainted.x86_64 > Removing the following package will break your system: > basesystem-6-0.4.mga6.x86_64 > (due to missing bootloader) The following should work (I haven't tried it): enable core/updates/testing disable tainted/updates/testing urpmi --downgrade lib64freetype6
CC: (none) => jim
Installed and tested without issues. Tested using firefox, okular, calibre, gimp and chromium browser. I tested both the core and tainted packages. Didn't notice any difference in font rendering. System: Mageia 6, x86_64, Plasma DE, Intel CPU, nVidia GPU using nvidia340 proprietary driver. $ uname -a Linux marte 4.14.20-desktop-1.mga6 #1 SMP Sun Feb 18 01:22:02 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ rpm -qa | grep freetype6 | sort lib64freetype6-2.7.1-2.2.mga6.tainted lib64freetype6-devel-2.7.1-2.2.mga6.tainted libfreetype6-2.7.1-2.2.mga6.tainted
@James Kerr, comment 6: Ah! Did not think of that. Thanks. Looks like it is well tested anyway for x86_64.
Whiteboard: (none) => MGA6-64-OK
Advisory committed to svn. Validating the update based on above tests.
Keywords: (none) => advisory, validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0140.html
Status: NEW => RESOLVEDResolution: (none) => FIXED