Bug 30659 - freetype2 new security issue CVE-2022-31782
Summary: freetype2 new security issue CVE-2022-31782
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA8-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2022-07-21 16:38 CEST by David Walser
Modified: 2022-08-25 23:22 CEST (History)
4 users (show)

See Also:
Source RPM: freetype2-2.10.4-2.1.mga8(.tainted).src.rpm
CVE: CVE-2022-31782
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2022-07-21 16:38:46 CEST 
Ubuntu has issued an advisory on July 20:
https://ubuntu.com/security/notices/USN-5528-1

Mageia 8 is also affected.
David Walser 2022-07-21 16:39:03 CEST

Status comment: (none) => Patches available from upstream and Ubuntu
Whiteboard: (none) => MGA8TOO

Comment 1 Lewis Smith 2022-07-21 21:02:56 CEST 
Assigning to you, Stig, as you did all the more recent 'freetype2' version updates. This may be more complicated.

Assignee: bugsquad => smelror

Comment 2 Nicolas Salguero 2022-08-22 16:43:41 CEST 
Suggested advisory:
========================

The updated packages fix a security vulnerability:

ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based buffer overflow. (CVE-2022-31782)

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31782
https://ubuntu.com/security/notices/USN-5528-1
========================

Updated packages in core/updates_testing:
========================
freetype2-demos-2.10.4-2.2.mga8
lib(64)freetype6-2.10.4-2.2.mga8
lib(64)freetype2-devel-2.10.4-2.2.mga8

from SRPM:
freetype2-2.10.4-2.2.mga8.src.rpm

Updated packages in tainted/updates_testing:
========================
freetype2-demos-2.10.4-2.2.mga8.tainted
lib(64)freetype6-2.10.4-2.2.mga8.tainted
lib(64)freetype2-devel-2.10.4-2.2.mga8.tainted

from SRPM:
freetype2-2.10.4-2.2.mga8.tainted.src.rpm

Source RPM: freetype2-2.12.1-1.mga9.src.rpm => freetype2-2.10.4-2.1.mga8(.tainted).src.rpm
CVE: (none) => CVE-2022-31782
Status comment: Patches available from upstream and Ubuntu => (none)
Assignee: smelror => qa-bugs
Version: Cauldron => 8
Whiteboard: MGA8TOO => (none)
CC: (none) => nicolas.salguero

Comment 3 Thomas Andrews 2022-08-23 18:09:50 CEST 
No installation issues for core version.

Downloaded a free Freetype font, and extracted it. It came up as belonging to root, so as root I ran ftbench with it:

[root@localhost ~]# ftbench /home/tom/CuteEasterPersonalUse-Wy8nV.ttf 

ftbench results for font `/home/tom/CuteEasterPersonalUse-Wy8nV.ttf'
--------------------------------------------------------------------

family: Cute Easter - Personal Use
 style: Regular

number of seconds for each test: 2.000000

glyph indices: from 0 to 236
face size: 10ppem
font preloading into memory: no

load flags: 0x0
render mode: 0

CFF hinting engine set to `adobe'
TrueType interpreter set to version 40
maximum cache size: 1024KiByte

executing tests:
  Load                          23.863 us/op      83898 done
  Load_Advances (Normal)        23.725 us/op      84372 done
  Load_Advances (Fast)           0.074 us/op   24354594 done
  Load_Advances (Unscaled)       0.054 us/op   32275134 done
  Render                        12.409 us/op      52614 done
  Get_Glyph                      2.132 us/op      73470 done
  Get_Char_Index                 0.069 us/op   26303919 done
  Iterate CMap                   9.195 us/op     186250 done
  New_Face                      47.047 us/op      40852 done
  Embolden                      14.187 us/op      51192 done
  Stroke                       187.129 us/op       9480 done
  Get_BBox                       3.464 us/op      65649 done
  Get_CBox                       1.301 us/op      71811 done
  New_Face & load glyph(s)      21.598 us/op      92667 done

Results from the tainted version were identical.

Giving this an OK, and validating. Advisory in Comment 2.

Whiteboard: (none) => MGA8-64-OK
CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update

Dave Hodgins 2022-08-24 22:57:17 CEST

Keywords: (none) => advisory
CC: (none) => davidwhodgins

Comment 4 Mageia Robot 2022-08-25 23:22:51 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0297.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.