Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.3800.2
freetype security update
6 November 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: freetype
Publisher: Red Hat
Operating System: Red Hat
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Denial of Service -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2020-15999
Reference: ESB-2020.3676
ESB-2020.3668
ESB-2020.3639
ESB-2020.3616.2
Original Bulletin:
https://access.redhat.com/errata/RHSA-2020:4907
https://access.redhat.com/errata/RHSA-2020:4949
https://access.redhat.com/errata/RHSA-2020:4950
https://access.redhat.com/errata/RHSA-2020:4951
https://access.redhat.com/errata/RHSA-2020:4952
Comment: This bulletin contains five (5) Red Hat security advisories.
Revision History: November 6 2020: Appended additional associated advisories
November 5 2020: Initial Release
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: freetype security update
Advisory ID: RHSA-2020:4907-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:4907
Issue date: 2020-11-04
CVE Names: CVE-2020-15999
=====================================================================
1. Summary:
An update for freetype is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
3. Description:
FreeType is a free, high-quality, portable font engine that can open and
manage font files. FreeType loads, hints, and renders individual glyphs
efficiently.
Security Fix(es):
* freetype: Heap-based buffer overflow due to integer truncation in
Load_SBit_Png (CVE-2020-15999)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
The X server must be restarted (log out, then log back in) for this update
to take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1890210 - CVE-2020-15999 freetype: Heap-based buffer overflow due to integer truncation in Load_SBit_Png
6. Package List:
Red Hat Enterprise Linux Client (v. 7):
Source:
freetype-2.8-14.el7_9.1.src.rpm
x86_64:
freetype-2.8-14.el7_9.1.i686.rpm
freetype-2.8-14.el7_9.1.x86_64.rpm
freetype-debuginfo-2.8-14.el7_9.1.i686.rpm
freetype-debuginfo-2.8-14.el7_9.1.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64:
freetype-debuginfo-2.8-14.el7_9.1.i686.rpm
freetype-debuginfo-2.8-14.el7_9.1.x86_64.rpm
freetype-demos-2.8-14.el7_9.1.x86_64.rpm
freetype-devel-2.8-14.el7_9.1.i686.rpm
freetype-devel-2.8-14.el7_9.1.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source:
freetype-2.8-14.el7_9.1.src.rpm
x86_64:
freetype-2.8-14.el7_9.1.i686.rpm
freetype-2.8-14.el7_9.1.x86_64.rpm
freetype-debuginfo-2.8-14.el7_9.1.i686.rpm
freetype-debuginfo-2.8-14.el7_9.1.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64:
freetype-debuginfo-2.8-14.el7_9.1.i686.rpm
freetype-debuginfo-2.8-14.el7_9.1.x86_64.rpm
freetype-demos-2.8-14.el7_9.1.x86_64.rpm
freetype-devel-2.8-14.el7_9.1.i686.rpm
freetype-devel-2.8-14.el7_9.1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
freetype-2.8-14.el7_9.1.src.rpm
ppc64:
freetype-2.8-14.el7_9.1.ppc.rpm
freetype-2.8-14.el7_9.1.ppc64.rpm
freetype-debuginfo-2.8-14.el7_9.1.ppc.rpm
freetype-debuginfo-2.8-14.el7_9.1.ppc64.rpm
freetype-devel-2.8-14.el7_9.1.ppc.rpm
freetype-devel-2.8-14.el7_9.1.ppc64.rpm
ppc64le:
freetype-2.8-14.el7_9.1.ppc64le.rpm
freetype-debuginfo-2.8-14.el7_9.1.ppc64le.rpm
freetype-devel-2.8-14.el7_9.1.ppc64le.rpm
s390x:
freetype-2.8-14.el7_9.1.s390.rpm
freetype-2.8-14.el7_9.1.s390x.rpm
freetype-debuginfo-2.8-14.el7_9.1.s390.rpm
freetype-debuginfo-2.8-14.el7_9.1.s390x.rpm
freetype-devel-2.8-14.el7_9.1.s390.rpm
freetype-devel-2.8-14.el7_9.1.s390x.rpm
x86_64:
freetype-2.8-14.el7_9.1.i686.rpm
freetype-2.8-14.el7_9.1.x86_64.rpm
freetype-debuginfo-2.8-14.el7_9.1.i686.rpm
freetype-debuginfo-2.8-14.el7_9.1.x86_64.rpm
freetype-devel-2.8-14.el7_9.1.i686.rpm
freetype-devel-2.8-14.el7_9.1.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64:
freetype-debuginfo-2.8-14.el7_9.1.ppc64.rpm
freetype-demos-2.8-14.el7_9.1.ppc64.rpm
ppc64le:
freetype-debuginfo-2.8-14.el7_9.1.ppc64le.rpm
freetype-demos-2.8-14.el7_9.1.ppc64le.rpm
s390x:
freetype-debuginfo-2.8-14.el7_9.1.s390x.rpm
freetype-demos-2.8-14.el7_9.1.s390x.rpm
x86_64:
freetype-debuginfo-2.8-14.el7_9.1.x86_64.rpm
freetype-demos-2.8-14.el7_9.1.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source:
freetype-2.8-14.el7_9.1.src.rpm
x86_64:
freetype-2.8-14.el7_9.1.i686.rpm
freetype-2.8-14.el7_9.1.x86_64.rpm
freetype-debuginfo-2.8-14.el7_9.1.i686.rpm
freetype-debuginfo-2.8-14.el7_9.1.x86_64.rpm
freetype-devel-2.8-14.el7_9.1.i686.rpm
freetype-devel-2.8-14.el7_9.1.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64:
freetype-debuginfo-2.8-14.el7_9.1.x86_64.rpm
freetype-demos-2.8-14.el7_9.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-15999
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBX6K46dzjgjWX9erEAQjkHQ//ZP9t0lwD2Y7zNcVilvu+Xmdhz/DxYbmc
62AXmjKa8jj+tZ9Ze0Ndm75nOW6bmXplqp+NrM/r9Vn+m9m/vEOZyrVtY42VJO0t
TjwJA9LrHVvb5GI3HkWzY3gjvYw4f9V7DlPRj25fZ+LfQdeufzI+1fx+KcsKsuwu
RcAlMmuyNS5Jv88NmzOPHBX4bZqbS/nSUBWqxA59XGvlh6OSYX/+VOKU6ryAhqsl
FESUIJMQ+JhQmvoe70eSxbCdbNgzsBQ7o9RGZSQDdiIBvrHU4SN71Mw569wobA6R
mtuFGWMBcWjP0II1ZERf7DpT8ThK9trL/dZcJhjPrWqGBSfX5PBIJtwu7Neqe+/X
FdxqzPnMj4cXR3mf8VRq7b2sBkJKtjocLT9ft1S2GvniTM8x9G7JraQuzLtrGaCR
OVWIjaqphlNq7w61C8j0C0U6ZFPLvCIwidfLb6X1uQBYLFhX6yNKuLpCvzJf7GJU
wiH3Aqk94uzbWtNHEfWwdXwqxm+bX47mm3ZPYfKyf/gydPMpfU8ZNb4DuCE2HdK5
VlravzP2KrfpVLLM/Ddjd2E+Oy9HAdOdhUg64u9NnapRWLkcAXSvveA+YbebwfBV
4VHS9yIxAZfkb9forSGcbpEXrIJWGVaSgzbnAsYTiLvIrF88wZng1AIiF3j3uMfj
dTCmugPFQ8Y=
=Kzoh
- -----END PGP SIGNATURE-----
- ------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: freetype security update
Advisory ID: RHSA-2020:4949-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:4949
Issue date: 2020-11-05
CVE Names: CVE-2020-15999
=====================================================================
1. Summary:
An update for freetype is now available for Red Hat Enterprise Linux 8.0
Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux BaseOS E4S (v. 8.0) - aarch64, ppc64le, s390x, x86_64
3. Description:
FreeType is a free, high-quality, portable font engine that can open and
manage font files. FreeType loads, hints, and renders individual glyphs
efficiently.
Security Fix(es):
* freetype: Heap-based buffer overflow due to integer truncation in
Load_SBit_Png (CVE-2020-15999)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
The X server must be restarted (log out, then log back in) for this update
to take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1890210 - CVE-2020-15999 freetype: Heap-based buffer overflow due to integer truncation in Load_SBit_Png
6. Package List:
Red Hat Enterprise Linux BaseOS E4S (v. 8.0):
Source:
freetype-2.9.1-4.el8_0.1.src.rpm
aarch64:
freetype-2.9.1-4.el8_0.1.aarch64.rpm
freetype-debuginfo-2.9.1-4.el8_0.1.aarch64.rpm
freetype-debugsource-2.9.1-4.el8_0.1.aarch64.rpm
freetype-demos-debuginfo-2.9.1-4.el8_0.1.aarch64.rpm
freetype-devel-2.9.1-4.el8_0.1.aarch64.rpm
ppc64le:
freetype-2.9.1-4.el8_0.1.ppc64le.rpm
freetype-debuginfo-2.9.1-4.el8_0.1.ppc64le.rpm
freetype-debugsource-2.9.1-4.el8_0.1.ppc64le.rpm
freetype-demos-debuginfo-2.9.1-4.el8_0.1.ppc64le.rpm
freetype-devel-2.9.1-4.el8_0.1.ppc64le.rpm
s390x:
freetype-2.9.1-4.el8_0.1.s390x.rpm
freetype-debuginfo-2.9.1-4.el8_0.1.s390x.rpm
freetype-debugsource-2.9.1-4.el8_0.1.s390x.rpm
freetype-demos-debuginfo-2.9.1-4.el8_0.1.s390x.rpm
freetype-devel-2.9.1-4.el8_0.1.s390x.rpm
x86_64:
freetype-2.9.1-4.el8_0.1.i686.rpm
freetype-2.9.1-4.el8_0.1.x86_64.rpm
freetype-debuginfo-2.9.1-4.el8_0.1.i686.rpm
freetype-debuginfo-2.9.1-4.el8_0.1.x86_64.rpm
freetype-debugsource-2.9.1-4.el8_0.1.i686.rpm
freetype-debugsource-2.9.1-4.el8_0.1.x86_64.rpm
freetype-demos-debuginfo-2.9.1-4.el8_0.1.i686.rpm
freetype-demos-debuginfo-2.9.1-4.el8_0.1.x86_64.rpm
freetype-devel-2.9.1-4.el8_0.1.i686.rpm
freetype-devel-2.9.1-4.el8_0.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-15999
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBX6O6ctzjgjWX9erEAQgS2A/9G8QX5yA4d7+Jr7FyatfEDTE/ghgve73n
rzmmYjyLenaJEXEJ03Be7stEVOn3Q4dawexrvI6vjxUJLoHoAKP7xIr0AgAfFlgc
QuLHJZAR/6gE8sV67I0gU6smWvUpPhSFHHzexN7Dpqwhy0Tkj1Xtq6l0j5IIuvfi
oiISKJ7hLeArjlrI9Z0GrdfFAiA2QOcW+dgfEyI63SeXtN15qVYk7QUhnQgS9R6w
+boLYOB3zFt5BPlLRMfYaJZDGJzHeTkVqjL94gMGVjkh20/6dcidUFEts3Y7/eNQ
D3rBF4yKoX95HbKQ3ATJqBmQD9Wch4OiPMLU2b9QRjE8Zv5agBlqrWW4fQFsNb1A
J/Zdx5Eruc6GIg3TL9B9Wto9pmKiD3JuYZAwjQERcJ4TxPYkYShBQxl+atdS7kr9
wmGjwJlS8PXKvrFcmPofNBn+5zspkYcmXLB5xdBWTBV4X8/aaxxwXGvi/MpRz5OR
ASBOpzCn+l+onnjLKnKi4Ha05Q+e5bgrDeOVlIchHKyw1Y16fqNsKH7ta63quHB6
UQLgemeoKWZKlTwqghxaBEdZR5UH4d14dimK16JyNYpo77LpPU0JDFcRFYkUaqt8
GGyu061V3w1TIs6uJw11fTVKKVCG0nFQeIdRajpHiFcq7oMKFX+A5lqosDNuihM6
Zgn1EBrthvM=
=tJ94
- -----END PGP SIGNATURE-----
- ----------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: freetype security update
Advisory ID: RHSA-2020:4950-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:4950
Issue date: 2020-11-05
CVE Names: CVE-2020-15999
=====================================================================
1. Summary:
An update for freetype is now available for Red Hat Enterprise Linux 8.1
Extended Update Support.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux BaseOS EUS (v. 8.1) - aarch64, ppc64le, s390x, x86_64
3. Description:
FreeType is a free, high-quality, portable font engine that can open and
manage font files. FreeType loads, hints, and renders individual glyphs
efficiently.
Security Fix(es):
* freetype: Heap-based buffer overflow due to integer truncation in
Load_SBit_Png (CVE-2020-15999)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
The X server must be restarted (log out, then log back in) for this update
to take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1890210 - CVE-2020-15999 freetype: Heap-based buffer overflow due to integer truncation in Load_SBit_Png
6. Package List:
Red Hat Enterprise Linux BaseOS EUS (v. 8.1):
Source:
freetype-2.9.1-4.el8_1.1.src.rpm
aarch64:
freetype-2.9.1-4.el8_1.1.aarch64.rpm
freetype-debuginfo-2.9.1-4.el8_1.1.aarch64.rpm
freetype-debugsource-2.9.1-4.el8_1.1.aarch64.rpm
freetype-demos-debuginfo-2.9.1-4.el8_1.1.aarch64.rpm
freetype-devel-2.9.1-4.el8_1.1.aarch64.rpm
ppc64le:
freetype-2.9.1-4.el8_1.1.ppc64le.rpm
freetype-debuginfo-2.9.1-4.el8_1.1.ppc64le.rpm
freetype-debugsource-2.9.1-4.el8_1.1.ppc64le.rpm
freetype-demos-debuginfo-2.9.1-4.el8_1.1.ppc64le.rpm
freetype-devel-2.9.1-4.el8_1.1.ppc64le.rpm
s390x:
freetype-2.9.1-4.el8_1.1.s390x.rpm
freetype-debuginfo-2.9.1-4.el8_1.1.s390x.rpm
freetype-debugsource-2.9.1-4.el8_1.1.s390x.rpm
freetype-demos-debuginfo-2.9.1-4.el8_1.1.s390x.rpm
freetype-devel-2.9.1-4.el8_1.1.s390x.rpm
x86_64:
freetype-2.9.1-4.el8_1.1.i686.rpm
freetype-2.9.1-4.el8_1.1.x86_64.rpm
freetype-debuginfo-2.9.1-4.el8_1.1.i686.rpm
freetype-debuginfo-2.9.1-4.el8_1.1.x86_64.rpm
freetype-debugsource-2.9.1-4.el8_1.1.i686.rpm
freetype-debugsource-2.9.1-4.el8_1.1.x86_64.rpm
freetype-demos-debuginfo-2.9.1-4.el8_1.1.i686.rpm
freetype-demos-debuginfo-2.9.1-4.el8_1.1.x86_64.rpm
freetype-devel-2.9.1-4.el8_1.1.i686.rpm
freetype-devel-2.9.1-4.el8_1.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-15999
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBX6O8FtzjgjWX9erEAQjKaA/+NUwgYZdcH7kluqwHxEPLjY+BO81lAVzQ
jzsKSsYNKMyBqGlBnHV+kS5dARoukU7xHif8wlOF/hXiezz0V6QrcApp8bmdp49A
KYeDqsvPm9r5e6/otrfRJAZAV/dQvQkoRgB44B17wqCngNnpJEZopHJZqOpx+wM9
zbssLIMvFdOmlzSkKxOUGoEgixPAeK36SOns3OvoeXtwFHblyO4ILEPYojWiS6/l
bcqkEvSY7qSssCY2qyNooUpiwjaoOy84dgLYxWbYl+iftXvKhP7yVEhUPpgw0o/A
cPKR43pNOpXI+dXFAGYyyHq76F6XwDu2LCq51fYSNZs9B1OsVhlaiCL0NDnMyF/p
fj1MxlpumDql7VQFC4fhiPpCiZRd9gGNrSC6SB34YUfzVfp92BUtn5LgU6GZiEn2
6ppEC+9o5J1JKOotd2zA/loFmRGVmwAWSvDs2ZaAGqMZMWsANntwEeOXdFcpwGVr
OWm2640mwrtqAGCB4D5HE0ywVFrKiPsppA0dSVloJUQlUji+umxfJnadtiOYw89i
X4fsotT1DxcjpFCzUe6FjgssFPHwa0hftaWtZ7mbm4yZd6grW44IKcOdoTRsR4rj
RECTyKaLwjhqmS2E3wtKqJnatULU1w81Mlr3LsLpwPaBd1uqIrSsKQCMIqbw1O1J
+PqkAXI9PFI=
=Ri+b
- -----END PGP SIGNATURE-----
- -------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: freetype security update
Advisory ID: RHSA-2020:4951-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:4951
Issue date: 2020-11-05
CVE Names: CVE-2020-15999
=====================================================================
1. Summary:
An update for freetype is now available for Red Hat Enterprise Linux 8.2
Extended Update Support.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux BaseOS EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64
3. Description:
FreeType is a free, high-quality, portable font engine that can open and
manage font files. FreeType loads, hints, and renders individual glyphs
efficiently.
Security Fix(es):
* freetype: Heap-based buffer overflow due to integer truncation in
Load_SBit_Png (CVE-2020-15999)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
The X server must be restarted (log out, then log back in) for this update
to take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1890210 - CVE-2020-15999 freetype: Heap-based buffer overflow due to integer truncation in Load_SBit_Png
6. Package List:
Red Hat Enterprise Linux BaseOS EUS (v. 8.2):
Source:
freetype-2.9.1-4.el8_2.1.src.rpm
aarch64:
freetype-2.9.1-4.el8_2.1.aarch64.rpm
freetype-debuginfo-2.9.1-4.el8_2.1.aarch64.rpm
freetype-debugsource-2.9.1-4.el8_2.1.aarch64.rpm
freetype-demos-debuginfo-2.9.1-4.el8_2.1.aarch64.rpm
freetype-devel-2.9.1-4.el8_2.1.aarch64.rpm
ppc64le:
freetype-2.9.1-4.el8_2.1.ppc64le.rpm
freetype-debuginfo-2.9.1-4.el8_2.1.ppc64le.rpm
freetype-debugsource-2.9.1-4.el8_2.1.ppc64le.rpm
freetype-demos-debuginfo-2.9.1-4.el8_2.1.ppc64le.rpm
freetype-devel-2.9.1-4.el8_2.1.ppc64le.rpm
s390x:
freetype-2.9.1-4.el8_2.1.s390x.rpm
freetype-debuginfo-2.9.1-4.el8_2.1.s390x.rpm
freetype-debugsource-2.9.1-4.el8_2.1.s390x.rpm
freetype-demos-debuginfo-2.9.1-4.el8_2.1.s390x.rpm
freetype-devel-2.9.1-4.el8_2.1.s390x.rpm
x86_64:
freetype-2.9.1-4.el8_2.1.i686.rpm
freetype-2.9.1-4.el8_2.1.x86_64.rpm
freetype-debuginfo-2.9.1-4.el8_2.1.i686.rpm
freetype-debuginfo-2.9.1-4.el8_2.1.x86_64.rpm
freetype-debugsource-2.9.1-4.el8_2.1.i686.rpm
freetype-debugsource-2.9.1-4.el8_2.1.x86_64.rpm
freetype-demos-debuginfo-2.9.1-4.el8_2.1.i686.rpm
freetype-demos-debuginfo-2.9.1-4.el8_2.1.x86_64.rpm
freetype-devel-2.9.1-4.el8_2.1.i686.rpm
freetype-devel-2.9.1-4.el8_2.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-15999
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBX6O+qtzjgjWX9erEAQh4uQ/+I5Te5vQFvk2BHphKIf7G8fmiuWQldj/9
GG+Z7FGjMCvfh5aeW2GlJ2bhwKZ/WLqzzpumsyPIkGAM90Ha2mbqKho6/TLuVzEj
IMyAgXtKSnkgyEZVjkhUpSiJMoHtuMKESU4Q91HyNDpbxs7bX/2xlX0SIqz0IziX
9RNu4sqtKdv/4aVMRp2OoAK7jwF56Aw0/GMrLe4rmzhcBS3kT6qd87a/IEIr7VFi
6/9zUWW1CjscgtpwKS/WACRlWFZds95BRSE4NPOrehj43h9y7opMTZYnNUyaXwaG
k9xoEherA5FKkBORaqanl3dK0bVSE8FoUA2QEOATebF22A7iBDw3wvZc+g9upCa8
xvzUKwWh0P/0m3h5cphK8f38uhDZMx2oMWyhm7PLYb77fZ+uGJmEytQb+N9ip+8m
ynHXvn8CbEr6D8iEWbdrNlAOu22W/Alm6VUeg6YbYyqkHBs0TzGQ9Pp4X+Q9mjAv
oHghhgt4be0OET2Ov4bQV0GIhWIoFQ0dIYOwDr28fWygko1VnW/0u5jTutPNeVtU
lFRRSpGU0q8F4CubiPbogBUH+elgiRLKd8W+548gPGvRnwaFU/sJfllnDzCz+3JY
020BYN3v9+A+VAwm1p67kDBv5HD2cC27b4fE1ia8KkF0to11/mgOCN9qjzlEk+6f
wZYEJdWmhvY=
=52X6
- -----END PGP SIGNATURE-----
- -------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: freetype security update
Advisory ID: RHSA-2020:4952-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:4952
Issue date: 2020-11-05
CVE Names: CVE-2020-15999
=====================================================================
1. Summary:
An update for freetype is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64
3. Description:
FreeType is a free, high-quality, portable font engine that can open and
manage font files. FreeType loads, hints, and renders individual glyphs
efficiently.
Security Fix(es):
* freetype: Heap-based buffer overflow due to integer truncation in
Load_SBit_Png (CVE-2020-15999)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
The X server must be restarted (log out, then log back in) for this update
to take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1890210 - CVE-2020-15999 freetype: Heap-based buffer overflow due to integer truncation in Load_SBit_Png
6. Package List:
Red Hat Enterprise Linux BaseOS (v. 8):
Source:
freetype-2.9.1-4.el8_3.1.src.rpm
aarch64:
freetype-2.9.1-4.el8_3.1.aarch64.rpm
freetype-debuginfo-2.9.1-4.el8_3.1.aarch64.rpm
freetype-debugsource-2.9.1-4.el8_3.1.aarch64.rpm
freetype-demos-debuginfo-2.9.1-4.el8_3.1.aarch64.rpm
freetype-devel-2.9.1-4.el8_3.1.aarch64.rpm
ppc64le:
freetype-2.9.1-4.el8_3.1.ppc64le.rpm
freetype-debuginfo-2.9.1-4.el8_3.1.ppc64le.rpm
freetype-debugsource-2.9.1-4.el8_3.1.ppc64le.rpm
freetype-demos-debuginfo-2.9.1-4.el8_3.1.ppc64le.rpm
freetype-devel-2.9.1-4.el8_3.1.ppc64le.rpm
s390x:
freetype-2.9.1-4.el8_3.1.s390x.rpm
freetype-debuginfo-2.9.1-4.el8_3.1.s390x.rpm
freetype-debugsource-2.9.1-4.el8_3.1.s390x.rpm
freetype-demos-debuginfo-2.9.1-4.el8_3.1.s390x.rpm
freetype-devel-2.9.1-4.el8_3.1.s390x.rpm
x86_64:
freetype-2.9.1-4.el8_3.1.i686.rpm
freetype-2.9.1-4.el8_3.1.x86_64.rpm
freetype-debuginfo-2.9.1-4.el8_3.1.i686.rpm
freetype-debuginfo-2.9.1-4.el8_3.1.x86_64.rpm
freetype-debugsource-2.9.1-4.el8_3.1.i686.rpm
freetype-debugsource-2.9.1-4.el8_3.1.x86_64.rpm
freetype-demos-debuginfo-2.9.1-4.el8_3.1.i686.rpm
freetype-demos-debuginfo-2.9.1-4.el8_3.1.x86_64.rpm
freetype-devel-2.9.1-4.el8_3.1.i686.rpm
freetype-devel-2.9.1-4.el8_3.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-15999
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBX6O9QtzjgjWX9erEAQhFZA//ZTgqULDu7BZqUg8guPHgUDccnU73QtE9
uajiXmfKy3WW8/mMzrXmPEAekOtWWBCLp0HG9p8oNSPo3yA5nBWUfoNm5MPmAOna
8jRktLiVnOSb0CNP27ahUqJ27Hd2N5uAcXiLwSzjxTsbv8wSi/aZe5Rg9oR3emUC
C2hWihjzWXg7MdXp4NGx3lHsghvhFe9AJwpqaZUpyNeIt02RyIWKe62uMyhgNGzr
hC9YawNOREshYwvKSdHZoepsXqocBsuPhiAKDepWhCrfvNRPIBJed/RjWGSoQpsr
lMATUoHb9lRhee8oUXO8xFCzuXkfCX2MtCMw+hF0SWxY3+0+FReiqhLnRwI7ZSXO
oW6Fiz65TJpDaXDd7+vMWeX19/qEsUkWPCWy1MePqQPMCwS1XjaSb9iGxQ9IeAeX
0cIv2+sxip+PDtVpdGffXs1CERbhIOd3orkXiSBLJ8dzYbtYE8g3/bzMf9zoroMw
CIHbetMhWLcNn3qQ1rWLZRngu1hEwfgqaKrflmHfZTADZqxJnb0jC4Exrm7CYasY
yCbnroZA++ElCf3MsioauBXFeQ8fc5sS94Q5b9jJBbHMcF3Isz05uiqGeLNmSMsJ
Imvuvz0TSTEQIrfT32L3pxjxa+nodEey0jYbNOVnH2MYEzAPm/FZ4eSTpNkrafDd
RGEqGdYWDr4=
=Iu5D
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBX6R9buNLKJtyKPYoAQhS/hAAoiZpOCBMjgzAtUTg9/9qEl5/3CUf7VpC
qZwMbtKZ90uAKC6PnMgZ89kCTVqU/SSnbTn2PK77cAJ+ror6GMMWQ3REA2hVlN5D
4MD7FgxnEfzYJuim/S7xKyeWPEidtnDxEWYFiDjHDQNWKamWg2Hxw9K/PoW/Bydk
NAcK9NuxlaoSjVMRrNJfEP9GxV40CsTIxKpSiAcNxK6AkuOCIWQe3AIMALkEXmb7
FQKCOx7YdchxL4E5VSyVhl6rXPe12TANKpLDmcIZtOTDJ9IFszmpIfAV2opy58cV
UzpJ1RgsUqqKzh8ihOQoO2VRljr+NpFGagJP7YiUn1+clh2dS64K1ZzXQ12LaY8k
aihVsig93RS8E0rvMEyuNWpN6JL+sqd/hlOIDt84ycfhY4Odo4dOgYn2TAsEDa1L
WlbmqBy9TuZKFklQgaggmDaJMUYCOyE8sEtC482zjoTcZ90+I4wYUPEHT+wU1OG9
rw3U7MfBLdekhcOQ2gH5HRYcO73NQLzLOW3M/enDGR2S2eTUH3S7fgyrtifnveSG
zq46y9AbS5c/HzQxxtaTnxbMc0GAPcQ5DEXQv2++AJ0bWtAIAtP7G7hg1L+fsIWa
8U8HxOA5lonZRt2IY0nPgUNMUgxqOP1zlmqPVy01HAk+LtXD7jg/UzH+vrgjlKOZ
C+owcvK+hms=
=7nDW
-----END PGP SIGNATURE-----