Bugzilla – Bug 1035807
VUL-0: CVE-2017-8105: freetype2: FreeType 2 before 2017-03-24 has an out-of-bounds write caused by aheap-based buffer overflow relat...
Last modified: 2022-04-07 08:48:04 UTC
CVE-2017-8105 FreeType 2 before 2017-03-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_decoder_parse_charstrings function in psaux/t1decode.c. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8105 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8105
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f958c48ee431bef8d4d466b40c9cb2d4dbcb7791 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=935
even in sle11 ga
ping... community user requested this bump for Tumbleweed in bug 1079459
Already submitted without tracking: https://build.opensuse.org/request/show/563247 Stuck in TW staging. Ismail could you look at the failures?
Codestreams in SLE are not affected, because they are too old. This was only introduced with 2.6.5 and fixed upstream in version 2.8. This needs to be fixed in Factory (see bug 1079459) by bumping the version to the latest upstream version.
SUSE-SU-2018:0414-1: An update that fixes four vulnerabilities is now available. Category: security (important) Bug References: 1028103,1035807,1036457,1079600 CVE References: CVE-2016-10244,CVE-2017-7864,CVE-2017-8105,CVE-2017-8287 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP3 (src): freetype2-2.6.3-7.15.1 SUSE Linux Enterprise Software Development Kit 12-SP2 (src): freetype2-2.6.3-7.15.1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src): freetype2-2.6.3-7.15.1, ft2demos-2.6.3-7.15.1 SUSE Linux Enterprise Server 12-SP3 (src): freetype2-2.6.3-7.15.1, ft2demos-2.6.3-7.15.1 SUSE Linux Enterprise Server 12-SP2 (src): freetype2-2.6.3-7.15.1, ft2demos-2.6.3-7.15.1 SUSE Linux Enterprise Desktop 12-SP3 (src): freetype2-2.6.3-7.15.1, ft2demos-2.6.3-7.15.1 SUSE Linux Enterprise Desktop 12-SP2 (src): freetype2-2.6.3-7.15.1, ft2demos-2.6.3-7.15.1 SUSE CaaS Platform ALL (src): freetype2-2.6.3-7.15.1
openSUSE-SU-2018:0420-1: An update that fixes four vulnerabilities is now available. Category: security (important) Bug References: 1028103,1035807,1036457,1079600 CVE References: CVE-2016-10244,CVE-2017-7864,CVE-2017-8105,CVE-2017-8287 Sources used: openSUSE Leap 42.3 (src): freetype2-2.6.3-5.3.1, ft2demos-2.6.3-5.3.1
SUSE-SU-2018:0462-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 1028103,1035807,1036457 CVE References: CVE-2016-10244,CVE-2017-8105,CVE-2017-8287 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): freetype2-2.3.7-25.45.5.1 SUSE Linux Enterprise Server 11-SP4 (src): freetype2-2.3.7-25.45.5.1, ft2demos-2.3.7-25.45.5.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): freetype2-2.3.7-25.45.5.1, ft2demos-2.3.7-25.45.5.1
fixed