Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 612192 (CVE-2016-10244)

Summary: <media-libs/freetype-2.7.1-r2: parse_charstrings function in type1/t1load.c does not ensure that a font contains a glyph name
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: fonts, multilib+disabled, polynomial-c, yngwin
Priority: Normal Flags: stable-bot: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://bugzilla.redhat.com/show_bug.cgi?id=1429965
Whiteboard: A3 [glsa cve]
Package list:
=media-libs/freetype-2.7.1-r2
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2017-03-10 11:24:50 UTC
From ${URL} :

The parse_charstrings function in type1/t1load.c in FreeType 2 does not ensure that a font contains a glyph name, which allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have 
unspecified other impact via a crafted file.

References:

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36

Upstream patch:

http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/src/type1/t1load.c?h=VER-2-7&id=a660e3de422731b94d4a134d27555430cbb6fb39


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev 2017-03-10 11:42:49 UTC
commit b718d16b1e7331ab125b9803d1add14b2617e0b0
Author: Lars Wendler <polynomial-c@gentoo.org>
Date:   Fri Mar 10 12:40:30 2017

    media-libs/freetype: Security revbump for bug #612192.

    Package-Manager: Portage-2.3.4, Repoman-2.3.2


Arches please test and mark stable =media-libs/freetype-2.7.1-r2 with target KEYWORDS:

alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt
Comment 2 Agostino Sarubbo gentoo-dev 2017-03-10 13:09:26 UTC
amd64 stable
Comment 3 Agostino Sarubbo gentoo-dev 2017-03-10 13:10:05 UTC
x86 stable
Comment 4 Michael Weber (RETIRED) gentoo-dev 2017-03-10 13:43:56 UTC
arm ppc ppc64 stable
Comment 5 Jeroen Roovers (RETIRED) gentoo-dev 2017-03-11 08:31:23 UTC
Stable for HPPA.
Comment 6 Agostino Sarubbo gentoo-dev 2017-03-11 17:21:36 UTC
ia64 stable
Comment 7 Agostino Sarubbo gentoo-dev 2017-03-17 10:43:25 UTC
sparc stable
Comment 8 Tobias Klausmann (RETIRED) gentoo-dev 2017-04-04 19:30:44 UTC
Stable on alpha.
Comment 9 Yury German Gentoo Infrastructure gentoo-dev 2017-04-11 06:21:41 UTC
Arches, Thank you for your work.
New GLSA Request filed.


Maintainer(s), please drop the vulnerable version(s).
Comment 11 GLSAMaker/CVETool Bot gentoo-dev 2017-06-06 20:10:25 UTC
This issue was resolved and addressed in
 GLSA 201706-14 at https://security.gentoo.org/glsa/201706-14
by GLSA coordinator Kristian Fiskerstrand (K_F).