Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 448550 (CVE-2012-5668) - <media-libs/freetype-2.4.11: multiple vulnerabilities (CVE-2012-{5668,5669,5670})
Summary: <media-libs/freetype-2.4.11: multiple vulnerabilities (CVE-2012-{5668,5669,56...
Status: RESOLVED FIXED
Alias: CVE-2012-5668
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://www.openwall.com/lists/oss-sec...
Whiteboard: A2 [glsa]
Keywords:
: 451606 (view as bug list)
Depends on:
Blocks:
 
Reported: 2012-12-25 16:00 UTC by Agostino Sarubbo
Modified: 2014-02-11 19:24 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2012-12-25 16:00:30 UTC
From $URL :

Merry Christmas!

Multiple security issues were reported by Mateusz Jurczyk of Google
security team. These have been fixed in freetype 2.4.11
Details are as follows.

* NULL Pointer Dereference in bdf_free_font
Bug: https://savannah.nongnu.org/bugs/?37905
Patch:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=9b6b5754b57c12b820e01305eb69b8863a161e5a

* Out-of-bounds read in _bdf_parse_glyphs
Bug: https://savannah.nongnu.org/bugs/?37906
Patch:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=07bdb6e289c7954e2a533039dc93c1c136099d2d

* Out-of-bounds write in _bdf_parse_glyphs
Bug: https://savannah.nongnu.org/bugs/?37907
Patch:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=7f2e4f4f553f6836be7683f66226afac3fa979b8
Comment 1 Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2013-01-24 14:45:06 UTC
*** Bug 451606 has been marked as a duplicate of this bug. ***
Comment 2 Lars Wendler (Polynomial-C) gentoo-dev 2013-01-24 15:25:21 UTC
+*freetype-2.4.11 (24 Jan 2013)
+
+  24 Jan 2013; Lars Wendler <polynomial-c@gentoo.org> +freetype-2.4.11.ebuild:
+  non-maintainer commit: security bump (bug #448550).
+
Comment 3 Lars Wendler (Polynomial-C) gentoo-dev 2013-01-25 09:24:34 UTC
Alright, since nobody is taking action here let's move this another step forward.

Arches please test and mark stable =media-libs/freetype-2.4.11. Target keywords are:
alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~x86-interix ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt


Please consider masking the "infinality" USE flag for stable arches as it requires a couple of other packages becoming stable/keyworded as well.
Comment 4 Agostino Sarubbo gentoo-dev 2013-01-25 11:08:04 UTC
ppc stable
Comment 5 Agostino Sarubbo gentoo-dev 2013-01-25 11:08:21 UTC
ppc64 stable
Comment 6 Agostino Sarubbo gentoo-dev 2013-01-25 11:16:12 UTC
x86 stable
Comment 7 Agostino Sarubbo gentoo-dev 2013-01-25 11:16:17 UTC
amd64 stable
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2013-01-25 13:08:20 UTC
CVE-2012-5670 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5670):
  The _bdf_parse_glyphs function in FreeType before 2.4.11 allows
  context-dependent attackers to cause a denial of service (out-of-bounds
  write and crash) via vectors related to BDF fonts and an ENCODING field with
  a negative value.

CVE-2012-5669 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5669):
  The _bdf_parse_glyphs function in FreeType before 2.4.11 allows
  context-dependent attackers to cause a denial of service (crash) via vectors
  related to BDF fonts and an incorrect calculation that triggers an
  out-of-bounds read.

CVE-2012-5668 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5668):
  FreeType before 2.4.11 allows context-dependent attackers to cause a denial
  of service (NULL pointer dereference and crash) via vectors related to BDF
  fonts and the improper handling of an "allocation error" in the
  bdf_free_font function.
Comment 9 Jeroen Roovers (RETIRED) gentoo-dev 2013-01-28 02:51:42 UTC
Stable for HPPA.
Comment 10 Sergey Popov gentoo-dev 2013-01-28 12:24:01 UTC
arm stable
Comment 11 Agostino Sarubbo gentoo-dev 2013-02-06 19:47:41 UTC
sparc stable
Comment 12 Agostino Sarubbo gentoo-dev 2013-02-08 12:07:23 UTC
sh stable
Comment 13 Agostino Sarubbo gentoo-dev 2013-02-08 14:48:23 UTC
s390 stable
Comment 14 Agostino Sarubbo gentoo-dev 2013-02-08 16:33:22 UTC
alpha stable
Comment 15 Agostino Sarubbo gentoo-dev 2013-02-09 18:02:46 UTC
ia64 stable
Comment 16 Sean Amoss (RETIRED) gentoo-dev Security 2013-03-22 15:25:33 UTC
New GLSA request filed.
Comment 17 Ben de Groot (RETIRED) gentoo-dev 2013-04-26 14:50:44 UTC
# Ben de Groot <yngwin@gentoo.org> (25 Apr 2013)
# freetype:1 has multiple issues, including security vulnerabilities,
# see bugs 412499, 430530, 406891, 448550, 466308.
# No longer supported upstream, nor in practice by us.
# Masked for removal in 30 days, unless someone steps up to maintain this
# and address all issues; (possible candidate for graveyard overlay).
=media-libs/freetype-1.4*
games-action/heavygear2
Comment 18 Chris Reffett (RETIRED) gentoo-dev Security 2013-09-22 14:08:32 UTC
m68k -> ~ only, removing from CC. @maintainers: clean affected please.
Comment 19 Ben de Groot (RETIRED) gentoo-dev 2013-10-05 11:45:02 UTC
(In reply to Chris Reffett from comment #18)
@maintainers: clean affected please.

done
Comment 20 GLSAMaker/CVETool Bot gentoo-dev 2014-02-11 19:24:50 UTC
This issue was resolved and addressed in
 GLSA 201402-16 at http://security.gentoo.org/glsa/glsa-201402-16.xml
by GLSA coordinator Mikle Kolyada (Zlogene).