freetype2-devel-2.11.0-1.2 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10770 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z freetype2-devel-2.11.0-1.2 on GA media These are all security issues fixed in the freetype2-devel-2.11.0-1.2 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10770 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:10770 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2007-1351/ SUSE CVE CVE-2007-1351 page https://www.suse.com/security/cve/CVE-2017-8105/ SUSE CVE CVE-2017-8105 page https://www.suse.com/security/cve/CVE-2018-6942/ SUSE CVE CVE-2018-6942 page https://www.suse.com/security/cve/CVE-2020-15999/ SUSE CVE CVE-2020-15999 page openSUSE Tumbleweed freetype2-devel-2.11.0-1.2 freetype2-devel-32bit-2.11.0-1.2 freetype2-profile-tti35-2.11.0-1.2 libfreetype6-2.11.0-1.2 libfreetype6-32bit-2.11.0-1.2 freetype2-devel-2.11.0-1.2 as a component of openSUSE Tumbleweed freetype2-devel-32bit-2.11.0-1.2 as a component of openSUSE Tumbleweed freetype2-profile-tti35-2.11.0-1.2 as a component of openSUSE Tumbleweed libfreetype6-2.11.0-1.2 as a component of openSUSE Tumbleweed libfreetype6-32bit-2.11.0-1.2 as a component of openSUSE Tumbleweed Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow. CVE-2007-1351 openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2 openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2 openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2 openSUSE Tumbleweed:libfreetype6-2.11.0-1.2 openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2007-1351.html CVE-2007-1351 https://bugzilla.suse.com/247732 SUSE Bug 247732 https://bugzilla.suse.com/258335 SUSE Bug 258335 https://bugzilla.suse.com/261141 SUSE Bug 261141 FreeType 2 before 2017-03-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_decoder_parse_charstrings function in psaux/t1decode.c. CVE-2017-8105 openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2 openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2 openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2 openSUSE Tumbleweed:libfreetype6-2.11.0-1.2 openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2 moderate 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-8105.html CVE-2017-8105 https://bugzilla.suse.com/1034186 SUSE Bug 1034186 https://bugzilla.suse.com/1035807 SUSE Bug 1035807 https://bugzilla.suse.com/1036457 SUSE Bug 1036457 https://bugzilla.suse.com/1079459 SUSE Bug 1079459 An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file. CVE-2018-6942 openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2 openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2 openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2 openSUSE Tumbleweed:libfreetype6-2.11.0-1.2 openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6942.html CVE-2018-6942 Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-15999 openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2 openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2 openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2 openSUSE Tumbleweed:libfreetype6-2.11.0-1.2 openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-15999.html CVE-2020-15999 https://bugzilla.suse.com/1177914 SUSE Bug 1177914 https://bugzilla.suse.com/1177936 SUSE Bug 1177936 https://bugzilla.suse.com/1178824 SUSE Bug 1178824 https://bugzilla.suse.com/1178894 SUSE Bug 1178894