[gentoo-announce] [ GLSA 201503-05 ] FreeType: Multiple vulnerabilities - gentoo-announce

From:	Kristian Fiskerstrand <k_f@g.o>
To:	gentoo-announce@l.g.o
Subject:	[gentoo-announce] [ GLSA 201503-05 ] FreeType: Multiple vulnerabilities
Date:	Sun, 08 Mar 2015 15:08:53
Message-Id:	`54FC5FE4.8010203@gentoo.org`

1

-----BEGIN PGP SIGNED MESSAGE-----

2

Hash: SHA512

3

4

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

5

Gentoo Linux Security Advisory                           GLSA 201503-05

6

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

7

                                            http://security.gentoo.org/

8

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

9

10

 Severity: Normal

11

    Title: FreeType: Multiple vulnerabilities

12

     Date: March 08, 2015

13

     Bugs: #532152, #539796

14

       ID: 201503-05

15

16

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

17

18

Synopsis

19

========

20

21

Multiple vulnerabilities have been found in FreeType, possibly

22

resulting in Denial of Service.

23

24

Background

25

==========

26

27

FreeType is a high-quality and portable font engine.

28

29

Affected packages

30

=================

31

32

    -------------------------------------------------------------------

33

     Package              /     Vulnerable     /            Unaffected

34

    -------------------------------------------------------------------

35

  1  media-libs/freetype          < 2.5.5                    >= 2.5.5

36

37

Description

38

===========

39

40

Multiple vulnerabilities have been discovered in FreeType. Please

41

review the CVE identifiers referenced below for details.

42

43

Impact

44

======

45

46

A remote attacker can cause Denial of Service.

47

48

Workaround

49

==========

50

51

There is no known workaround at this time.

52

53

Resolution

54

==========

55

56

All FreeType users should upgrade to the latest version:

57

58

  # emerge --sync

59

  # emerge --ask --oneshot --verbose ">=media-libs/freetype-2.5.5"

60

61

References

62

==========

63

64

[  1 ] CVE-2014-9656

65

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9656

66

[  2 ] CVE-2014-9657

67

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9657

68

[  3 ] CVE-2014-9658

69

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9658

70

[  4 ] CVE-2014-9659

71

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9659

72

[  5 ] CVE-2014-9660

73

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9660

74

[  6 ] CVE-2014-9661

75

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9661

76

[  7 ] CVE-2014-9662

77

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9662

78

[  8 ] CVE-2014-9663

79

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9663

80

[  9 ] CVE-2014-9664

81

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9664

82

[ 10 ] CVE-2014-9665

83

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9665

84

[ 11 ] CVE-2014-9666

85

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9666

86

[ 12 ] CVE-2014-9667

87

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9667

88

[ 13 ] CVE-2014-9668

89

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9668

90

[ 14 ] CVE-2014-9669

91

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9669

92

[ 15 ] CVE-2014-9670

93

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9670

94

[ 16 ] CVE-2014-9671

95

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9671

96

[ 17 ] CVE-2014-9672

97

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9672

98

[ 18 ] CVE-2014-9673

99

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9673

100

[ 19 ] CVE-2014-9674

101

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9674

102

[ 20 ] CVE-2014-9675

103

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9675

104

105

Availability

106

============

107

108

This GLSA and any updates to it are available for viewing at

109

the Gentoo Security Website:

110

111

 http://security.gentoo.org/glsa/glsa-201503-05.xml

112

113

Concerns?

114

=========

115

116

Security is a primary focus of Gentoo Linux and ensuring the

117

confidentiality and security of our users' machines is of utmost

118

importance to us. Any security concerns should be addressed to

119

security@g.o or alternatively, you may file a bug at

120

https://bugs.gentoo.org.

121

122

License

123

=======

124

125

Copyright 2015 Gentoo Foundation, Inc; referenced text

126

belongs to its owner(s).

127

128

The contents of this document are licensed under the

129

Creative Commons - Attribution / Share Alike license.

130

131

http://creativecommons.org/licenses/by-sa/2.5

132

133

-----BEGIN PGP SIGNATURE-----

134

135

iQEcBAEBCgAGBQJU/F+KAAoJEP7VAChXwav60B0IAIZwYzpvyM9qoTqk7ZkLWUND

136

x+NENignTrLb7g6lUIX2LsP1kzXcRLHtB1Uv+X28JczsV/8BN2EdT2sDoCkMJ+zF

137

XHdZA/qRvTwAE2TlqwfOuaBCi+3yZXSAaWeE0DF2jPpNJCyIyniMh1QroUy2p4q1

138

njUzodzXg+TFGbfFpS6IWnpXl9u/RhXV5q5f/atL58S82lbpwARNw/UyK+/spMRk

139

a/6ql1suNsg+d4+g+nYJj2ZOJt3/V9yvA1BD6NBRmjflIG9nee4NIILDYhhV0VmW

140

0N//fu99bY/L8y7gwtJfZ4YBCWMxll4sJLSIpuKfeaV8g27WeRdyi2ikxaR17Ik=

141

=8kT/

142

-----END PGP SIGNATURE-----

1	-----BEGIN PGP SIGNED MESSAGE-----
2	Hash: SHA512
3
4	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
5	Gentoo Linux Security Advisory GLSA 201503-05
6	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
7	http://security.gentoo.org/
8	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
9
10	Severity: Normal
11	Title: FreeType: Multiple vulnerabilities
12	Date: March 08, 2015
13	Bugs: #532152, #539796
14	ID: 201503-05
15
16	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
17
18	Synopsis
19	========
20
21	Multiple vulnerabilities have been found in FreeType, possibly
22	resulting in Denial of Service.
23
24	Background
25	==========
26
27	FreeType is a high-quality and portable font engine.
28
29	Affected packages
30	=================
31
32	-------------------------------------------------------------------
33	Package / Vulnerable / Unaffected
34	-------------------------------------------------------------------
35	1 media-libs/freetype < 2.5.5 >= 2.5.5
36
37	Description
38	===========
39
40	Multiple vulnerabilities have been discovered in FreeType. Please
41	review the CVE identifiers referenced below for details.
42
43	Impact
44	======
45
46	A remote attacker can cause Denial of Service.
47
48	Workaround
49	==========
50
51	There is no known workaround at this time.
52
53	Resolution
54	==========
55
56	All FreeType users should upgrade to the latest version:
57
58	# emerge --sync
59	# emerge --ask --oneshot --verbose ">=media-libs/freetype-2.5.5"
60
61	References
62	==========
63
64	[ 1 ] CVE-2014-9656
65	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9656
66	[ 2 ] CVE-2014-9657
67	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9657
68	[ 3 ] CVE-2014-9658
69	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9658
70	[ 4 ] CVE-2014-9659
71	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9659
72	[ 5 ] CVE-2014-9660
73	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9660
74	[ 6 ] CVE-2014-9661
75	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9661
76	[ 7 ] CVE-2014-9662
77	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9662
78	[ 8 ] CVE-2014-9663
79	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9663
80	[ 9 ] CVE-2014-9664
81	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9664
82	[ 10 ] CVE-2014-9665
83	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9665
84	[ 11 ] CVE-2014-9666
85	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9666
86	[ 12 ] CVE-2014-9667
87	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9667
88	[ 13 ] CVE-2014-9668
89	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9668
90	[ 14 ] CVE-2014-9669
91	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9669
92	[ 15 ] CVE-2014-9670
93	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9670
94	[ 16 ] CVE-2014-9671
95	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9671
96	[ 17 ] CVE-2014-9672
97	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9672
98	[ 18 ] CVE-2014-9673
99	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9673
100	[ 19 ] CVE-2014-9674
101	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9674
102	[ 20 ] CVE-2014-9675
103	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9675
104
105	Availability
106	============
107
108	This GLSA and any updates to it are available for viewing at
109	the Gentoo Security Website:
110
111	http://security.gentoo.org/glsa/glsa-201503-05.xml
112
113	Concerns?
114	=========
115
116	Security is a primary focus of Gentoo Linux and ensuring the
117	confidentiality and security of our users' machines is of utmost
118	importance to us. Any security concerns should be addressed to
119	security@g.o or alternatively, you may file a bug at
120	https://bugs.gentoo.org.
121
122	License
123	=======
124
125	Copyright 2015 Gentoo Foundation, Inc; referenced text
126	belongs to its owner(s).
127
128	The contents of this document are licensed under the
129	Creative Commons - Attribution / Share Alike license.
130
131	http://creativecommons.org/licenses/by-sa/2.5
132
133	-----BEGIN PGP SIGNATURE-----
134
135	iQEcBAEBCgAGBQJU/F+KAAoJEP7VAChXwav60B0IAIZwYzpvyM9qoTqk7ZkLWUND
136	x+NENignTrLb7g6lUIX2LsP1kzXcRLHtB1Uv+X28JczsV/8BN2EdT2sDoCkMJ+zF
137	XHdZA/qRvTwAE2TlqwfOuaBCi+3yZXSAaWeE0DF2jPpNJCyIyniMh1QroUy2p4q1
138	njUzodzXg+TFGbfFpS6IWnpXl9u/RhXV5q5f/atL58S82lbpwARNw/UyK+/spMRk
139	a/6ql1suNsg+d4+g+nYJj2ZOJt3/V9yvA1BD6NBRmjflIG9nee4NIILDYhhV0VmW
140	0N//fu99bY/L8y7gwtJfZ4YBCWMxll4sJLSIpuKfeaV8g27WeRdyi2ikxaR17Ik=
141	=8kT/
142	-----END PGP SIGNATURE-----

Gentoo Archives: gentoo-announce