Opened 4 years ago
Closed 4 years ago
#14153 closed enhancement (fixed)
freetype-2.10.4
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | high | Milestone: | 10.1 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description ¶
New release: per https://www.freetype.org/
FreeType 2.10.4
2020-10-20
This is an emergency release, fixing a severe vulnerability in embedded PNG bitmap handling (see here for more).
All users should update immediately.
According to phoronix this is for CVE-2020-15999 which is apparently a heap buffer overflow and has been present since freetype-2.6 (which was 5 years ago).
Change History (5)
comment:1 by , 4 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 4 years ago
comment:5 by , 4 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Note:
See TracTickets
for help on using tickets.
Before making this release, Werner said: > I've just fixed a heap buffer overflow that can happen for some > malformed `.ttf` files with PNG sbit glyphs. It seems that this > vulnerability gets already actively used in the wild, so I ask all > users to apply the corresponding commit as soon as possible. But distros should be warned that 2.10.3 and later may break the build of ghostscript, due to ghostscript's use of a withdrawn macro that wasn't intended for external usage: https://bugs.ghostscript.com/show_bug.cgi?id=702985 https://lists.nongnu.org/archive/html/freetype-devel/2020-10/msg00002.html Ghostscript's fix for that is at: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=41ef9a0bc36b -Alan Coopersmith- alan.coopersmith@oracle.com Oracle Solaris Engineering - https://blogs.oracle.com/alanc -------- Forwarded Message -------- Subject: [ft-announce] Announcing FreeType 2.10.4 Date: Tue, 20 Oct 2020 07:47:31 +0200 (CEST) From: Werner LEMBERG <wl@gnu.org> To: freetype-announce@nongnu.org, freetype-devel@nongnu.org, freetype@nongnu.org FreeType 2.10.4 has been released. It is available from http://savannah.nongnu.org/download/freetype/ or http://sourceforge.net/projects/freetype/files/ The latter site also holds older versions of the FreeType library. See below for the relevant snippet from the CHANGES file. Enjoy! Werner PS: Downloads from savannah.nongnu.org will redirect to your nearest mirror site. Files on mirrors may be subject to a replication delay of up to 24 hours. In case of problems use http://download-mirror.savannah.gnu.org/releases/ ---------------------------------------------------------------------- http://www.freetype.org FreeType 2 is a software font engine that is designed to be small, efficient, highly customizable, and portable while capable of producing high-quality output (glyph images) of most vector and bitmap font formats. Note that FreeType 2 is a font service and doesn't provide APIs to perform higher-level features, like text layout or graphics processing (e.g., colored text rendering, `hollowing', etc.). However, it greatly simplifies these tasks by providing a simple, easy to use, and uniform interface to access the content of font files. FreeType 2 is released under two open-source licenses: our own BSD-like FreeType License and the GPL. It can thus be used by any kind of projects, be they proprietary or not. ---------------------------------------------------------------------- CHANGES BETWEEN 2.10.3 and 2.10.4 I. IMPORTANT BUG FIXES - A heap buffer overflow has been found in the handling of embedded PNG bitmaps, introduced in FreeType version 2.6. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15999 If you use option FT_CONFIG_OPTION_USE_PNG you should upgrade immediately. _______________________________________________ Freetype-announce mailing list Freetype-announce@nongnu.org https://lists.nongnu.org/mailman/listinfo/freetype-announceWe're going to need a fix for Ghostscript too. Please put that in with this update.