suse-su-2020:1353-1
Vulnerability from csaf_suse
Published
2020-05-20 11:02
Modified
2020-05-20 11:02
Summary
Security update for freetype2
Notes
Title of the patch
Security update for freetype2
Description of the patch
This update for freetype2 to version 2.10.1 fixes the following issues:
Security issue fixed:
- CVE-2018-6942: Fixed a NULL pointer dereference within ttinerp.c (bsc#1079603).
Non-security issues fixed:
- Update to version 2.10.1
* The bytecode hinting of OpenType variation fonts was flawed, since
the data in the `CVAR' table wasn't correctly applied.
* Auto-hinter support for Mongolian.
* The handling of the default character in PCF fonts as introduced
in version 2.10.0 was partially broken, causing premature abortion
of charmap iteration for many fonts.
* If `FT_Set_Named_Instance' was called with the same arguments
twice in a row, the function returned an incorrect error code the
second time.
* Direct rendering using FT_RASTER_FLAG_DIRECT crashed (bug
introduced in version 2.10.0).
* Increased precision while computing OpenType font variation
instances.
* The flattening algorithm of cubic Bezier curves was slightly
changed to make it faster. This can cause very subtle rendering
changes, which aren't noticeable by the eye, however.
* The auto-hinter now disables hinting if there are blue zones
defined for a `style' (i.e., a certain combination of a script and
its related typographic features) but the font doesn't contain any
characters needed to set up at least one blue zone.
- Add tarball signatures and freetype2.keyring
- Update to version 2.10.0
* A bunch of new functions has been added to access and process
COLR/CPAL data of OpenType fonts with color-layered glyphs.
* As a GSoC 2018 project, Nikhil Ramakrishnan completely
overhauled and modernized the API reference.
* The logic for computing the global ascender, descender, and
height of OpenType fonts has been slightly adjusted for
consistency.
* `TT_Set_MM_Blend' could fail if called repeatedly with the same
arguments.
* The precision of handling deltas in Variation Fonts has been
increased.The problem did only show up with multidimensional
designspaces.
* New function `FT_Library_SetLcdGeometry' to set up the geometry
of LCD subpixels.
* FreeType now uses the `defaultChar' property of PCF fonts to set
the glyph for the undefined character at glyph index 0 (as
FreeType already does for all other supported font formats). As
a consequence, the order of glyphs of a PCF font if accessed
with FreeType can be different now compared to previous
versions.
This change doesn't affect PCF font access with cmaps.
* `FT_Select_Charmap' has been changed to allow parameter value
`FT_ENCODING_NONE', which is valid for BDF, PCF, and Windows FNT
formats to access built-in cmaps that don't have a predefined
`FT_Encoding' value.
* A previously reserved field in the `FT_GlyphSlotRec' structure
now holds the glyph index.
* The usual round of fuzzer bug fixes to better reject malformed
fonts.
* `FT_Outline_New_Internal' and `FT_Outline_Done_Internal' have
been removed.These two functions were public by oversight only
and were never documented.
* A new function `FT_Error_String' returns descriptions of error
codes if configuration macro FT_CONFIG_OPTION_ERROR_STRINGS is
defined.
* `FT_Set_MM_WeightVector' and `FT_Get_MM_WeightVector' are new
functions limited to Adobe MultiMaster fonts to directly set and
get the weight vector.
- Enable subpixel rendering with infinality config:
- Re-enable freetype-config, there is just too many fallouts.
- Update to version 2.9.1
* Type 1 fonts containing flex features were not rendered
correctly (bug introduced in version 2.9).
* CVE-2018-6942: Older FreeType versions can crash with certain
malformed variation fonts.
* Bug fix: Multiple calls to `FT_Get_MM_Var' returned garbage.
* Emboldening of bitmaps didn't work correctly sometimes, showing
various artifacts (bug introduced in version 2.8.1).
* The auto-hinter script ranges have been updated for Unicode 11.
No support for new scripts have been added, however, with the
exception of Georgian Mtavruli.
- freetype-config is now deprecated by upstream and not enabled
by default.
- Update to version 2.10.1
* The `ftmulti' demo program now supports multiple hidden axes with
the same name tag.
* `ftview', `ftstring', and `ftgrid' got a `-k' command line option
to emulate a sequence of keystrokes at start-up.
* `ftview', `ftstring', and `ftgrid' now support screen dumping to a
PNG file.
* The bytecode debugger, `ttdebug', now supports variation TrueType
fonts; a variation font instance can be selected with the new `-d'
command line option.
- Add tarball signatures and freetype2.keyring
- Update to version 2.10.0
* The `ftdump' demo program has new options `-c' and `-C' to
display charmaps in compact and detailed format, respectively.
Option `-V' has been removed.
* The `ftview', `ftstring', and `ftgrid' demo programs use a new
command line option `-d' to specify the program window's width,
height, and color depth.
* The `ftview' demo program now displays red boxes for zero-width
glyphs.
* `ftglyph' has limited support to display fonts with
color-layered glyphs.This will be improved later on.
* `ftgrid' can now display bitmap fonts also.
* The `ttdebug' demo program has a new option `-f' to select a
member of a TrueType collection (TTC).
* Other various improvements to the demo programs.
- Remove 'Supplements: fonts-config' to avoid accidentally pulling
in Qt dependencies on some non-Qt based desktops.(bsc#1091109)
fonts-config is fundamental but ft2demos seldom installs by end users.
only fonts-config maintainers/debuggers may use ft2demos along to
debug some issues.
- Update to version 2.9.1
* No changelog upstream.
Patchnames
SUSE-2020-1353,SUSE-SLE-Module-Basesystem-15-SP1-2020-1353
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for freetype2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for freetype2 to version 2.10.1 fixes the following issues:\n\nSecurity issue fixed:\n\n- CVE-2018-6942: Fixed a NULL pointer dereference within ttinerp.c (bsc#1079603).\n\nNon-security issues fixed:\n\n- Update to version 2.10.1\n * The bytecode hinting of OpenType variation fonts was flawed, since\n the data in the `CVAR\u0027 table wasn\u0027t correctly applied.\n * Auto-hinter support for Mongolian.\n * The handling of the default character in PCF fonts as introduced\n in version 2.10.0 was partially broken, causing premature abortion\n of charmap iteration for many fonts.\n * If `FT_Set_Named_Instance\u0027 was called with the same arguments\n twice in a row, the function returned an incorrect error code the\n second time.\n * Direct rendering using FT_RASTER_FLAG_DIRECT crashed (bug\n introduced in version 2.10.0).\n * Increased precision while computing OpenType font variation\n instances.\n * The flattening algorithm of cubic Bezier curves was slightly\n changed to make it faster. This can cause very subtle rendering\n changes, which aren\u0027t noticeable by the eye, however.\n * The auto-hinter now disables hinting if there are blue zones\n defined for a `style\u0027 (i.e., a certain combination of a script and\n its related typographic features) but the font doesn\u0027t contain any\n characters needed to set up at least one blue zone.\n- Add tarball signatures and freetype2.keyring\n\n- Update to version 2.10.0\n * A bunch of new functions has been added to access and process\n COLR/CPAL data of OpenType fonts with color-layered glyphs.\n * As a GSoC 2018 project, Nikhil Ramakrishnan completely\n overhauled and modernized the API reference.\n * The logic for computing the global ascender, descender, and\n height of OpenType fonts has been slightly adjusted for\n consistency.\n * `TT_Set_MM_Blend\u0027 could fail if called repeatedly with the same\n arguments.\n * The precision of handling deltas in Variation Fonts has been\n increased.The problem did only show up with multidimensional\n designspaces.\n * New function `FT_Library_SetLcdGeometry\u0027 to set up the geometry\n of LCD subpixels.\n * FreeType now uses the `defaultChar\u0027 property of PCF fonts to set\n the glyph for the undefined character at glyph index 0 (as\n FreeType already does for all other supported font formats). As\n a consequence, the order of glyphs of a PCF font if accessed\n with FreeType can be different now compared to previous\n versions.\n This change doesn\u0027t affect PCF font access with cmaps.\n * `FT_Select_Charmap\u0027 has been changed to allow parameter value\n `FT_ENCODING_NONE\u0027, which is valid for BDF, PCF, and Windows FNT\n formats to access built-in cmaps that don\u0027t have a predefined\n `FT_Encoding\u0027 value.\n * A previously reserved field in the `FT_GlyphSlotRec\u0027 structure\n now holds the glyph index.\n * The usual round of fuzzer bug fixes to better reject malformed\n fonts.\n * `FT_Outline_New_Internal\u0027 and `FT_Outline_Done_Internal\u0027 have\n been removed.These two functions were public by oversight only\n and were never documented.\n * A new function `FT_Error_String\u0027 returns descriptions of error\n codes if configuration macro FT_CONFIG_OPTION_ERROR_STRINGS is\n defined.\n * `FT_Set_MM_WeightVector\u0027 and `FT_Get_MM_WeightVector\u0027 are new\n functions limited to Adobe MultiMaster fonts to directly set and\n get the weight vector.\n\n- Enable subpixel rendering with infinality config:\n\n- Re-enable freetype-config, there is just too many fallouts. \n\n- Update to version 2.9.1\n * Type 1 fonts containing flex features were not rendered\n correctly (bug introduced in version 2.9).\n * CVE-2018-6942: Older FreeType versions can crash with certain\n malformed variation fonts.\n * Bug fix: Multiple calls to `FT_Get_MM_Var\u0027 returned garbage.\n * Emboldening of bitmaps didn\u0027t work correctly sometimes, showing\n various artifacts (bug introduced in version 2.8.1).\n * The auto-hinter script ranges have been updated for Unicode 11.\n No support for new scripts have been added, however, with the\n exception of Georgian Mtavruli.\n- freetype-config is now deprecated by upstream and not enabled\n by default.\n\n- Update to version 2.10.1\n * The `ftmulti\u0027 demo program now supports multiple hidden axes with\n the same name tag.\n * `ftview\u0027, `ftstring\u0027, and `ftgrid\u0027 got a `-k\u0027 command line option\n to emulate a sequence of keystrokes at start-up.\n * `ftview\u0027, `ftstring\u0027, and `ftgrid\u0027 now support screen dumping to a\n PNG file.\n * The bytecode debugger, `ttdebug\u0027, now supports variation TrueType\n fonts; a variation font instance can be selected with the new `-d\u0027\n command line option.\n- Add tarball signatures and freetype2.keyring\n\n- Update to version 2.10.0\n * The `ftdump\u0027 demo program has new options `-c\u0027 and `-C\u0027 to\n display charmaps in compact and detailed format, respectively.\n Option `-V\u0027 has been removed.\n * The `ftview\u0027, `ftstring\u0027, and `ftgrid\u0027 demo programs use a new\n command line option `-d\u0027 to specify the program window\u0027s width,\n height, and color depth.\n * The `ftview\u0027 demo program now displays red boxes for zero-width\n glyphs.\n * `ftglyph\u0027 has limited support to display fonts with\n color-layered glyphs.This will be improved later on.\n * `ftgrid\u0027 can now display bitmap fonts also.\n * The `ttdebug\u0027 demo program has a new option `-f\u0027 to select a\n member of a TrueType collection (TTC).\n * Other various improvements to the demo programs.\n\n- Remove \u0027Supplements: fonts-config\u0027 to avoid accidentally pulling\n in Qt dependencies on some non-Qt based desktops.(bsc#1091109)\n fonts-config is fundamental but ft2demos seldom installs by end users.\n only fonts-config maintainers/debuggers may use ft2demos along to\n debug some issues. \n\n- Update to version 2.9.1\n * No changelog upstream.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2020-1353,SUSE-SLE-Module-Basesystem-15-SP1-2020-1353",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_1353-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2020:1353-1",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20201353-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2020:1353-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-May/006839.html"
},
{
"category": "self",
"summary": "SUSE Bug 1079603",
"url": "https://bugzilla.suse.com/1079603"
},
{
"category": "self",
"summary": "SUSE Bug 1091109",
"url": "https://bugzilla.suse.com/1091109"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6942 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6942/"
}
],
"title": "Security update for freetype2",
"tracking": {
"current_release_date": "2020-05-20T11:02:36Z",
"generator": {
"date": "2020-05-20T11:02:36Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2020:1353-1",
"initial_release_date": "2020-05-20T11:02:36Z",
"revision_history": [
{
"date": "2020-05-20T11:02:36Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "freetype2-devel-2.10.1-4.3.1.aarch64",
"product": {
"name": "freetype2-devel-2.10.1-4.3.1.aarch64",
"product_id": "freetype2-devel-2.10.1-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "ft2demos-2.10.1-4.3.1.aarch64",
"product": {
"name": "ft2demos-2.10.1-4.3.1.aarch64",
"product_id": "ft2demos-2.10.1-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "ftbench-2.10.1-4.3.1.aarch64",
"product": {
"name": "ftbench-2.10.1-4.3.1.aarch64",
"product_id": "ftbench-2.10.1-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "ftdiff-2.10.1-4.3.1.aarch64",
"product": {
"name": "ftdiff-2.10.1-4.3.1.aarch64",
"product_id": "ftdiff-2.10.1-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "ftdump-2.10.1-4.3.1.aarch64",
"product": {
"name": "ftdump-2.10.1-4.3.1.aarch64",
"product_id": "ftdump-2.10.1-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "ftgamma-2.10.1-4.3.1.aarch64",
"product": {
"name": "ftgamma-2.10.1-4.3.1.aarch64",
"product_id": "ftgamma-2.10.1-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "ftgrid-2.10.1-4.3.1.aarch64",
"product": {
"name": "ftgrid-2.10.1-4.3.1.aarch64",
"product_id": "ftgrid-2.10.1-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "ftinspect-2.10.1-4.3.1.aarch64",
"product": {
"name": "ftinspect-2.10.1-4.3.1.aarch64",
"product_id": "ftinspect-2.10.1-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "ftlint-2.10.1-4.3.1.aarch64",
"product": {
"name": "ftlint-2.10.1-4.3.1.aarch64",
"product_id": "ftlint-2.10.1-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "ftmulti-2.10.1-4.3.1.aarch64",
"product": {
"name": "ftmulti-2.10.1-4.3.1.aarch64",
"product_id": "ftmulti-2.10.1-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "ftstring-2.10.1-4.3.1.aarch64",
"product": {
"name": "ftstring-2.10.1-4.3.1.aarch64",
"product_id": "ftstring-2.10.1-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "ftvalid-2.10.1-4.3.1.aarch64",
"product": {
"name": "ftvalid-2.10.1-4.3.1.aarch64",
"product_id": "ftvalid-2.10.1-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "ftview-2.10.1-4.3.1.aarch64",
"product": {
"name": "ftview-2.10.1-4.3.1.aarch64",
"product_id": "ftview-2.10.1-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libfreetype6-2.10.1-4.3.1.aarch64",
"product": {
"name": "libfreetype6-2.10.1-4.3.1.aarch64",
"product_id": "libfreetype6-2.10.1-4.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "freetype2-devel-64bit-2.10.1-4.3.1.aarch64_ilp32",
"product": {
"name": "freetype2-devel-64bit-2.10.1-4.3.1.aarch64_ilp32",
"product_id": "freetype2-devel-64bit-2.10.1-4.3.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libfreetype6-64bit-2.10.1-4.3.1.aarch64_ilp32",
"product": {
"name": "libfreetype6-64bit-2.10.1-4.3.1.aarch64_ilp32",
"product_id": "libfreetype6-64bit-2.10.1-4.3.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "freetype2-devel-2.10.1-4.3.1.i586",
"product": {
"name": "freetype2-devel-2.10.1-4.3.1.i586",
"product_id": "freetype2-devel-2.10.1-4.3.1.i586"
}
},
{
"category": "product_version",
"name": "ft2demos-2.10.1-4.3.1.i586",
"product": {
"name": "ft2demos-2.10.1-4.3.1.i586",
"product_id": "ft2demos-2.10.1-4.3.1.i586"
}
},
{
"category": "product_version",
"name": "ftbench-2.10.1-4.3.1.i586",
"product": {
"name": "ftbench-2.10.1-4.3.1.i586",
"product_id": "ftbench-2.10.1-4.3.1.i586"
}
},
{
"category": "product_version",
"name": "ftdiff-2.10.1-4.3.1.i586",
"product": {
"name": "ftdiff-2.10.1-4.3.1.i586",
"product_id": "ftdiff-2.10.1-4.3.1.i586"
}
},
{
"category": "product_version",
"name": "ftdump-2.10.1-4.3.1.i586",
"product": {
"name": "ftdump-2.10.1-4.3.1.i586",
"product_id": "ftdump-2.10.1-4.3.1.i586"
}
},
{
"category": "product_version",
"name": "ftgamma-2.10.1-4.3.1.i586",
"product": {
"name": "ftgamma-2.10.1-4.3.1.i586",
"product_id": "ftgamma-2.10.1-4.3.1.i586"
}
},
{
"category": "product_version",
"name": "ftgrid-2.10.1-4.3.1.i586",
"product": {
"name": "ftgrid-2.10.1-4.3.1.i586",
"product_id": "ftgrid-2.10.1-4.3.1.i586"
}
},
{
"category": "product_version",
"name": "ftinspect-2.10.1-4.3.1.i586",
"product": {
"name": "ftinspect-2.10.1-4.3.1.i586",
"product_id": "ftinspect-2.10.1-4.3.1.i586"
}
},
{
"category": "product_version",
"name": "ftlint-2.10.1-4.3.1.i586",
"product": {
"name": "ftlint-2.10.1-4.3.1.i586",
"product_id": "ftlint-2.10.1-4.3.1.i586"
}
},
{
"category": "product_version",
"name": "ftmulti-2.10.1-4.3.1.i586",
"product": {
"name": "ftmulti-2.10.1-4.3.1.i586",
"product_id": "ftmulti-2.10.1-4.3.1.i586"
}
},
{
"category": "product_version",
"name": "ftstring-2.10.1-4.3.1.i586",
"product": {
"name": "ftstring-2.10.1-4.3.1.i586",
"product_id": "ftstring-2.10.1-4.3.1.i586"
}
},
{
"category": "product_version",
"name": "ftvalid-2.10.1-4.3.1.i586",
"product": {
"name": "ftvalid-2.10.1-4.3.1.i586",
"product_id": "ftvalid-2.10.1-4.3.1.i586"
}
},
{
"category": "product_version",
"name": "ftview-2.10.1-4.3.1.i586",
"product": {
"name": "ftview-2.10.1-4.3.1.i586",
"product_id": "ftview-2.10.1-4.3.1.i586"
}
},
{
"category": "product_version",
"name": "libfreetype6-2.10.1-4.3.1.i586",
"product": {
"name": "libfreetype6-2.10.1-4.3.1.i586",
"product_id": "libfreetype6-2.10.1-4.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "freetype2-profile-tti35-2.10.1-4.3.1.noarch",
"product": {
"name": "freetype2-profile-tti35-2.10.1-4.3.1.noarch",
"product_id": "freetype2-profile-tti35-2.10.1-4.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "freetype2-devel-2.10.1-4.3.1.ppc64le",
"product": {
"name": "freetype2-devel-2.10.1-4.3.1.ppc64le",
"product_id": "freetype2-devel-2.10.1-4.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ft2demos-2.10.1-4.3.1.ppc64le",
"product": {
"name": "ft2demos-2.10.1-4.3.1.ppc64le",
"product_id": "ft2demos-2.10.1-4.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ftbench-2.10.1-4.3.1.ppc64le",
"product": {
"name": "ftbench-2.10.1-4.3.1.ppc64le",
"product_id": "ftbench-2.10.1-4.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ftdiff-2.10.1-4.3.1.ppc64le",
"product": {
"name": "ftdiff-2.10.1-4.3.1.ppc64le",
"product_id": "ftdiff-2.10.1-4.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ftdump-2.10.1-4.3.1.ppc64le",
"product": {
"name": "ftdump-2.10.1-4.3.1.ppc64le",
"product_id": "ftdump-2.10.1-4.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ftgamma-2.10.1-4.3.1.ppc64le",
"product": {
"name": "ftgamma-2.10.1-4.3.1.ppc64le",
"product_id": "ftgamma-2.10.1-4.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ftgrid-2.10.1-4.3.1.ppc64le",
"product": {
"name": "ftgrid-2.10.1-4.3.1.ppc64le",
"product_id": "ftgrid-2.10.1-4.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ftinspect-2.10.1-4.3.1.ppc64le",
"product": {
"name": "ftinspect-2.10.1-4.3.1.ppc64le",
"product_id": "ftinspect-2.10.1-4.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ftlint-2.10.1-4.3.1.ppc64le",
"product": {
"name": "ftlint-2.10.1-4.3.1.ppc64le",
"product_id": "ftlint-2.10.1-4.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ftmulti-2.10.1-4.3.1.ppc64le",
"product": {
"name": "ftmulti-2.10.1-4.3.1.ppc64le",
"product_id": "ftmulti-2.10.1-4.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ftstring-2.10.1-4.3.1.ppc64le",
"product": {
"name": "ftstring-2.10.1-4.3.1.ppc64le",
"product_id": "ftstring-2.10.1-4.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ftvalid-2.10.1-4.3.1.ppc64le",
"product": {
"name": "ftvalid-2.10.1-4.3.1.ppc64le",
"product_id": "ftvalid-2.10.1-4.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ftview-2.10.1-4.3.1.ppc64le",
"product": {
"name": "ftview-2.10.1-4.3.1.ppc64le",
"product_id": "ftview-2.10.1-4.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libfreetype6-2.10.1-4.3.1.ppc64le",
"product": {
"name": "libfreetype6-2.10.1-4.3.1.ppc64le",
"product_id": "libfreetype6-2.10.1-4.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "freetype2-devel-2.10.1-4.3.1.s390x",
"product": {
"name": "freetype2-devel-2.10.1-4.3.1.s390x",
"product_id": "freetype2-devel-2.10.1-4.3.1.s390x"
}
},
{
"category": "product_version",
"name": "ft2demos-2.10.1-4.3.1.s390x",
"product": {
"name": "ft2demos-2.10.1-4.3.1.s390x",
"product_id": "ft2demos-2.10.1-4.3.1.s390x"
}
},
{
"category": "product_version",
"name": "ftbench-2.10.1-4.3.1.s390x",
"product": {
"name": "ftbench-2.10.1-4.3.1.s390x",
"product_id": "ftbench-2.10.1-4.3.1.s390x"
}
},
{
"category": "product_version",
"name": "ftdiff-2.10.1-4.3.1.s390x",
"product": {
"name": "ftdiff-2.10.1-4.3.1.s390x",
"product_id": "ftdiff-2.10.1-4.3.1.s390x"
}
},
{
"category": "product_version",
"name": "ftdump-2.10.1-4.3.1.s390x",
"product": {
"name": "ftdump-2.10.1-4.3.1.s390x",
"product_id": "ftdump-2.10.1-4.3.1.s390x"
}
},
{
"category": "product_version",
"name": "ftgamma-2.10.1-4.3.1.s390x",
"product": {
"name": "ftgamma-2.10.1-4.3.1.s390x",
"product_id": "ftgamma-2.10.1-4.3.1.s390x"
}
},
{
"category": "product_version",
"name": "ftgrid-2.10.1-4.3.1.s390x",
"product": {
"name": "ftgrid-2.10.1-4.3.1.s390x",
"product_id": "ftgrid-2.10.1-4.3.1.s390x"
}
},
{
"category": "product_version",
"name": "ftinspect-2.10.1-4.3.1.s390x",
"product": {
"name": "ftinspect-2.10.1-4.3.1.s390x",
"product_id": "ftinspect-2.10.1-4.3.1.s390x"
}
},
{
"category": "product_version",
"name": "ftlint-2.10.1-4.3.1.s390x",
"product": {
"name": "ftlint-2.10.1-4.3.1.s390x",
"product_id": "ftlint-2.10.1-4.3.1.s390x"
}
},
{
"category": "product_version",
"name": "ftmulti-2.10.1-4.3.1.s390x",
"product": {
"name": "ftmulti-2.10.1-4.3.1.s390x",
"product_id": "ftmulti-2.10.1-4.3.1.s390x"
}
},
{
"category": "product_version",
"name": "ftstring-2.10.1-4.3.1.s390x",
"product": {
"name": "ftstring-2.10.1-4.3.1.s390x",
"product_id": "ftstring-2.10.1-4.3.1.s390x"
}
},
{
"category": "product_version",
"name": "ftvalid-2.10.1-4.3.1.s390x",
"product": {
"name": "ftvalid-2.10.1-4.3.1.s390x",
"product_id": "ftvalid-2.10.1-4.3.1.s390x"
}
},
{
"category": "product_version",
"name": "ftview-2.10.1-4.3.1.s390x",
"product": {
"name": "ftview-2.10.1-4.3.1.s390x",
"product_id": "ftview-2.10.1-4.3.1.s390x"
}
},
{
"category": "product_version",
"name": "libfreetype6-2.10.1-4.3.1.s390x",
"product": {
"name": "libfreetype6-2.10.1-4.3.1.s390x",
"product_id": "libfreetype6-2.10.1-4.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "freetype2-devel-2.10.1-4.3.1.x86_64",
"product": {
"name": "freetype2-devel-2.10.1-4.3.1.x86_64",
"product_id": "freetype2-devel-2.10.1-4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "freetype2-devel-32bit-2.10.1-4.3.1.x86_64",
"product": {
"name": "freetype2-devel-32bit-2.10.1-4.3.1.x86_64",
"product_id": "freetype2-devel-32bit-2.10.1-4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ft2demos-2.10.1-4.3.1.x86_64",
"product": {
"name": "ft2demos-2.10.1-4.3.1.x86_64",
"product_id": "ft2demos-2.10.1-4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ftbench-2.10.1-4.3.1.x86_64",
"product": {
"name": "ftbench-2.10.1-4.3.1.x86_64",
"product_id": "ftbench-2.10.1-4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ftdiff-2.10.1-4.3.1.x86_64",
"product": {
"name": "ftdiff-2.10.1-4.3.1.x86_64",
"product_id": "ftdiff-2.10.1-4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ftdump-2.10.1-4.3.1.x86_64",
"product": {
"name": "ftdump-2.10.1-4.3.1.x86_64",
"product_id": "ftdump-2.10.1-4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ftgamma-2.10.1-4.3.1.x86_64",
"product": {
"name": "ftgamma-2.10.1-4.3.1.x86_64",
"product_id": "ftgamma-2.10.1-4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ftgrid-2.10.1-4.3.1.x86_64",
"product": {
"name": "ftgrid-2.10.1-4.3.1.x86_64",
"product_id": "ftgrid-2.10.1-4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ftinspect-2.10.1-4.3.1.x86_64",
"product": {
"name": "ftinspect-2.10.1-4.3.1.x86_64",
"product_id": "ftinspect-2.10.1-4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ftlint-2.10.1-4.3.1.x86_64",
"product": {
"name": "ftlint-2.10.1-4.3.1.x86_64",
"product_id": "ftlint-2.10.1-4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ftmulti-2.10.1-4.3.1.x86_64",
"product": {
"name": "ftmulti-2.10.1-4.3.1.x86_64",
"product_id": "ftmulti-2.10.1-4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ftstring-2.10.1-4.3.1.x86_64",
"product": {
"name": "ftstring-2.10.1-4.3.1.x86_64",
"product_id": "ftstring-2.10.1-4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ftvalid-2.10.1-4.3.1.x86_64",
"product": {
"name": "ftvalid-2.10.1-4.3.1.x86_64",
"product_id": "ftvalid-2.10.1-4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ftview-2.10.1-4.3.1.x86_64",
"product": {
"name": "ftview-2.10.1-4.3.1.x86_64",
"product_id": "ftview-2.10.1-4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libfreetype6-2.10.1-4.3.1.x86_64",
"product": {
"name": "libfreetype6-2.10.1-4.3.1.x86_64",
"product_id": "libfreetype6-2.10.1-4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libfreetype6-32bit-2.10.1-4.3.1.x86_64",
"product": {
"name": "libfreetype6-32bit-2.10.1-4.3.1.x86_64",
"product_id": "libfreetype6-32bit-2.10.1-4.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype2-devel-2.10.1-4.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:freetype2-devel-2.10.1-4.3.1.aarch64"
},
"product_reference": "freetype2-devel-2.10.1-4.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype2-devel-2.10.1-4.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:freetype2-devel-2.10.1-4.3.1.ppc64le"
},
"product_reference": "freetype2-devel-2.10.1-4.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype2-devel-2.10.1-4.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:freetype2-devel-2.10.1-4.3.1.s390x"
},
"product_reference": "freetype2-devel-2.10.1-4.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype2-devel-2.10.1-4.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:freetype2-devel-2.10.1-4.3.1.x86_64"
},
"product_reference": "freetype2-devel-2.10.1-4.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreetype6-2.10.1-4.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreetype6-2.10.1-4.3.1.aarch64"
},
"product_reference": "libfreetype6-2.10.1-4.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreetype6-2.10.1-4.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreetype6-2.10.1-4.3.1.ppc64le"
},
"product_reference": "libfreetype6-2.10.1-4.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreetype6-2.10.1-4.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreetype6-2.10.1-4.3.1.s390x"
},
"product_reference": "libfreetype6-2.10.1-4.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreetype6-2.10.1-4.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreetype6-2.10.1-4.3.1.x86_64"
},
"product_reference": "libfreetype6-2.10.1-4.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreetype6-32bit-2.10.1-4.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreetype6-32bit-2.10.1-4.3.1.x86_64"
},
"product_reference": "libfreetype6-32bit-2.10.1-4.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-6942",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6942"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:freetype2-devel-2.10.1-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:freetype2-devel-2.10.1-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:freetype2-devel-2.10.1-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:freetype2-devel-2.10.1-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreetype6-2.10.1-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreetype6-2.10.1-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreetype6-2.10.1-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreetype6-2.10.1-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreetype6-32bit-2.10.1-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6942",
"url": "https://www.suse.com/security/cve/CVE-2018-6942"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:freetype2-devel-2.10.1-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:freetype2-devel-2.10.1-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:freetype2-devel-2.10.1-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:freetype2-devel-2.10.1-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreetype6-2.10.1-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreetype6-2.10.1-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreetype6-2.10.1-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreetype6-2.10.1-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreetype6-32bit-2.10.1-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:freetype2-devel-2.10.1-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:freetype2-devel-2.10.1-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:freetype2-devel-2.10.1-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:freetype2-devel-2.10.1-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreetype6-2.10.1-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreetype6-2.10.1-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreetype6-2.10.1-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreetype6-2.10.1-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libfreetype6-32bit-2.10.1-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-05-20T11:02:36Z",
"details": "moderate"
}
],
"title": "CVE-2018-6942"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…