Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2020.1353.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2020:1353-1)
Summary:The remote host is missing an update for the 'freetype2' package(s) announced via the SUSE-SU-2020:1353-1 advisory.
Description:Summary:
The remote host is missing an update for the 'freetype2' package(s) announced via the SUSE-SU-2020:1353-1 advisory.

Vulnerability Insight:
This update for freetype2 to version 2.10.1 fixes the following issues:

Security issue fixed:

CVE-2018-6942: Fixed a NULL pointer dereference within ttinerp.c
(bsc#1079603).

Non-security issues fixed:

Update to version 2.10.1
* The bytecode hinting of OpenType variation fonts was flawed, since the
data in the `CVAR' table wasn't correctly applied.
* Auto-hinter support for Mongolian.
* The handling of the default character in PCF fonts as introduced in
version 2.10.0 was partially broken, causing premature abortion
of charmap iteration for many fonts.
* If `FT_Set_Named_Instance' was called with the same arguments
twice in a row, the function returned an incorrect error code the
second time.
* Direct rendering using FT_RASTER_FLAG_DIRECT crashed (bug
introduced in version 2.10.0).
* Increased precision while computing OpenType font variation
instances.
* The flattening algorithm of cubic Bezier curves was slightly
changed to make it faster. This can cause very subtle rendering
changes, which aren't noticeable by the eye, however.
* The auto-hinter now disables hinting if there are blue zones
defined for a `style' (i.e., a certain combination of a script and its
related typographic features) but the font doesn't contain any
characters needed to set up at least one blue zone.

Add tarball signatures and freetype2.keyring

Update to version 2.10.0
* A bunch of new functions has been added to access and process
COLR/CPAL data of OpenType fonts with color-layered glyphs.
* As a GSoC 2018 project, Nikhil Ramakrishnan completely
overhauled and modernized the API reference.
* The logic for computing the global ascender, descender, and height of
OpenType fonts has been slightly adjusted for consistency.
* `TT_Set_MM_Blend' could fail if called repeatedly with the same
arguments.
* The precision of handling deltas in Variation Fonts has been
increased.The problem did only show up with multidimensional
designspaces.
* New function `FT_Library_SetLcdGeometry' to set up the geometry
of LCD subpixels.
* FreeType now uses the `defaultChar' property of PCF fonts to set the
glyph for the undefined character at glyph index 0 (as FreeType
already does for all other supported font formats). As a consequence,
the order of glyphs of a PCF font if accessed with FreeType can be
different now compared to previous versions. This change doesn't
affect PCF font access with cmaps.
* `FT_Select_Charmap' has been changed to allow parameter value
`FT_ENCODING_NONE', which is valid for BDF, PCF, and Windows FNT
formats to access built-in cmaps that don't have a predefined
`FT_Encoding' value.
* A previously reserved field in the `FT_GlyphSlotRec' structure now
holds the glyph index.
* The usual round of fuzzer bug fixes to better reject malformed fonts.
* `FT_Outline_New_Internal' and `FT_Outline_Done_Internal' have been
removed.These two functions were... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'freetype2' package(s) on SUSE Linux Enterprise Module for Basesystem 15-SP1

Solution:
Please install the updated package(s).

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2018-6942
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5736
https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=29c759284e305ec428703c9a5831d0b1fc3497ef
https://www.oracle.com/security-alerts/cpuapr2020.html
SuSE Security Announcement: openSUSE-SU-2020:0704 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00054.html
https://usn.ubuntu.com/3572-1/
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.