Red Hat Product Errata RHSA-2020:4949 - Security Advisory
Issued:
2020-11-05
Updated:
2020-11-05

RHSA-2020:4949 - Security Advisory

Synopsis

Important: freetype security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for freetype is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

FreeType is a free, high-quality, portable font engine that can open and manage font files. FreeType loads, hints, and renders individual glyphs efficiently.

Security Fix(es):

  • freetype: Heap-based buffer overflow due to integer truncation in Load_SBit_Png (CVE-2020-15999)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The X server must be restarted (log out, then log back in) for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.0 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.0 x86_64

Fixes

  • BZ - 1890210 - CVE-2020-15999 freetype: Heap-based buffer overflow due to integer truncation in Load_SBit_Png

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.0

SRPM
freetype-2.9.1-4.el8_0.1.src.rpm SHA-256: 6346d01ca91f98da2857dbd6c2c4a2465a75e0eca9b2766d2bbd5a83f1c1339d
ppc64le
freetype-2.9.1-4.el8_0.1.ppc64le.rpm SHA-256: b930819bce0d860f24c3e980cad2ff2c3ecf23f9a5fa3e53efa579cb25e0ad01
freetype-debuginfo-2.9.1-4.el8_0.1.ppc64le.rpm SHA-256: 00462501a83da495523793309174341823c04046825ed6c3acf2bdf0aebac930
freetype-debugsource-2.9.1-4.el8_0.1.ppc64le.rpm SHA-256: 427dcb40e2a8eec35dcc1ef6184a6a51e22eb85718c2e2392a9c8cb2d2d549e5
freetype-demos-debuginfo-2.9.1-4.el8_0.1.ppc64le.rpm SHA-256: 6aef0b2c3ed51728c57bb44bfd63ae30fe860563a1e7bb4808de2d79339c70f6
freetype-devel-2.9.1-4.el8_0.1.ppc64le.rpm SHA-256: bc0f7cfc46681b39d86997fc6c50f08d9a26b1e7202bc07673b8d6eb037b551b

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.0

SRPM
freetype-2.9.1-4.el8_0.1.src.rpm SHA-256: 6346d01ca91f98da2857dbd6c2c4a2465a75e0eca9b2766d2bbd5a83f1c1339d
x86_64
freetype-2.9.1-4.el8_0.1.i686.rpm SHA-256: e7e9941aa7c07c1e0e9c1c6fc1dfe2284916f67238d2a697ddf8bee90a24de66
freetype-2.9.1-4.el8_0.1.x86_64.rpm SHA-256: d969c0a11140d09a77ca276a1afd0f49e9279a84d6e79f62e1a770eda3380303
freetype-debuginfo-2.9.1-4.el8_0.1.i686.rpm SHA-256: 06a0e9214a0eadc7cffd842924d071e153af625f8768e9f6259baefd71f03500
freetype-debuginfo-2.9.1-4.el8_0.1.x86_64.rpm SHA-256: 0a4ffc7b3821dbc270ee4c37452ee812c3bebfff0a77edb80ae31645c20657ad
freetype-debugsource-2.9.1-4.el8_0.1.i686.rpm SHA-256: 4b60bdebc110380e749c1dac6e06041b9c9e31cc7080dc8c61805214c991394e
freetype-debugsource-2.9.1-4.el8_0.1.x86_64.rpm SHA-256: 5ade9f0d1641900717b3a93f5c7cc3e57ac55e943cbc990fba092d6a4298f6f1
freetype-demos-debuginfo-2.9.1-4.el8_0.1.i686.rpm SHA-256: 62354bd24eafe38267b6ad69792a5da895a3b294125071906f66bfa1b1f9b549
freetype-demos-debuginfo-2.9.1-4.el8_0.1.x86_64.rpm SHA-256: ac5a491dff920fd2de764c73453abe0c1a76faf264aeef4dc7ad7ac07304edb1
freetype-devel-2.9.1-4.el8_0.1.i686.rpm SHA-256: 7d4d5db7333d6bbc4ca35fde4a3acfbfd4eee9815bd3831ebb272fae944e019f
freetype-devel-2.9.1-4.el8_0.1.x86_64.rpm SHA-256: d1d01bdafcfa2a587ea027fa91c69c4dce75550b579443308cdf93c2f8d15bc2

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.