Issued:: 2025-03-31
Updated:: 2025-03-31

RHSA-2025:3393 - Security Advisory

Overview
Updated Packages

Synopsis

Important: freetype security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for freetype is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

FreeType is a free, high-quality, portable font engine that can open and manage font files. FreeType loads, hints, and renders individual glyphs efficiently.

Security Fix(es):

freetype: OOB write when attempting to parse font subglyph structures related to TrueType GX and variable font files (CVE-2025-27363)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server - AUS 8.2 x86_64

Fixes

BZ - 2351357 - CVE-2025-27363 freetype: OOB write when attempting to parse font subglyph structures related to TrueType GX and variable font files

CVEs

CVE-2025-27363

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server - AUS 8.2

SRPM
freetype-2.9.1-5.el8_2.1.src.rpm	SHA-256: 04d26b433bb9217752354a4a1bc0deec08ca4a2799e28ee4e2bbe8047e837322
x86_64
freetype-2.9.1-5.el8_2.1.i686.rpm	SHA-256: 77c9fcc81a73b4446fafd99ecac909e653e8f9936a6d6aa6956a1c9d24e7b1fe
freetype-2.9.1-5.el8_2.1.x86_64.rpm	SHA-256: dc90a86d203a88f41c632619b07140441cdb7959b4e83614c601ced8de668e1f
freetype-debuginfo-2.9.1-5.el8_2.1.i686.rpm	SHA-256: 5e12d1ea0e68fe6931f1e2efaad3b259ab8a30d6119736bc700ea20c561bdd02
freetype-debuginfo-2.9.1-5.el8_2.1.x86_64.rpm	SHA-256: c61bb730ac61cdd3c5f06d486ed0ef5c5b121372e1944854e62acf04bc3bf03b
freetype-debugsource-2.9.1-5.el8_2.1.i686.rpm	SHA-256: 21878003e1f6d961870dd85e494e4abaffe46c33afb9f40aa08f00459abf7b17
freetype-debugsource-2.9.1-5.el8_2.1.x86_64.rpm	SHA-256: 15a5c293d9b6ebd02c0cbca6f4dd17f7e4cb924e6a9cfe2251e479071f374c1c
freetype-demos-debuginfo-2.9.1-5.el8_2.1.i686.rpm	SHA-256: 6da51515420ceb41f6439d1ba1f96d4191525072481a2042b321ad99d71ecc65
freetype-demos-debuginfo-2.9.1-5.el8_2.1.x86_64.rpm	SHA-256: 88ec247a9790e920b377f25aa782db500558dd8fc2c62853d6f6a7ccca6bc2d2
freetype-devel-2.9.1-5.el8_2.1.i686.rpm	SHA-256: 1fccd8551d33f0ad4f0bc740524f1eda1466b94b1ac980c33a5c14fdbb3063c5
freetype-devel-2.9.1-5.el8_2.1.x86_64.rpm	SHA-256: 90172782411247e2ca0e49b24af1f34fe8339420d170ef909973d38f7e196e14

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation