Can we remove the `freetype` package from RHEL?
Environment
- Red Hat Enterprise Linux 7
- Red Hat Enterprise Linux 8
- freetype
Issue
- Can we remove the package
freetype
to avoid the vulnerability mentioned inCVE-2020-15999
forRHEL7
andRHEL8
?
Resolution
freetype
package has a dependency on thegrub2
package. So, update the package to a fixed version i.e.freetype-2.8-14.el7_9.1
or a later version instead of removing it.
Root Cause
- The package older than version
freetype-2.8-14.el7_9.1
is affected by the vulnerabilityCVE-2020-15999
inRHEL7
andRHEL8
. - The
freetype
engine is a free and portable font rendering engine, developed to provide advanced font support for a variety of platforms and environments. freetype
can open and manages font files as well as efficiently load, hint, and render individual glyphs.
Diagnostic Steps
Dependencies Resolved
===============================================================================================
Package Arch Version Repository Size
===============================================================================================
Removing:
freetype x86_64 2.4.11-11.el7 @anaconda/7.2 878 k
Removing for dependencies:
grub2 x86_64 1:2.02-0.29.el7 @anaconda/7.2 7.1 M
grub2-tools x86_64 1:2.02-0.29.el7 @anaconda/7.2 20 M
Transaction Summary
===============================================================================================
Remove 1 Package (+2 Dependent packages)
Installed size: 28 M
Is this ok [y/N]:
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments