[Bug 1191192] New: CVE-2014-9675 freetype: bypass the ASLR protection mechanism via a crafted BDF font

List overview All Threads
Download

newer

older

[Bug 1191190] New: CVE-2014-9674...

[Bug 1191094] New: CVE-2014-9671...

Red Hat Bugzilla

10 Feb 2015 10 Feb '15

8:21 a.m.

https://bugzilla.redhat.com/show_bug.cgi?id=1191192

Bug ID: 1191192 Summary: CVE-2014-9675 freetype: bypass the ASLR protection mechanism via a crafted BDF font Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team@redhat.com Reporter: mprpic@redhat.com CC: behdad@fedoraproject.org, fonts-bugs@lists.fedoraproject.org, kevin@tigcc.ticalc.org, mkasik@redhat.com

bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font.

Upstream issue:

http://code.google.com/p/google-security-research/issues/detail?id=151

Upstream patch:

http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=2c4832d30...

-- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=FHyVs5R36A&a=cc_unsubscribe

Show replies by date

Red Hat Bugzilla

10 Feb 10 Feb

8:22 a.m.

New subject: [Bug 1191192] CVE-2014-9675 freetype: bypass the ASLR protection mechanism via a crafted BDF font

https://bugzilla.redhat.com/show_bug.cgi?id=1191192

Martin Prpic mprpic@redhat.com changed:

What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1191102

-- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=o6R4QZeGpZ&a=cc_unsubscribe

Red Hat Bugzilla

8:22 a.m.

New subject: [Bug 1191192] CVE-2014-9675 freetype: bypass the ASLR protection mechanism via a crafted BDF font

https://bugzilla.redhat.com/show_bug.cgi?id=1191192

Martin Prpic mprpic@redhat.com changed:

What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1191193

--- Comment #1 from Martin Prpic mprpic@redhat.com ---

Created freetype tracking bugs for this issue:

Affects: fedora-all [bug 1191193]

Referenced Bugs:

https://bugzilla.redhat.com/show_bug.cgi?id=1191193 [Bug 1191193] CVE-2014-9675 freetype: bypass the ASLR protection mechanism via a crafted BDF font [fedora-all]

-- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=qIQVztKWqB&a=cc_unsubscribe

Red Hat Bugzilla

19 Feb 19 Feb

10 a.m.

New subject: [Bug 1191192] CVE-2014-9675 freetype: bypass the ASLR protection mechanism via a crafted BDF font

https://bugzilla.redhat.com/show_bug.cgi?id=1191192 Bug 1191192 depends on bug 1191193, which changed state.

Bug 1191193 Summary: CVE-2014-9675 freetype: bypass the ASLR protection mechanism via a crafted BDF font [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1191193

-- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=NoFpzFWVcg&a=cc_unsubscribe

Red Hat Bugzilla

10:01 a.m.

New subject: [Bug 1191192] CVE-2014-9675 freetype: bypass the ASLR protection mechanism via a crafted BDF font

https://bugzilla.redhat.com/show_bug.cgi?id=1191192

--- Comment #2 from Fedora Update System updates@fedoraproject.org --- freetype-2.5.3-15.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.

-- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=ix8BLcjlZT&a=cc_unsubscribe

Red Hat Bugzilla

20 Feb 20 Feb

12:30 a.m.

New subject: [Bug 1191192] CVE-2014-9675 freetype: bypass the ASLR protection mechanism via a crafted BDF font

https://bugzilla.redhat.com/show_bug.cgi?id=1191192

--- Comment #3 from Fedora Update System updates@fedoraproject.org --- freetype-2.5.0-9.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.

-- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=NBvIl6ACPZ&a=cc_unsubscribe

Red Hat Bugzilla

24 Feb 24 Feb

5:25 a.m.

New subject: [Bug 1191192] CVE-2014-9675 freetype: information leak in _bdf_add_property()

https://bugzilla.redhat.com/show_bug.cgi?id=1191192

Tomas Hoger thoger@redhat.com changed:

--- Comment #4 from Tomas Hoger thoger@redhat.com --- Upstream bug is: https://savannah.nongnu.org/bugs/?43535

Issue was fixed upstream in 2.5.4.

This issue possibly leads to disclosure of portion of process memory. Leaked information is heap pointer, so it may provide information to bypass address space layout randomization (ASLR) and hence make it easier to exploit other flaws in the application.

-- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=LRG6RRrTEu&a=cc_unsubscribe

Red Hat Bugzilla

2 Mar 2 Mar

6:10 a.m.

New subject: [Bug 1191192] CVE-2014-9675 freetype: information leak in _bdf_add_property()

https://bugzilla.redhat.com/show_bug.cgi?id=1191192

Martin Prpic mprpic@redhat.com changed:

What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1197737

-- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=hs6qSQ8POz&a=cc_unsubscribe

Red Hat Bugzilla

6:11 a.m.

New subject: [Bug 1191192] CVE-2014-9675 freetype: information leak in _bdf_add_property()

https://bugzilla.redhat.com/show_bug.cgi?id=1191192

Martin Prpic mprpic@redhat.com changed:

What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1197738

-- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=O3wIK5QWPG&a=cc_unsubscribe

Red Hat Bugzilla

6:11 a.m.

New subject: [Bug 1191192] CVE-2014-9675 freetype: information leak in _bdf_add_property()

https://bugzilla.redhat.com/show_bug.cgi?id=1191192

Martin Prpic mprpic@redhat.com changed:

What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1197739

-- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=4ZoWh1Ebpt&a=cc_unsubscribe

Red Hat Bugzilla

6:11 a.m.

New subject: [Bug 1191192] CVE-2014-9675 freetype: information leak in _bdf_add_property()

https://bugzilla.redhat.com/show_bug.cgi?id=1191192

Martin Prpic mprpic@redhat.com changed:

What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1197740

-- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=Xd3MFdWCFH&a=cc_unsubscribe

Red Hat Bugzilla

17 Mar 17 Mar

10:59 a.m.

New subject: [Bug 1191192] CVE-2014-9675 freetype: information leak in _bdf_add_property()

https://bugzilla.redhat.com/show_bug.cgi?id=1191192

--- Comment #7 from errata-xmlrpc errata-xmlrpc@redhat.com --- This issue has been addressed in the following products:

Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7

Via RHSA-2015:0696 https://rhn.redhat.com/errata/RHSA-2015-0696.html

-- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=WvmaaG5epO&a=cc_unsubscribe

Red Hat Bugzilla

18 Mar 18 Mar

12:40 a.m.

New subject: [Bug 1191192] CVE-2014-9675 freetype: information leak in _bdf_add_property()

https://bugzilla.redhat.com/show_bug.cgi?id=1191192

Tomas Hoger thoger@redhat.com changed:

-- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=AfcwnycSzS&a=cc_unsubscribe

Red Hat Bugzilla

19 Mar 19 Mar

1:50 a.m.

New subject: [Bug 1191192] CVE-2014-9675 freetype: information leak in _bdf_add_property()

https://bugzilla.redhat.com/show_bug.cgi?id=1191192

Ján Rusnačko jrusnack@redhat.com changed:

-- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=WBzCCH212r&a=cc_unsubscribe

Red Hat Bugzilla

15 Oct 15 Oct

2:50 p.m.

New subject: [Bug 1191192] CVE-2014-9675 freetype: information leak in _bdf_add_property()

https://bugzilla.redhat.com/show_bug.cgi?id=1191192

Vincent Danen vdanen@redhat.com changed:

-- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=3keZgMdrtp&a=cc_unsubscribe

Red Hat Bugzilla

25 Nov 25 Nov

2:29 a.m.

New subject: [Bug 1191192] CVE-2014-9675 freetype: information leak in _bdf_add_property()

https://bugzilla.redhat.com/show_bug.cgi?id=1191192

Ján Rusnačko jrusnack@redhat.com changed:

-- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=p0QjuSZmIK&a=cc_unsubscribe

3138

Age (days ago)

3426

Last active (days ago)

fonts-bugs@lists.fedoraproject.org

15 comments

1 participants

tags (0)

participants (1)

Red Hat Bugzilla