StarlingX

Debian: CVE-2022-27404: freetype: Some commits can cause heap buffer overflows

Bug #1986485 reported by Wentao Zhang on 2022-08-15

256

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	StarlingX	Fix Released	Medium	Wentao Zhang

Bug Description

Title
-----
CVE-2022-27404: Some commits can cause heap buffer overflows.

Brief Description
-----------------
FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face.

Red Hat's analysis is here: https://access.redhat.com/security/cve/CVE-2022-27404

NIST is here: https://nvd.nist.gov/vuln/detail/CVE-2022-27404

Severity
--------
<Minor: System/Feature is usable with minor issue>

Tags:

CVE References

Wentao Zhang (wzhang4) on 2022-08-15

information type:

Private Security → Public Security

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2022-08-15: Fix proposed to tools (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/starlingx/tools/+/853117

Changed in starlingx:
status:	New → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2022-09-07: Fix merged to tools (master)

Reviewed: https://review.opendev.org/c/starlingx/tools/+/853117
Committed: https://opendev.org/starlingx/tools/commit/c14bc3db59370ed138be94209584bd2dedf6f932
Submitter: "Zuul (22348)"
Branch: master

commit c14bc3db59370ed138be94209584bd2dedf6f932
Author: Wentao Zhang <email address hidden>
Date: Mon Aug 15 11:25:51 2022 +0800

Debian: libfreetype6:fix CVE-2022-27404

Upgrade libfreetype6 to the version that CVE-2022-1664 have been fixed:

libfreetype6_2.10.4+dfsg-1_amd64.deb to
libfreetype6_2.10.4+dfsg-1+deb11u1_amd64.deb

(Refer to https://security-tracker.debian.org/tracker/CVE-2022-27404)

    This fix provides the URL of the package in base-bullseye.lst to
    make sure that the binary package can be downloaded no matter how
    the upstream changes.

    Closes-bug: 1986485
    Signed-off-by: Wentao Zhang<email address hidden>
    Change-Id: I4fc5fa0e71f5f8708ec157fc57c45585bc55e373

Changed in starlingx:
status:	In Progress → Fix Released

Wentao Zhang (wzhang4) on 2022-09-07

Changed in starlingx:
assignee:	nobody → Wentao Zhang (wzhang4)

Ghada Khalil (gkhalil) on 2022-09-10

tags:	added: stx.8.0 stx.security
summary:	- CVE-2022-27404:Some commits can cause heap buffer overflows. + Debian: CVE-2022-27404: Some commits can cause heap buffer overflows
tags:	added: stx.debian

Ghada Khalil (gkhalil) on 2022-09-19

Changed in starlingx:
importance:	Undecided → Medium

Revision history for this message

Ghada Khalil (gkhalil) wrote on 2022-09-19: Re: Debian: CVE-2022-27404: Some commits can cause heap buffer overflows

Re-opening this LP as it appears the above commit was reverted: https://review.opendev.org/c/starlingx/tools/+/856390

Changed in starlingx:
status:	Fix Released → Triaged
summary:	- Debian: CVE-2022-27404: Some commits can cause heap buffer overflows + Debian: CVE-2022-27404: freetype: Some commits can cause heap buffer + overflows

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2022-10-25: Fix proposed to tools (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/starlingx/tools/+/862549

Changed in starlingx:
status:	Triaged → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2022-10-26: Fix merged to tools (master)

Reviewed: https://review.opendev.org/c/starlingx/tools/+/862549
Committed: https://opendev.org/starlingx/tools/commit/ec489a9c712b79126e0badca7d066bcf3ed2d099
Submitter: "Zuul (22348)"
Branch: master

commit ec489a9c712b79126e0badca7d066bcf3ed2d099
Author: Yue Tao <email address hidden>
Date: Tue Oct 25 10:56:15 2022 +0800

Debian: freetype: fix CVE-2022-27404/CVE-2022-27405/CVE-2022-27406

Upgrade libfreetype6 to:

libfreetype6_2.10.4+dfsg-1+deb11u1_amd64.deb

    Refer to:
    https://security-tracker.debian.org/tracker/CVE-2022-27404
    https://security-tracker.debian.org/tracker/CVE-2022-27405
    https://security-tracker.debian.org/tracker/CVE-2022-27406

Also align the version of libfreetype6-dev and libfreetype-dev with
libfreetype6, because they are the build dependencies of grub2.

Test Plan:

Pass: build all
Pass: boot

Closes-bug: 1986485

Signed-off-by: Yue Tao <email address hidden>
Change-Id: Ib2ceeeeed585b93940403f4f6e2f454ac06a5d10

Changed in starlingx:
status:	In Progress → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.