Fedora Account System
Red Hat Associate
Red Hat Customer
The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font. Upstream issue: http://code.google.com/p/google-security-research/issues/detail?id=153 Upstream patches: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=240c94a185cd8dae7d03059abec8a5662c35ecd3 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=cd4a5a26e591d01494567df9dec7f72d59551f6e
Created freetype tracking bugs for this issue: Affects: fedora-all [bug 1191191]
freetype-2.5.3-15.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
freetype-2.5.0-9.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
(Private) upstream bug: https://savannah.nongnu.org/bugs/?43538 Issue was fixed upstream in 2.5.4. There are multiple integer overflow issues in the Mac_Read_POST_Resource() function. They can cause freetype to allocate buffer of insufficient size and later write data past its boundaries. This will lead to memory corruption that can cause crash and possibly code execution. These flaw make it possible to bypass boundary check added to address CVE-2010-2808 (see bug 621907). This is related to issue tracked via bug 1191096, and the following patches were applied to address problems reported via these two bugs: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=240c94a http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=35252ae http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=4533167 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=1720e81 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=cd4a5a2 Unified diff for all the above changes: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/diff/src/base/ftobjs.c?id2=5aff853&id=cd4a5a2
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Via RHSA-2015:0696 https://rhn.redhat.com/errata/RHSA-2015-0696.html
brothers when your browser cramps up trying to find the one holy grail dripping milf clip look no further than the hub i m trying to spell s e x x x x h u b dot com in any description, just type what feels right your auto will probably guess it lol. there they stacked enough full length movie scenes to circle the city three times, all HD streaming no popup wars. massive puss close ups make you count every fold, squirt battles shooting halfway across sofas. loads of backdoor banging with tiny teens shouting daddy damn, hairy fit moms get pounded sideways while squeezing tits together for a noisy pearl necklace. if defined foreskin cumshots are your fetish, get comfy cause theres separate channel for that with slowmotion replay on spray. navigation feels like youre steam-rolling rather than stumbling: https://xxxpub.org/video/pregnant-stepsister-loves-to-fuck-with-stepbrother-in-the-9th-month-of-pregnancy/ https://sexxxxhub.com/video/unexpected-encounters-a-father-s-day-twist-with-laney-grey/ https://4kpornsite.com/video/hairy-with-cum-compilation/ click to skip intro to instant anal spoon, tighten to slippery cowgirl piss drinking contest part 30. oh forgot, the amateurs section crushes it too because regular girl next door is hotter than half fake boob pros. recent spicy beach group sex vid with real aussie milfs full tan lined tits getting fucked by four surfers at sunset almost caused me to crack phone from spanking volume too high.