The Slackware Linux Project: Slackware Security Advisories

Slackware Security Advisories

News

Security Advisories

FAQ
Book
General Info
Get Slack
Install Help
Configuration
Packages
ChangeLogs
Propaganda
Ports
Other Sites
Support
Contact
Mailing Lists

About

From: Slackware Security Team <security@slackware.com>
To: slackware-security@slackware.com
Subject: [slackware-security] freetype (SSA:2025-074-01)
Date: Sat, 15 Mar 2025 12:53:26 -0700 (PDT)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  freetype (SSA:2025-074-01)

New freetype packages are available for Slackware 15.0 to fix a security issue.


Here are the details from the Slackware 15.0 ChangeLog:
patches/packages/freetype-2.13.3-i586-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and a security issue:
  An out of bounds write exists in FreeType versions 2.13.0 and below (newer
  versions of FreeType are not vulnerable) when attempting to parse font
  subglyph structures related to TrueType GX and variable font files. The
  vulnerable code assigns a signed short value to an unsigned long and then
  adds a static value causing it to wrap around and allocate too small of a
  heap buffer. The code then writes up to 6 signed long integers out of bounds
  relative to this buffer. This may result in arbitrary code execution.
  This vulnerability may have been exploited in the wild.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27363
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/freetype-2.13.3-i586-1_slack15.0.txz

Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/freetype-2.13.3-x86_64-1_slack15.0.txz


MD5 signatures:
+-------------+

Slackware 15.0 package:
e5e69552b4e2cf8b8f84e2592596adb7  freetype-2.13.3-i586-1_slack15.0.txz

Slackware x86_64 15.0 package:
ce1672fa23e14303ba3840946410febf  freetype-2.13.3-x86_64-1_slack15.0.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg freetype-2.13.3-i586-1_slack15.0.txz


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+------------------------------------------------------------------------+
| To leave the slackware-security mailing list:                          |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message:                                                     |
|                                                                        |
|   unsubscribe slackware-security                                       |
|                                                                        |
| You will get a confirmation message back containing instructions to    |
| complete the process.  Please do not reply to this email address.      |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----

iF0EARECAB0WIQTsVknaQB4iq/pnNu9qRGPAQBAiMwUCZ9XZ2gAKCRBqRGPAQBAi
MzA/AJ9BSz5LWs4QYGNUfHGLFxuB8z2lHQCdHvqbTuFgLL0WqPrzUvg8X5emYYY=
=C2UG
-----END PGP SIGNATURE-----

Slackware™ is a trademark of Patrick Volkerding.