Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[ MDVSA-2010:201 ] freetype2
From: security () mandriva com
Date: Wed, 13 Oct 2010 20:13:01 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:201
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : freetype2
 Date    : October 13, 2010
 Affected: 2009.0, 2009.1, 2010.0, 2010.1, Corporate 4.0,
           Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability was discovered and corrected in freetype2:
 
 Marc Schoenefeld found an input stream position error in the way
 FreeType font rendering engine processed input file streams. If
 a user loaded a specially-crafted font file with an application
 linked against FreeType and relevant font glyphs were subsequently
 rendered with the X FreeType library (libXft), it could cause the
 application to crash or, possibly execute arbitrary code (integer
 overflow leading to heap-based buffer overflow in the libXft library)
 with the privileges of the user running the application. Different
 vulnerability than CVE-2010-1797 (CVE-2010-3311).
 
 Packages for 2009.0 are provided as of the Extended Maintenance
 Program. Please visit this link to learn more:
 http://store.mandriva.com/product_info.php?cPath=149&products_id=490
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3311
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.0:
 248523a7d7a2c3d6a85cb88513f3a830  2009.0/i586/libfreetype6-2.3.7-1.5mdv2009.0.i586.rpm
 d732b628d679e6c1f1825fc8651dbba4  2009.0/i586/libfreetype6-devel-2.3.7-1.5mdv2009.0.i586.rpm
 eba4f60c32555f0cccee21bd1604ecdd  2009.0/i586/libfreetype6-static-devel-2.3.7-1.5mdv2009.0.i586.rpm 
 9a95af00a0336bbd89965d410ecf7dbf  2009.0/SRPMS/freetype2-2.3.7-1.5mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 30127aa3b8f70207269911dc74d5d1f6  2009.0/x86_64/lib64freetype6-2.3.7-1.5mdv2009.0.x86_64.rpm
 3b6020558fbaf3651ff7c3ca13f1b7dc  2009.0/x86_64/lib64freetype6-devel-2.3.7-1.5mdv2009.0.x86_64.rpm
 0f572c7db1071b843ef103226f058bf8  2009.0/x86_64/lib64freetype6-static-devel-2.3.7-1.5mdv2009.0.x86_64.rpm 
 9a95af00a0336bbd89965d410ecf7dbf  2009.0/SRPMS/freetype2-2.3.7-1.5mdv2009.0.src.rpm

 Mandriva Linux 2009.1:
 06b12f4db64361f3d7b749ea97b23573  2009.1/i586/libfreetype6-2.3.9-1.6mdv2009.1.i586.rpm
 bfe315852b8d3e9595796f9c9933694f  2009.1/i586/libfreetype6-devel-2.3.9-1.6mdv2009.1.i586.rpm
 2b493d1661300189e5551acf31822088  2009.1/i586/libfreetype6-static-devel-2.3.9-1.6mdv2009.1.i586.rpm 
 2a72ac2132ed6513dd1b2f93e06364fe  2009.1/SRPMS/freetype2-2.3.9-1.6mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 9b0158596861029412f697767cfce475  2009.1/x86_64/lib64freetype6-2.3.9-1.6mdv2009.1.x86_64.rpm
 9389f0616c2633adec3ee5dc0788d0d3  2009.1/x86_64/lib64freetype6-devel-2.3.9-1.6mdv2009.1.x86_64.rpm
 da638cb0fc6f198e195fefc94ae4d052  2009.1/x86_64/lib64freetype6-static-devel-2.3.9-1.6mdv2009.1.x86_64.rpm 
 2a72ac2132ed6513dd1b2f93e06364fe  2009.1/SRPMS/freetype2-2.3.9-1.6mdv2009.1.src.rpm

 Mandriva Linux 2010.0:
 81e94386ee8cd6641a46dce9df0efcae  2010.0/i586/libfreetype6-2.3.11-1.4mdv2010.0.i586.rpm
 e585d63da11b17c74f456ea97368ae97  2010.0/i586/libfreetype6-devel-2.3.11-1.4mdv2010.0.i586.rpm
 6f08eacbc92f4b8ea2e2880c97890f9e  2010.0/i586/libfreetype6-static-devel-2.3.11-1.4mdv2010.0.i586.rpm 
 a1cb1cc205c73df55e5576c3d53dfe5b  2010.0/SRPMS/freetype2-2.3.11-1.4mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 8bb4d116a20020735920acdef6edb36c  2010.0/x86_64/lib64freetype6-2.3.11-1.4mdv2010.0.x86_64.rpm
 3e71bd23288d28261e6494389a945c8d  2010.0/x86_64/lib64freetype6-devel-2.3.11-1.4mdv2010.0.x86_64.rpm
 7c720ab93b651535c31fa51ff7a4062d  2010.0/x86_64/lib64freetype6-static-devel-2.3.11-1.4mdv2010.0.x86_64.rpm 
 a1cb1cc205c73df55e5576c3d53dfe5b  2010.0/SRPMS/freetype2-2.3.11-1.4mdv2010.0.src.rpm

 Mandriva Linux 2010.1:
 be9c8f1b5cd2f417f0ae646bc8cbc0f2  2010.1/i586/libfreetype6-2.3.12-1.4mdv2010.1.i586.rpm
 87165bb194725472642623489e13c3d2  2010.1/i586/libfreetype6-devel-2.3.12-1.4mdv2010.1.i586.rpm
 f6b9da29780ed1c3d4192a2de2df965a  2010.1/i586/libfreetype6-static-devel-2.3.12-1.4mdv2010.1.i586.rpm 
 8f9e6f8272bdd85b655f77c3bc0f1186  2010.1/SRPMS/freetype2-2.3.12-1.4mdv2010.1.src.rpm

 Mandriva Linux 2010.1/X86_64:
 426a77c1681ccb983b4421025a705622  2010.1/x86_64/lib64freetype6-2.3.12-1.4mdv2010.1.x86_64.rpm
 8847d5d1a4aa7a007e97e60dc638fcb1  2010.1/x86_64/lib64freetype6-devel-2.3.12-1.4mdv2010.1.x86_64.rpm
 1d61007c529ec3775d30fd417829590a  2010.1/x86_64/lib64freetype6-static-devel-2.3.12-1.4mdv2010.1.x86_64.rpm 
 8f9e6f8272bdd85b655f77c3bc0f1186  2010.1/SRPMS/freetype2-2.3.12-1.4mdv2010.1.src.rpm

 Corporate 4.0:
 c86147b513f4c157f6790a2e4ada0fd2  corporate/4.0/i586/libfreetype6-2.1.10-9.13.20060mlcs4.i586.rpm
 a9fa44acaef91683cad125612df13c92  corporate/4.0/i586/libfreetype6-devel-2.1.10-9.13.20060mlcs4.i586.rpm
 a4aae0884a8a56d305a15b3d46f42cee  corporate/4.0/i586/libfreetype6-static-devel-2.1.10-9.13.20060mlcs4.i586.rpm 
 0a1de080fd2d95e2bfd3a89f3e941742  corporate/4.0/SRPMS/freetype2-2.1.10-9.13.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 f38670ff2950f26aca44a5aae5668487  corporate/4.0/x86_64/lib64freetype6-2.1.10-9.13.20060mlcs4.x86_64.rpm
 23de0669bb0c18c43ca3f4c4143a2a45  corporate/4.0/x86_64/lib64freetype6-devel-2.1.10-9.13.20060mlcs4.x86_64.rpm
 487f9047aa914a9ff87fe4642e1dea9f  corporate/4.0/x86_64/lib64freetype6-static-devel-2.1.10-9.13.20060mlcs4.x86_64.rpm 
 0a1de080fd2d95e2bfd3a89f3e941742  corporate/4.0/SRPMS/freetype2-2.1.10-9.13.20060mlcs4.src.rpm

 Mandriva Enterprise Server 5:
 f990681b978c21632695ce8026e00e7f  mes5/i586/libfreetype6-2.3.7-1.5mdvmes5.1.i586.rpm
 4b46a043a230f88dbd8df174ce52bf61  mes5/i586/libfreetype6-devel-2.3.7-1.5mdvmes5.1.i586.rpm
 4520f9874288317c70d769b22f36cb72  mes5/i586/libfreetype6-static-devel-2.3.7-1.5mdvmes5.1.i586.rpm 
 e9b104e41904bf0e23fd551ad7537696  mes5/SRPMS/freetype2-2.3.7-1.5mdvmes5.1.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 d6c2911551cc1cc010b0b64e8e0b842b  mes5/x86_64/lib64freetype6-2.3.7-1.5mdvmes5.1.x86_64.rpm
 d772a09bece742077abae2a96a2f7ebd  mes5/x86_64/lib64freetype6-devel-2.3.7-1.5mdvmes5.1.x86_64.rpm
 d0ecc6df23b6aa94fdaf945756d47ccd  mes5/x86_64/lib64freetype6-static-devel-2.3.7-1.5mdvmes5.1.x86_64.rpm 
 e9b104e41904bf0e23fd551ad7537696  mes5/SRPMS/freetype2-2.3.7-1.5mdvmes5.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFMtcWRmqjQ0CJFipgRAgQgAJ4+cTAwi6mX+HqQDY6h4R8SF5RWUwCgmD44
+a5z4ffWY3Qm4BrHauRwMnA=
=TX/N
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • [ MDVSA-2010:201 ] freetype2 security (Oct 13)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault