Mandriva Linux Security Advisory 2010-201 - Marc Schoenefeld found an input stream position error in the way FreeType font rendering engine processed input file streams. If a user loaded a specially-crafted font file with an application linked against FreeType and relevant font glyphs were subsequently rendered with the X FreeType library, it could cause the application to crash or, possibly execute arbitrary code (integer overflow leading to heap-based buffer overflow in the libXft library) with the privileges of the user running the application. Different vulnerability than CVE-2010-1797.
cf77ad478e89a3ba2c6046a48e6f32429662f19ea59b6368bbb43895bb0b789e-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:201
http://www.mandriva.com/security/
_______________________________________________________________________
Package : freetype2
Date : October 13, 2010
Affected: 2009.0, 2009.1, 2010.0, 2010.1, Corporate 4.0,
Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
A vulnerability was discovered and corrected in freetype2:
Marc Schoenefeld found an input stream position error in the way
FreeType font rendering engine processed input file streams. If
a user loaded a specially-crafted font file with an application
linked against FreeType and relevant font glyphs were subsequently
rendered with the X FreeType library (libXft), it could cause the
application to crash or, possibly execute arbitrary code (integer
overflow leading to heap-based buffer overflow in the libXft library)
with the privileges of the user running the application. Different
vulnerability than CVE-2010-1797 (CVE-2010-3311).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3311
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2009.0:
248523a7d7a2c3d6a85cb88513f3a830 2009.0/i586/libfreetype6-2.3.7-1.5mdv2009.0.i586.rpm
d732b628d679e6c1f1825fc8651dbba4 2009.0/i586/libfreetype6-devel-2.3.7-1.5mdv2009.0.i586.rpm
eba4f60c32555f0cccee21bd1604ecdd 2009.0/i586/libfreetype6-static-devel-2.3.7-1.5mdv2009.0.i586.rpm
9a95af00a0336bbd89965d410ecf7dbf 2009.0/SRPMS/freetype2-2.3.7-1.5mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
30127aa3b8f70207269911dc74d5d1f6 2009.0/x86_64/lib64freetype6-2.3.7-1.5mdv2009.0.x86_64.rpm
3b6020558fbaf3651ff7c3ca13f1b7dc 2009.0/x86_64/lib64freetype6-devel-2.3.7-1.5mdv2009.0.x86_64.rpm
0f572c7db1071b843ef103226f058bf8 2009.0/x86_64/lib64freetype6-static-devel-2.3.7-1.5mdv2009.0.x86_64.rpm
9a95af00a0336bbd89965d410ecf7dbf 2009.0/SRPMS/freetype2-2.3.7-1.5mdv2009.0.src.rpm
Mandriva Linux 2009.1:
06b12f4db64361f3d7b749ea97b23573 2009.1/i586/libfreetype6-2.3.9-1.6mdv2009.1.i586.rpm
bfe315852b8d3e9595796f9c9933694f 2009.1/i586/libfreetype6-devel-2.3.9-1.6mdv2009.1.i586.rpm
2b493d1661300189e5551acf31822088 2009.1/i586/libfreetype6-static-devel-2.3.9-1.6mdv2009.1.i586.rpm
2a72ac2132ed6513dd1b2f93e06364fe 2009.1/SRPMS/freetype2-2.3.9-1.6mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64:
9b0158596861029412f697767cfce475 2009.1/x86_64/lib64freetype6-2.3.9-1.6mdv2009.1.x86_64.rpm
9389f0616c2633adec3ee5dc0788d0d3 2009.1/x86_64/lib64freetype6-devel-2.3.9-1.6mdv2009.1.x86_64.rpm
da638cb0fc6f198e195fefc94ae4d052 2009.1/x86_64/lib64freetype6-static-devel-2.3.9-1.6mdv2009.1.x86_64.rpm
2a72ac2132ed6513dd1b2f93e06364fe 2009.1/SRPMS/freetype2-2.3.9-1.6mdv2009.1.src.rpm
Mandriva Linux 2010.0:
81e94386ee8cd6641a46dce9df0efcae 2010.0/i586/libfreetype6-2.3.11-1.4mdv2010.0.i586.rpm
e585d63da11b17c74f456ea97368ae97 2010.0/i586/libfreetype6-devel-2.3.11-1.4mdv2010.0.i586.rpm
6f08eacbc92f4b8ea2e2880c97890f9e 2010.0/i586/libfreetype6-static-devel-2.3.11-1.4mdv2010.0.i586.rpm
a1cb1cc205c73df55e5576c3d53dfe5b 2010.0/SRPMS/freetype2-2.3.11-1.4mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64:
8bb4d116a20020735920acdef6edb36c 2010.0/x86_64/lib64freetype6-2.3.11-1.4mdv2010.0.x86_64.rpm
3e71bd23288d28261e6494389a945c8d 2010.0/x86_64/lib64freetype6-devel-2.3.11-1.4mdv2010.0.x86_64.rpm
7c720ab93b651535c31fa51ff7a4062d 2010.0/x86_64/lib64freetype6-static-devel-2.3.11-1.4mdv2010.0.x86_64.rpm
a1cb1cc205c73df55e5576c3d53dfe5b 2010.0/SRPMS/freetype2-2.3.11-1.4mdv2010.0.src.rpm
Mandriva Linux 2010.1:
be9c8f1b5cd2f417f0ae646bc8cbc0f2 2010.1/i586/libfreetype6-2.3.12-1.4mdv2010.1.i586.rpm
87165bb194725472642623489e13c3d2 2010.1/i586/libfreetype6-devel-2.3.12-1.4mdv2010.1.i586.rpm
f6b9da29780ed1c3d4192a2de2df965a 2010.1/i586/libfreetype6-static-devel-2.3.12-1.4mdv2010.1.i586.rpm
8f9e6f8272bdd85b655f77c3bc0f1186 2010.1/SRPMS/freetype2-2.3.12-1.4mdv2010.1.src.rpm
Mandriva Linux 2010.1/X86_64:
426a77c1681ccb983b4421025a705622 2010.1/x86_64/lib64freetype6-2.3.12-1.4mdv2010.1.x86_64.rpm
8847d5d1a4aa7a007e97e60dc638fcb1 2010.1/x86_64/lib64freetype6-devel-2.3.12-1.4mdv2010.1.x86_64.rpm
1d61007c529ec3775d30fd417829590a 2010.1/x86_64/lib64freetype6-static-devel-2.3.12-1.4mdv2010.1.x86_64.rpm
8f9e6f8272bdd85b655f77c3bc0f1186 2010.1/SRPMS/freetype2-2.3.12-1.4mdv2010.1.src.rpm
Corporate 4.0:
c86147b513f4c157f6790a2e4ada0fd2 corporate/4.0/i586/libfreetype6-2.1.10-9.13.20060mlcs4.i586.rpm
a9fa44acaef91683cad125612df13c92 corporate/4.0/i586/libfreetype6-devel-2.1.10-9.13.20060mlcs4.i586.rpm
a4aae0884a8a56d305a15b3d46f42cee corporate/4.0/i586/libfreetype6-static-devel-2.1.10-9.13.20060mlcs4.i586.rpm
0a1de080fd2d95e2bfd3a89f3e941742 corporate/4.0/SRPMS/freetype2-2.1.10-9.13.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
f38670ff2950f26aca44a5aae5668487 corporate/4.0/x86_64/lib64freetype6-2.1.10-9.13.20060mlcs4.x86_64.rpm
23de0669bb0c18c43ca3f4c4143a2a45 corporate/4.0/x86_64/lib64freetype6-devel-2.1.10-9.13.20060mlcs4.x86_64.rpm
487f9047aa914a9ff87fe4642e1dea9f corporate/4.0/x86_64/lib64freetype6-static-devel-2.1.10-9.13.20060mlcs4.x86_64.rpm
0a1de080fd2d95e2bfd3a89f3e941742 corporate/4.0/SRPMS/freetype2-2.1.10-9.13.20060mlcs4.src.rpm
Mandriva Enterprise Server 5:
f990681b978c21632695ce8026e00e7f mes5/i586/libfreetype6-2.3.7-1.5mdvmes5.1.i586.rpm
4b46a043a230f88dbd8df174ce52bf61 mes5/i586/libfreetype6-devel-2.3.7-1.5mdvmes5.1.i586.rpm
4520f9874288317c70d769b22f36cb72 mes5/i586/libfreetype6-static-devel-2.3.7-1.5mdvmes5.1.i586.rpm
e9b104e41904bf0e23fd551ad7537696 mes5/SRPMS/freetype2-2.3.7-1.5mdvmes5.1.src.rpm
Mandriva Enterprise Server 5/X86_64:
d6c2911551cc1cc010b0b64e8e0b842b mes5/x86_64/lib64freetype6-2.3.7-1.5mdvmes5.1.x86_64.rpm
d772a09bece742077abae2a96a2f7ebd mes5/x86_64/lib64freetype6-devel-2.3.7-1.5mdvmes5.1.x86_64.rpm
d0ecc6df23b6aa94fdaf945756d47ccd mes5/x86_64/lib64freetype6-static-devel-2.3.7-1.5mdvmes5.1.x86_64.rpm
e9b104e41904bf0e23fd551ad7537696 mes5/SRPMS/freetype2-2.3.7-1.5mdvmes5.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFMtcWRmqjQ0CJFipgRAgQgAJ4+cTAwi6mX+HqQDY6h4R8SF5RWUwCgmD44
+a5z4ffWY3Qm4BrHauRwMnA=
=TX/N
-----END PGP SIGNATURE-----
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed