Mandriva Linux Security Advisory 2010-236 - Multiple vulnerabilities were discovered and corrected in freetype2. An error within the "Ins_SHZ()" function in src/truetype/ttinterp.c when handling the "SHZ" bytecode instruction can be exploited to cause a crash and potentially execute arbitrary code via a specially crafted font. An error exists in the "ft_var_readpackedpoints()" function in src/truetype/ttgxvar.c when processing TrueType GX fonts and can be exploited to cause a heap-based buffer overflow via a specially crafted font.
082e3d14d51c0c4429d4ac6085aeee9d68bb604f0f963c33a896c08708daa057-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:236
http://www.mandriva.com/security/
_______________________________________________________________________
Package : freetype2
Date : November 16, 2010
Affected: 2009.0, 2010.0, 2010.1, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities were discovered and corrected in freetype2:
An error within the "Ins_SHZ()" function in src/truetype/ttinterp.c
when handling the "SHZ" bytecode instruction can be exploited to
cause a crash and potentially execute arbitrary code via a specially
crafted font (CVE-2010-3814).
An error exists in the "ft_var_readpackedpoints()" function in
src/truetype/ttgxvar.c when processing TrueType GX fonts and can
be exploited to cause a heap-based buffer overflow via a specially
crafted font (CVE-2010-3855).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3814
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3855
http://secunia.com/advisories/41738
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2009.0:
0f513dab45a0f16a10ccb262c591a29b 2009.0/i586/libfreetype6-2.3.7-1.6mdv2009.0.i586.rpm
3e68fe984797044db4662aaea7043e5d 2009.0/i586/libfreetype6-devel-2.3.7-1.6mdv2009.0.i586.rpm
eddda257a00f7c7ad8546d2a366a4cf6 2009.0/i586/libfreetype6-static-devel-2.3.7-1.6mdv2009.0.i586.rpm
d3d00802f5a9f8d55ff93d4a52dd688c 2009.0/SRPMS/freetype2-2.3.7-1.6mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
13c5119d8dfc4083d04721db113c63ea 2009.0/x86_64/lib64freetype6-2.3.7-1.6mdv2009.0.x86_64.rpm
4f7ae5925648e4075f86ff92b585f79b 2009.0/x86_64/lib64freetype6-devel-2.3.7-1.6mdv2009.0.x86_64.rpm
9fb5c35fcf406d9c67cf33761afba2c6 2009.0/x86_64/lib64freetype6-static-devel-2.3.7-1.6mdv2009.0.x86_64.rpm
d3d00802f5a9f8d55ff93d4a52dd688c 2009.0/SRPMS/freetype2-2.3.7-1.6mdv2009.0.src.rpm
Mandriva Linux 2010.0:
e58fd78a9c1a360d9835c1fa7523348a 2010.0/i586/libfreetype6-2.3.11-1.5mdv2010.0.i586.rpm
90d269a594a134659ee5484a624ceec9 2010.0/i586/libfreetype6-devel-2.3.11-1.5mdv2010.0.i586.rpm
464fdcfbaa4692ff68ef046387ca812e 2010.0/i586/libfreetype6-static-devel-2.3.11-1.5mdv2010.0.i586.rpm
2437d79143005ecefd9a2dc68eead49e 2010.0/SRPMS/freetype2-2.3.11-1.5mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64:
990e0f8f9c48ecc8742627e332d10b1d 2010.0/x86_64/lib64freetype6-2.3.11-1.5mdv2010.0.x86_64.rpm
de925c563f99b740e92da35731391ef5 2010.0/x86_64/lib64freetype6-devel-2.3.11-1.5mdv2010.0.x86_64.rpm
e0366af7b4cff9c34401327a75995cf1 2010.0/x86_64/lib64freetype6-static-devel-2.3.11-1.5mdv2010.0.x86_64.rpm
2437d79143005ecefd9a2dc68eead49e 2010.0/SRPMS/freetype2-2.3.11-1.5mdv2010.0.src.rpm
Mandriva Linux 2010.1:
01f6fbfe44fc14e3d722cfcb71c586df 2010.1/i586/libfreetype6-2.3.12-1.5mdv2010.1.i586.rpm
d31b39ca425c3e0d8451846f72a7c689 2010.1/i586/libfreetype6-devel-2.3.12-1.5mdv2010.1.i586.rpm
f23ba4780eb8a76db9bc150ef483908f 2010.1/i586/libfreetype6-static-devel-2.3.12-1.5mdv2010.1.i586.rpm
25686c4566e01ee72bdd430c1f1f8cf4 2010.1/SRPMS/freetype2-2.3.12-1.5mdv2010.1.src.rpm
Mandriva Linux 2010.1/X86_64:
718089405b4c06c26ca35b943003f20f 2010.1/x86_64/lib64freetype6-2.3.12-1.5mdv2010.1.x86_64.rpm
c5c9aa34d66e26f966038102a784e0ef 2010.1/x86_64/lib64freetype6-devel-2.3.12-1.5mdv2010.1.x86_64.rpm
ce2da681b1b8b741c4c095fde5a86588 2010.1/x86_64/lib64freetype6-static-devel-2.3.12-1.5mdv2010.1.x86_64.rpm
25686c4566e01ee72bdd430c1f1f8cf4 2010.1/SRPMS/freetype2-2.3.12-1.5mdv2010.1.src.rpm
Mandriva Enterprise Server 5:
25b4a3057e313046cc9d2e26f5ba362b mes5/i586/libfreetype6-2.3.7-1.6mdvmes5.1.i586.rpm
5efa3b889126e463458ced59bbf8af5c mes5/i586/libfreetype6-devel-2.3.7-1.6mdvmes5.1.i586.rpm
f00793f1397da865668b4d1492256c26 mes5/i586/libfreetype6-static-devel-2.3.7-1.6mdvmes5.1.i586.rpm
98f415cf6b6882d33c5ba10cc0187ad7 mes5/SRPMS/freetype2-2.3.7-1.6mdvmes5.1.src.rpm
Mandriva Enterprise Server 5/X86_64:
d0d498a0b58b69bbd08f589c63bbd6ab mes5/x86_64/lib64freetype6-2.3.7-1.6mdvmes5.1.x86_64.rpm
7818f1757da1c3c9aab94d0d8ff6d96a mes5/x86_64/lib64freetype6-devel-2.3.7-1.6mdvmes5.1.x86_64.rpm
bfd7ba00ded60ba19982eeea50300d73 mes5/x86_64/lib64freetype6-static-devel-2.3.7-1.6mdvmes5.1.x86_64.rpm
98f415cf6b6882d33c5ba10cc0187ad7 mes5/SRPMS/freetype2-2.3.7-1.6mdvmes5.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFM4kfGmqjQ0CJFipgRApurAJoDuQb9vZP5S30jMNfuhtkrTmh9LwCgsBnG
HLE1mP7DpvGt1xv6/0j3guA=
=CQ3P
-----END PGP SIGNATURE-----
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed