-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2012:057 http://www.mandriva.com/security/ _______________________________________________________________________ Package : freetype2 Date : April 12, 2012 Affected: 2010.1, 2011., Enterprise Server 5.0 _______________________________________________________________________ Problem Description: Multiple flaws were found in FreeType. Specially crafted files could cause application crashes or potentially execute arbitrary code (CVE-2012-1126, CVE-2012-1127, CVE-2012-1128, CVE-2012-1129, CVE-2012-1130, CVE-2012-1131, CVE-2012-1132, CVE-2012-1133, CVE-2012-1134, CVE-2012-1135, CVE-2012-1136, CVE-2012-1137, CVE-2012-1138, CVE-2012-1139, CVE-2012-1140, CVE-2012-1141, CVE-2012-1142, CVE-2012-1143, CVE-2012-1144). The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1126 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1127 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1128 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1129 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1130 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1131 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1132 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1133 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1134 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1135 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1136 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1137 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1138 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1139 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1140 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1141 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1142 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1143 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1144 _______________________________________________________________________ Updated Packages: Mandriva Linux 2010.1: 27ac5c46bbcaee8f960d654b08c620c3 2010.1/i586/freetype2-demos-2.3.12-1.9mdv2010.2.i586.rpm d2d6c24a4614ff3b838cd082c4487da6 2010.1/i586/libfreetype6-2.3.12-1.9mdv2010.2.i586.rpm 613f7d3ac7de3f5eee9b1dc925d37816 2010.1/i586/libfreetype6-devel-2.3.12-1.9mdv2010.2.i586.rpm 002b002cde3335b8c16875543886fd92 2010.1/i586/libfreetype6-static-devel-2.3.12-1.9mdv2010.2.i586.rpm 0d6c1904469c22a77428c4323bc9ce59 2010.1/SRPMS/freetype2-2.3.12-1.9mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: fa720ee6e2ba28b1e3ab8b6908dc8389 2010.1/x86_64/freetype2-demos-2.3.12-1.9mdv2010.2.x86_64.rpm ce9ff4d173364d3f3dd02eadcaa00558 2010.1/x86_64/lib64freetype6-2.3.12-1.9mdv2010.2.x86_64.rpm cb39f796366819450d8221263bbe52a7 2010.1/x86_64/lib64freetype6-devel-2.3.12-1.9mdv2010.2.x86_64.rpm 0d22f0778fa4fd37c3cf23aca2e540ae 2010.1/x86_64/lib64freetype6-static-devel-2.3.12-1.9mdv2010.2.x86_64.rpm 0d6c1904469c22a77428c4323bc9ce59 2010.1/SRPMS/freetype2-2.3.12-1.9mdv2010.2.src.rpm Mandriva Linux 2011: b132cce68da5b73b5c0eb3ab6334344f 2011/i586/freetype2-demos-2.4.5-2.3-mdv2011.0.i586.rpm 49543c61a1547907c31c456023e5e3d6 2011/i586/libfreetype6-2.4.5-2.3-mdv2011.0.i586.rpm 7e2fea21d3346ef0102b01e457338c8c 2011/i586/libfreetype6-devel-2.4.5-2.3-mdv2011.0.i586.rpm 0624a5a99801fdfc15e4e681a6694e1f 2011/i586/libfreetype6-static-devel-2.4.5-2.3-mdv2011.0.i586.rpm 9fa0927b963e00c52a5cc8e52b60488f 2011/SRPMS/freetype2-2.4.5-2.3.src.rpm Mandriva Linux 2011/X86_64: 1af1f5c163d649294da57bf35747f392 2011/x86_64/freetype2-demos-2.4.5-2.3-mdv2011.0.x86_64.rpm 445ecaeea2d4ff7eb21c13c2d0b6559f 2011/x86_64/lib64freetype6-2.4.5-2.3-mdv2011.0.x86_64.rpm 53f8909052fd9b9d0abf7223d4eccb75 2011/x86_64/lib64freetype6-devel-2.4.5-2.3-mdv2011.0.x86_64.rpm 8d964347212fe30961ec6b542388475e 2011/x86_64/lib64freetype6-static-devel-2.4.5-2.3-mdv2011.0.x86_64.rpm 9fa0927b963e00c52a5cc8e52b60488f 2011/SRPMS/freetype2-2.4.5-2.3.src.rpm Mandriva Enterprise Server 5: a8a99f3672f9c34568bcec2ec67c961e mes5/i586/freetype2-demos-2.3.7-1.10mdvmes5.2.i586.rpm 1350b0bf938ba4ac67a148371578dc67 mes5/i586/libfreetype6-2.3.7-1.10mdvmes5.2.i586.rpm 4e86fcdc1e2b69f12ce4ba3ffc64fe40 mes5/i586/libfreetype6-devel-2.3.7-1.10mdvmes5.2.i586.rpm 3441e06db6fccb035e4f73626c74e694 mes5/i586/libfreetype6-static-devel-2.3.7-1.10mdvmes5.2.i586.rpm 40e296bda353cb4351feb3dec6e8b508 mes5/SRPMS/freetype2-2.3.7-1.10mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: 1908a8af14e177717a3c8fc962834019 mes5/x86_64/freetype2-demos-2.3.7-1.10mdvmes5.2.x86_64.rpm 79a9c7f036c2d69027b5aaabc39554a4 mes5/x86_64/lib64freetype6-2.3.7-1.10mdvmes5.2.x86_64.rpm 462b93d5939a507033b2faa414a26141 mes5/x86_64/lib64freetype6-devel-2.3.7-1.10mdvmes5.2.x86_64.rpm 11896142878498128688d0667bbccd9a mes5/x86_64/lib64freetype6-static-devel-2.3.7-1.10mdvmes5.2.x86_64.rpm 40e296bda353cb4351feb3dec6e8b508 mes5/SRPMS/freetype2-2.3.7-1.10mdvmes5.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFPhrLQmqjQ0CJFipgRAlTjAKCLMBynemZAky8w1QxtTeUExoCobQCePExV tTU2vHcYIJ41fGp4cPaqOrs= =RegY -----END PGP SIGNATURE-----