-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-2070-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff July 14, 2010 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : freetype Vulnerability : several Problem type : local(remote) Debian-specific: no CVE Id(s) : CVE-2010-2497 CVE-2010-2498 CVE-2010-2499 CVE-2010-2500 CVE-2010-2519 CVE-2010-2520 CVE-2010-2527 Robert Swiecki discovered several vulnerabilities in the FreeType font library, which could lead to the execution of arbitrary code if a malformed font file is processed. Also, several buffer overflows were found in the included demo programs. For the stable distribution (lenny), these problems have been fixed in version 2.3.7-2+lenny2. For the unstable distribution (sid), these problems have been fixed in version 2.4.0-1. We recommend that you upgrade your freetype packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny - -------------------------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny2.dsc Size/MD5 checksum: 1219 a5930e5dfa3757bed045a67b7ef0e3e2 http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7.orig.tar.gz Size/MD5 checksum: 1567540 c1a9f44fde316470176fd6d66af3a0e8 http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny2.diff.gz Size/MD5 checksum: 36156 f1cb13247588b40f8f6c9d232df7efde alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_alpha.deb Size/MD5 checksum: 775180 d9d1a2680550113aab5a5aa23998458e http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_alpha.deb Size/MD5 checksum: 411954 63d800f83bd77f18b9307cd77b5cfd1d http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_alpha.deb Size/MD5 checksum: 253784 b95be0af80d58e4e0818dd9b66447d9e http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_alpha.udeb Size/MD5 checksum: 296564 6e080492ee03692588c5953b36bade6d amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_amd64.udeb Size/MD5 checksum: 269680 4c9e6efc6c36f0867c74dde033b97ac8 http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_amd64.deb Size/MD5 checksum: 223010 5b9c55fc8ef35251ccdc3c1d22b13edd http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_amd64.deb Size/MD5 checksum: 713084 b5933f78399f7d690f786fb7f04d1eca http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_amd64.deb Size/MD5 checksum: 385600 741877f101eef1dd6f77aead47ddbba1 arm architecture (ARM) http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_arm.deb Size/MD5 checksum: 205134 624b8b38b6cea2d569c70a18a5f78934 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_arm.udeb Size/MD5 checksum: 242180 d7c5020f9cb5417378b80571bc2eccd4 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_arm.deb Size/MD5 checksum: 686080 a12f9cb0b5f76071ed204cfdcc571cd5 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_arm.deb Size/MD5 checksum: 356996 ff79207089cce445fa6d0514156f12cf armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_armel.deb Size/MD5 checksum: 684278 7654ae1ba45138f11c53da2acce6055c http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_armel.deb Size/MD5 checksum: 210040 2d05fa53273572a89c81c9085a291fee http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_armel.udeb Size/MD5 checksum: 236524 727d731977efad369b51fdc28d42bade http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_armel.deb Size/MD5 checksum: 353412 0bd84857e81e20c777cfaa5cf75532f2 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_hppa.deb Size/MD5 checksum: 390130 633e25d7f8c8c618d9bae093ccb82ce3 http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_hppa.deb Size/MD5 checksum: 226818 cddac3930a33e08d60652f33c9a74951 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_hppa.deb Size/MD5 checksum: 724826 9b77d359086e5379ded04c10e2acd20e http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_hppa.udeb Size/MD5 checksum: 273756 4e144120db5dcbf29368b95a783e55ca i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_i386.deb Size/MD5 checksum: 198154 db88552ea82caf3939e7b0cf50aaacd6 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_i386.deb Size/MD5 checksum: 369100 303fa098f2a6ae9b96dda6911f0bd7fb http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_i386.deb Size/MD5 checksum: 681856 df21b1a3835e262d844f60f9da27b279 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_i386.udeb Size/MD5 checksum: 254120 bfb155340e5d588d06f09901b508661b ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_ia64.deb Size/MD5 checksum: 530172 3eb3af7df07000f3f77046c21476d336 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_ia64.udeb Size/MD5 checksum: 415500 a7790020bc8e89e29d22ba21de275386 http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_ia64.deb Size/MD5 checksum: 331586 c0c579a4f47c6239c33cf1b139850d1c http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_ia64.deb Size/MD5 checksum: 876158 52006540c63793635d2dcac9f8179dbf mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_mips.deb Size/MD5 checksum: 716244 e62cde7460caa83b189326abbe6a5347 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_mips.deb Size/MD5 checksum: 370118 606f0b24f3694f40eb5331e8d74c4f3b http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_mips.deb Size/MD5 checksum: 215180 33b08b6b36a20501276e657c3613701e http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_mips.udeb Size/MD5 checksum: 253874 fe4977d926f17b3cbc338ea9926fec40 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_mipsel.udeb Size/MD5 checksum: 254212 58be71c203785b01889176e8b028afac http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_mipsel.deb Size/MD5 checksum: 215322 f376b04c5b8450a03b7299a86cc4a586 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_mipsel.deb Size/MD5 checksum: 369756 412a79e35817f664f76dcaab0df63a59 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_mipsel.deb Size/MD5 checksum: 716552 3bc89b0f776eaaf3fcd5ec8f6373b599 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_powerpc.deb Size/MD5 checksum: 379634 a6f5c6e8ff755639559e55973ec1074d http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_powerpc.deb Size/MD5 checksum: 708420 6596bcb33887463503ad0507b216e4ed http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_powerpc.deb Size/MD5 checksum: 233050 40ee5ec08547be283b808d3afd5f97ba http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_powerpc.udeb Size/MD5 checksum: 262690 ed1fff07f9e2f763ca481b2f8599e4af s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_s390.deb Size/MD5 checksum: 383824 3fbd3dc038b0ac35b961a964cb1147e6 http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_s390.deb Size/MD5 checksum: 225144 04291aff7589607427d175721aafe8c3 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_s390.udeb Size/MD5 checksum: 268070 d565627ddbf45d36920a27b8f42c1f55 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_s390.deb Size/MD5 checksum: 698596 f161a20932cbdbb2ccf4d3a30a555231 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_sparc.deb Size/MD5 checksum: 351162 9f308ff70921739fffbbfe9fca486a87 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_sparc.deb Size/MD5 checksum: 679330 4bee549927cdfc3b52fc62a5f16b3d49 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_sparc.udeb Size/MD5 checksum: 235344 ed806b039d7d8868ae9f7c89fe794629 http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_sparc.deb Size/MD5 checksum: 200794 49a26fa64c57498279481a4786919055 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAkw+GCUACgkQXm3vHE4uylrkywCgy9GpS2XDmy5Y+pj3JOVAwpFs mWwAn1lQsDqPntOyBssbJ901IHmL8FW/ =Y+AX -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/