-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2010:149 http://www.mandriva.com/security/ _______________________________________________________________________ Package : freetype2 Date : August 12, 2010 Affected: 2008.0, 2009.0, 2009.1, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: A vulnerability has been discovered and corrected in freetype2: Multiple stack overflow flaws have been reported in the way FreeType font rendering engine processed certain CFF opcodes. An attacker could use these flaws to create a specially-crafted font file that, when opened, would cause an application linked against libfreetype to crash, or, possibly execute arbitrary code (CVE-2010-1797). Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1797 https://bugzilla.redhat.com/show_bug.cgi?id=621144 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: e5b2f1ac6039b90de44e4c54a7dc15ad 2008.0/i586/libfreetype6-2.3.5-2.4mdv2008.0.i586.rpm ec559f7f70f91973c7c3337d170c2bf1 2008.0/i586/libfreetype6-devel-2.3.5-2.4mdv2008.0.i586.rpm 0f87bab9e3ba83faf24b13b13e8a16a5 2008.0/i586/libfreetype6-static-devel-2.3.5-2.4mdv2008.0.i586.rpm 0d6118b220d595e52174eb7cc2675980 2008.0/SRPMS/freetype2-2.3.5-2.4mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 5d3a64ac00fb880838ea068bceb28055 2008.0/x86_64/lib64freetype6-2.3.5-2.4mdv2008.0.x86_64.rpm d052dabc9b4f9fa41863eb8ca1fe334b 2008.0/x86_64/lib64freetype6-devel-2.3.5-2.4mdv2008.0.x86_64.rpm 281d278bf445567d29c510d0d27f7489 2008.0/x86_64/lib64freetype6-static-devel-2.3.5-2.4mdv2008.0.x86_64.rpm 0d6118b220d595e52174eb7cc2675980 2008.0/SRPMS/freetype2-2.3.5-2.4mdv2008.0.src.rpm Mandriva Linux 2009.0: ed81cc7ed3660ce94c3c6d00d556ac18 2009.0/i586/libfreetype6-2.3.7-1.3mdv2009.0.i586.rpm 325432a13a72aaf457847f4a205b9823 2009.0/i586/libfreetype6-devel-2.3.7-1.3mdv2009.0.i586.rpm bcd0dbb954f1a4e09d10e03556ea2497 2009.0/i586/libfreetype6-static-devel-2.3.7-1.3mdv2009.0.i586.rpm 373a3d35198adefaabfdb3d75c4359b1 2009.0/SRPMS/freetype2-2.3.7-1.3mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 4af7ec1921662eaa37e6a5b27998cdec 2009.0/x86_64/lib64freetype6-2.3.7-1.3mdv2009.0.x86_64.rpm c53e5285ea05fc68168a800df25a9556 2009.0/x86_64/lib64freetype6-devel-2.3.7-1.3mdv2009.0.x86_64.rpm 3a5b5a4aa2eec538b0479f066fa6e7e7 2009.0/x86_64/lib64freetype6-static-devel-2.3.7-1.3mdv2009.0.x86_64.rpm 373a3d35198adefaabfdb3d75c4359b1 2009.0/SRPMS/freetype2-2.3.7-1.3mdv2009.0.src.rpm Mandriva Linux 2009.1: ce6a11ba3156f8e1ac8339bf3c94f709 2009.1/i586/libfreetype6-2.3.9-1.4mdv2009.1.i586.rpm dc2573dc94973052652f2481651e927a 2009.1/i586/libfreetype6-devel-2.3.9-1.4mdv2009.1.i586.rpm aee56bcfbed1899495f00e87ddaed7ce 2009.1/i586/libfreetype6-static-devel-2.3.9-1.4mdv2009.1.i586.rpm aaa5a09d40624240e901b31d4f0e98c0 2009.1/SRPMS/freetype2-2.3.9-1.4mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: 9e51fa000bb7e106189845ca6694ae15 2009.1/x86_64/lib64freetype6-2.3.9-1.4mdv2009.1.x86_64.rpm 2ec9a71562a8d40a8accaf967b3c2a75 2009.1/x86_64/lib64freetype6-devel-2.3.9-1.4mdv2009.1.x86_64.rpm 8e87a5ba6fd376aeceef71fe5b809f86 2009.1/x86_64/lib64freetype6-static-devel-2.3.9-1.4mdv2009.1.x86_64.rpm aaa5a09d40624240e901b31d4f0e98c0 2009.1/SRPMS/freetype2-2.3.9-1.4mdv2009.1.src.rpm Mandriva Linux 2010.0: faf191e76adc0e2f8f4bebfd97f36a49 2010.0/i586/libfreetype6-2.3.11-1.2mdv2010.0.i586.rpm 7202581d10580a63ba28eb4b0dce708c 2010.0/i586/libfreetype6-devel-2.3.11-1.2mdv2010.0.i586.rpm ecaad382e83f7005a1d76a585dfe879c 2010.0/i586/libfreetype6-static-devel-2.3.11-1.2mdv2010.0.i586.rpm 3c34f8f0e0352ef0a11c57d4eadc1ccd 2010.0/SRPMS/freetype2-2.3.11-1.2mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: 9ffe17211ba4e4a6aa67e73e4c22e020 2010.0/x86_64/lib64freetype6-2.3.11-1.2mdv2010.0.x86_64.rpm eebaba0b5509b21da03a432699198342 2010.0/x86_64/lib64freetype6-devel-2.3.11-1.2mdv2010.0.x86_64.rpm 90e215bda5483ee6b5d5ca74bfedf7c0 2010.0/x86_64/lib64freetype6-static-devel-2.3.11-1.2mdv2010.0.x86_64.rpm 3c34f8f0e0352ef0a11c57d4eadc1ccd 2010.0/SRPMS/freetype2-2.3.11-1.2mdv2010.0.src.rpm Mandriva Linux 2010.1: 437be09971963217a5daef5dc04d451b 2010.1/i586/libfreetype6-2.3.12-1.2mdv2010.1.i586.rpm 42f5ddeeb25353a9fa20677112e9ae7c 2010.1/i586/libfreetype6-devel-2.3.12-1.2mdv2010.1.i586.rpm c77ce226104a1febd22c920c73a807f7 2010.1/i586/libfreetype6-static-devel-2.3.12-1.2mdv2010.1.i586.rpm 11f6a185216335c804f0988621dd637c 2010.1/SRPMS/freetype2-2.3.12-1.2mdv2010.1.src.rpm Mandriva Linux 2010.1/X86_64: a4a5170f277a9654f19b208deab8027c 2010.1/x86_64/lib64freetype6-2.3.12-1.2mdv2010.1.x86_64.rpm 4637ff02b2739b2d29c94333f00ce59e 2010.1/x86_64/lib64freetype6-devel-2.3.12-1.2mdv2010.1.x86_64.rpm 20a9488e5100b9a4f925fb777e00248d 2010.1/x86_64/lib64freetype6-static-devel-2.3.12-1.2mdv2010.1.x86_64.rpm 11f6a185216335c804f0988621dd637c 2010.1/SRPMS/freetype2-2.3.12-1.2mdv2010.1.src.rpm Corporate 4.0: 516a71993da7404ae96b14699cb1aa5f corporate/4.0/i586/libfreetype6-2.1.10-9.11.20060mlcs4.i586.rpm 839108110543d3243a725c3c2153ea46 corporate/4.0/i586/libfreetype6-devel-2.1.10-9.11.20060mlcs4.i586.rpm 8c912e309a35917d533fcf3be251f662 corporate/4.0/i586/libfreetype6-static-devel-2.1.10-9.11.20060mlcs4.i586.rpm e6e59f81030a80f5a1704f130e34b3ec corporate/4.0/SRPMS/freetype2-2.1.10-9.11.20060mlcs4.src.rpm Corporate 4.0/X86_64: cf591c59af6e46e62609ff34892f52d3 corporate/4.0/x86_64/lib64freetype6-2.1.10-9.11.20060mlcs4.x86_64.rpm 55e0f089dee699185f317e863b12c590 corporate/4.0/x86_64/lib64freetype6-devel-2.1.10-9.11.20060mlcs4.x86_64.rpm 7eec0361fb43382f4aa9558e2698af89 corporate/4.0/x86_64/lib64freetype6-static-devel-2.1.10-9.11.20060mlcs4.x86_64.rpm e6e59f81030a80f5a1704f130e34b3ec corporate/4.0/SRPMS/freetype2-2.1.10-9.11.20060mlcs4.src.rpm Mandriva Enterprise Server 5: cfed1363663ad29113cb1655c3e56429 mes5/i586/libfreetype6-2.3.7-1.3mdvmes5.1.i586.rpm bfc520ee4832553381a304209442dcc1 mes5/i586/libfreetype6-devel-2.3.7-1.3mdvmes5.1.i586.rpm 92f6f546f2dad9a2bf7031261079294a mes5/i586/libfreetype6-static-devel-2.3.7-1.3mdvmes5.1.i586.rpm d32510c26f462ffb120f4c4284f412d4 mes5/SRPMS/freetype2-2.3.7-1.3mdvmes5.1.src.rpm Mandriva Enterprise Server 5/X86_64: 35c99bfa9c7a0799a4f304d3a2de2f11 mes5/x86_64/lib64freetype6-2.3.7-1.3mdvmes5.1.x86_64.rpm 9dcb3dfb3769618d8b2c93f3f4ba53db mes5/x86_64/lib64freetype6-devel-2.3.7-1.3mdvmes5.1.x86_64.rpm 165edd82ca0492d88d393e8a65ad5869 mes5/x86_64/lib64freetype6-static-devel-2.3.7-1.3mdvmes5.1.x86_64.rpm d32510c26f462ffb120f4c4284f412d4 mes5/SRPMS/freetype2-2.3.7-1.3mdvmes5.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFMZBO6mqjQ0CJFipgRAvckAKCpFuRGLxgICBqETRTbXhdZpg8RywCgjKjm 46cbqAt0xVJvR5AdhA3z/FY= =T9it -----END PGP SIGNATURE-----