-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2010:201 http://www.mandriva.com/security/ _______________________________________________________________________ Package : freetype2 Date : October 13, 2010 Affected: 2009.0, 2009.1, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: A vulnerability was discovered and corrected in freetype2: Marc Schoenefeld found an input stream position error in the way FreeType font rendering engine processed input file streams. If a user loaded a specially-crafted font file with an application linked against FreeType and relevant font glyphs were subsequently rendered with the X FreeType library (libXft), it could cause the application to crash or, possibly execute arbitrary code (integer overflow leading to heap-based buffer overflow in the libXft library) with the privileges of the user running the application. Different vulnerability than CVE-2010-1797 (CVE-2010-3311). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3311 _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.0: 248523a7d7a2c3d6a85cb88513f3a830 2009.0/i586/libfreetype6-2.3.7-1.5mdv2009.0.i586.rpm d732b628d679e6c1f1825fc8651dbba4 2009.0/i586/libfreetype6-devel-2.3.7-1.5mdv2009.0.i586.rpm eba4f60c32555f0cccee21bd1604ecdd 2009.0/i586/libfreetype6-static-devel-2.3.7-1.5mdv2009.0.i586.rpm 9a95af00a0336bbd89965d410ecf7dbf 2009.0/SRPMS/freetype2-2.3.7-1.5mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 30127aa3b8f70207269911dc74d5d1f6 2009.0/x86_64/lib64freetype6-2.3.7-1.5mdv2009.0.x86_64.rpm 3b6020558fbaf3651ff7c3ca13f1b7dc 2009.0/x86_64/lib64freetype6-devel-2.3.7-1.5mdv2009.0.x86_64.rpm 0f572c7db1071b843ef103226f058bf8 2009.0/x86_64/lib64freetype6-static-devel-2.3.7-1.5mdv2009.0.x86_64.rpm 9a95af00a0336bbd89965d410ecf7dbf 2009.0/SRPMS/freetype2-2.3.7-1.5mdv2009.0.src.rpm Mandriva Linux 2009.1: 06b12f4db64361f3d7b749ea97b23573 2009.1/i586/libfreetype6-2.3.9-1.6mdv2009.1.i586.rpm bfe315852b8d3e9595796f9c9933694f 2009.1/i586/libfreetype6-devel-2.3.9-1.6mdv2009.1.i586.rpm 2b493d1661300189e5551acf31822088 2009.1/i586/libfreetype6-static-devel-2.3.9-1.6mdv2009.1.i586.rpm 2a72ac2132ed6513dd1b2f93e06364fe 2009.1/SRPMS/freetype2-2.3.9-1.6mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: 9b0158596861029412f697767cfce475 2009.1/x86_64/lib64freetype6-2.3.9-1.6mdv2009.1.x86_64.rpm 9389f0616c2633adec3ee5dc0788d0d3 2009.1/x86_64/lib64freetype6-devel-2.3.9-1.6mdv2009.1.x86_64.rpm da638cb0fc6f198e195fefc94ae4d052 2009.1/x86_64/lib64freetype6-static-devel-2.3.9-1.6mdv2009.1.x86_64.rpm 2a72ac2132ed6513dd1b2f93e06364fe 2009.1/SRPMS/freetype2-2.3.9-1.6mdv2009.1.src.rpm Mandriva Linux 2010.0: 81e94386ee8cd6641a46dce9df0efcae 2010.0/i586/libfreetype6-2.3.11-1.4mdv2010.0.i586.rpm e585d63da11b17c74f456ea97368ae97 2010.0/i586/libfreetype6-devel-2.3.11-1.4mdv2010.0.i586.rpm 6f08eacbc92f4b8ea2e2880c97890f9e 2010.0/i586/libfreetype6-static-devel-2.3.11-1.4mdv2010.0.i586.rpm a1cb1cc205c73df55e5576c3d53dfe5b 2010.0/SRPMS/freetype2-2.3.11-1.4mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: 8bb4d116a20020735920acdef6edb36c 2010.0/x86_64/lib64freetype6-2.3.11-1.4mdv2010.0.x86_64.rpm 3e71bd23288d28261e6494389a945c8d 2010.0/x86_64/lib64freetype6-devel-2.3.11-1.4mdv2010.0.x86_64.rpm 7c720ab93b651535c31fa51ff7a4062d 2010.0/x86_64/lib64freetype6-static-devel-2.3.11-1.4mdv2010.0.x86_64.rpm a1cb1cc205c73df55e5576c3d53dfe5b 2010.0/SRPMS/freetype2-2.3.11-1.4mdv2010.0.src.rpm Mandriva Linux 2010.1: be9c8f1b5cd2f417f0ae646bc8cbc0f2 2010.1/i586/libfreetype6-2.3.12-1.4mdv2010.1.i586.rpm 87165bb194725472642623489e13c3d2 2010.1/i586/libfreetype6-devel-2.3.12-1.4mdv2010.1.i586.rpm f6b9da29780ed1c3d4192a2de2df965a 2010.1/i586/libfreetype6-static-devel-2.3.12-1.4mdv2010.1.i586.rpm 8f9e6f8272bdd85b655f77c3bc0f1186 2010.1/SRPMS/freetype2-2.3.12-1.4mdv2010.1.src.rpm Mandriva Linux 2010.1/X86_64: 426a77c1681ccb983b4421025a705622 2010.1/x86_64/lib64freetype6-2.3.12-1.4mdv2010.1.x86_64.rpm 8847d5d1a4aa7a007e97e60dc638fcb1 2010.1/x86_64/lib64freetype6-devel-2.3.12-1.4mdv2010.1.x86_64.rpm 1d61007c529ec3775d30fd417829590a 2010.1/x86_64/lib64freetype6-static-devel-2.3.12-1.4mdv2010.1.x86_64.rpm 8f9e6f8272bdd85b655f77c3bc0f1186 2010.1/SRPMS/freetype2-2.3.12-1.4mdv2010.1.src.rpm Corporate 4.0: c86147b513f4c157f6790a2e4ada0fd2 corporate/4.0/i586/libfreetype6-2.1.10-9.13.20060mlcs4.i586.rpm a9fa44acaef91683cad125612df13c92 corporate/4.0/i586/libfreetype6-devel-2.1.10-9.13.20060mlcs4.i586.rpm a4aae0884a8a56d305a15b3d46f42cee corporate/4.0/i586/libfreetype6-static-devel-2.1.10-9.13.20060mlcs4.i586.rpm 0a1de080fd2d95e2bfd3a89f3e941742 corporate/4.0/SRPMS/freetype2-2.1.10-9.13.20060mlcs4.src.rpm Corporate 4.0/X86_64: f38670ff2950f26aca44a5aae5668487 corporate/4.0/x86_64/lib64freetype6-2.1.10-9.13.20060mlcs4.x86_64.rpm 23de0669bb0c18c43ca3f4c4143a2a45 corporate/4.0/x86_64/lib64freetype6-devel-2.1.10-9.13.20060mlcs4.x86_64.rpm 487f9047aa914a9ff87fe4642e1dea9f corporate/4.0/x86_64/lib64freetype6-static-devel-2.1.10-9.13.20060mlcs4.x86_64.rpm 0a1de080fd2d95e2bfd3a89f3e941742 corporate/4.0/SRPMS/freetype2-2.1.10-9.13.20060mlcs4.src.rpm Mandriva Enterprise Server 5: f990681b978c21632695ce8026e00e7f mes5/i586/libfreetype6-2.3.7-1.5mdvmes5.1.i586.rpm 4b46a043a230f88dbd8df174ce52bf61 mes5/i586/libfreetype6-devel-2.3.7-1.5mdvmes5.1.i586.rpm 4520f9874288317c70d769b22f36cb72 mes5/i586/libfreetype6-static-devel-2.3.7-1.5mdvmes5.1.i586.rpm e9b104e41904bf0e23fd551ad7537696 mes5/SRPMS/freetype2-2.3.7-1.5mdvmes5.1.src.rpm Mandriva Enterprise Server 5/X86_64: d6c2911551cc1cc010b0b64e8e0b842b mes5/x86_64/lib64freetype6-2.3.7-1.5mdvmes5.1.x86_64.rpm d772a09bece742077abae2a96a2f7ebd mes5/x86_64/lib64freetype6-devel-2.3.7-1.5mdvmes5.1.x86_64.rpm d0ecc6df23b6aa94fdaf945756d47ccd mes5/x86_64/lib64freetype6-static-devel-2.3.7-1.5mdvmes5.1.x86_64.rpm e9b104e41904bf0e23fd551ad7537696 mes5/SRPMS/freetype2-2.3.7-1.5mdvmes5.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFMtcWRmqjQ0CJFipgRAgQgAJ4+cTAwi6mX+HqQDY6h4R8SF5RWUwCgmD44 +a5z4ffWY3Qm4BrHauRwMnA= =TX/N -----END PGP SIGNATURE-----