[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060608143303.GH5127@piware.de>
Date: Thu, 8 Jun 2006 16:33:03 +0200
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-291-1] FreeType vulnerabilities
===========================================================
Ubuntu Security Notice USN-291-1 June 08, 2006
freetype vulnerabilities
CVE-2006-0747, CVE-2006-1861, CVE-2006-2493, CVE-2006-2661
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 5.04:
libfreetype6 2.1.7-2.3ubuntu0.1
Ubuntu 5.10:
libfreetype6 2.1.7-2.4ubuntu1.1
Ubuntu 6.06 LTS:
libfreetype6 2.1.10-1ubuntu2.1
After a standard system upgrade you need to reboot your computer to
effect the necessary changes.
Details follow:
Several integer overflows have been discovered in the FreeType
library. By tricking a user into installing and/or opening a specially
crafted font file, these could be exploited to execute arbitrary code
with the privileges of that user.
Updated packages for Ubuntu 5.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.7-2.3ubuntu0.1.diff.gz
Size/MD5: 55085 0be8f928fd34db525db66f8cd07f79e2
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.7-2.3ubuntu0.1.dsc
Size/MD5: 695 55710d777fdc8cee093e4eb17d03b8e4
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.7.orig.tar.gz
Size/MD5: 1245623 991ff86e88b075ba363e876f4ea58680
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.7-2.3ubuntu0.1_amd64.deb
Size/MD5: 76248 654defa84e451a720843e160d9e0ad4b
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.7-2.3ubuntu0.1_amd64.deb
Size/MD5: 723698 ac752c537fcd86b0e15366f75237c8c4
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.7-2.3ubuntu0.1_amd64.udeb
Size/MD5: 238246 7bcc9b311d84ac923693484563415fc0
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.7-2.3ubuntu0.1_amd64.deb
Size/MD5: 389494 0c1c61803010adc6ac4303e0ed34cab4
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.7-2.3ubuntu0.1_i386.deb
Size/MD5: 57070 96143b6b668cdf1301a1f0d8cb935f38
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.7-2.3ubuntu0.1_i386.deb
Size/MD5: 688162 c16278b396bc6a3932e6488f6a4302d6
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.7-2.3ubuntu0.1_i386.udeb
Size/MD5: 208092 ce4669a078ce4c5cd25e53e372fbc0f2
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.7-2.3ubuntu0.1_i386.deb
Size/MD5: 358818 1e05d62b7c8fd3ed25ce9590289038b7
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.7-2.3ubuntu0.1_powerpc.deb
Size/MD5: 81974 261cb107a20048a653b7363e5e763095
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.7-2.3ubuntu0.1_powerpc.deb
Size/MD5: 730026 45f7603197520093383be1bc4ef71768
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.7-2.3ubuntu0.1_powerpc.udeb
Size/MD5: 227736 82ba5fdb752f1e14a168356eb58040d4
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.7-2.3ubuntu0.1_powerpc.deb
Size/MD5: 378628 560ddb84ab50151db4950def5ca94f20
Updated packages for Ubuntu 5.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.7-2.4ubuntu1.1.diff.gz
Size/MD5: 56497 c0d09dab367b91d60391bfbe1614a751
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.7-2.4ubuntu1.1.dsc
Size/MD5: 695 baa464576ecff8f71180b69c43f3d3d7
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.7.orig.tar.gz
Size/MD5: 1245623 991ff86e88b075ba363e876f4ea58680
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.7-2.4ubuntu1.1_amd64.deb
Size/MD5: 75536 763397ace4438b17c1d553e742164392
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.7-2.4ubuntu1.1_amd64.deb
Size/MD5: 722918 ab4ac77fc4c341c5b9e3e5d8b7cd03ad
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.7-2.4ubuntu1.1_amd64.udeb
Size/MD5: 241670 71a3a0944b74daf49d428096258481d4
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.7-2.4ubuntu1.1_amd64.deb
Size/MD5: 392814 ac0b9929a7839fe770b81d8934811f91
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.7-2.4ubuntu1.1_i386.deb
Size/MD5: 52860 a37576a3dbe5adfed3a05c4fbddb19b2
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.7-2.4ubuntu1.1_i386.deb
Size/MD5: 686328 4f072876bcec9df39915a566ac49e2a2
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.7-2.4ubuntu1.1_i386.udeb
Size/MD5: 209218 a9d8c9cab213fbe51a8eef52a4267ea8
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.7-2.4ubuntu1.1_i386.deb
Size/MD5: 361040 66daf7be5122e8369b7085911474324c
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.7-2.4ubuntu1.1_powerpc.deb
Size/MD5: 80650 225e45de7b0bef7738099c6ab540d837
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.7-2.4ubuntu1.1_powerpc.deb
Size/MD5: 729230 389b6d1fff87a233ac1069f2f6e8eeda
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.7-2.4ubuntu1.1_powerpc.udeb
Size/MD5: 230578 78766403e83e824b01f3766536aef1b6
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.7-2.4ubuntu1.1_powerpc.deb
Size/MD5: 382364 042a895f84a516016cf9bf7356c2b447
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.10-1ubuntu2.1.diff.gz
Size/MD5: 58558 79b6094aa1485cb4b51492a694ad2467
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.10-1ubuntu2.1.dsc
Size/MD5: 712 6618f5ae25407290002cd630a1cb192c
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.10.orig.tar.gz
Size/MD5: 1323617 adf145ce51196ad1b3054d5fb032efe6
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.1_amd64.deb
Size/MD5: 133860 b0e59ff50e7416e9a2c4fc8ba1788c9e
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.1_amd64.deb
Size/MD5: 717390 0fcd39ae070d8a8430a8cd543ce8b704
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.1_amd64.udeb
Size/MD5: 251578 1fb9bc4ea48ec0ae313ccd5c8168dcbc
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.1_amd64.deb
Size/MD5: 439670 fad383210a9aa49c63860ad8a1e289e7
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.1_i386.deb
Size/MD5: 117362 a685d9019bb23650e2f283dd059ed095
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.1_i386.deb
Size/MD5: 677390 7e56e5fd91125b15d28f59f15bb38689
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.1_i386.udeb
Size/MD5: 227202 6655ab5bcef72341109e6a9ac070a945
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.1_i386.deb
Size/MD5: 415304 a3cd03083f522a103c4580cbfc335297
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.1_powerpc.deb
Size/MD5: 134240 47d1ce7690132ebaf7e0f434a0f0b25a
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.1_powerpc.deb
Size/MD5: 708398 f76b4949a148fe47b55fe17de22ccc64
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.1_powerpc.udeb
Size/MD5: 241400 7837a5d97bba618e35fcfc085e91e9ae
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.1_powerpc.deb
Size/MD5: 429784 93f21b206f517f81b6498fe791e5ef3a
Download attachment "signature.asc" of type "application/pgp-signature" (192 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists