lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20100714200445.GA2701@galadriel.inutil.org>
Date: Wed, 14 Jul 2010 22:04:45 +0200
From: Moritz Muehlenhoff <jmm@...ian.org>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 2070-1] New freetype packages fix several vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-2070-1                  security@...ian.org
http://www.debian.org/security/                       Moritz Muehlenhoff
July 14, 2010                         http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : freetype
Vulnerability  : several
Problem type   : local(remote)
Debian-specific: no
CVE Id(s)      : CVE-2010-2497 CVE-2010-2498 CVE-2010-2499 CVE-2010-2500 CVE-2010-2519 CVE-2010-2520 CVE-2010-2527

Robert Swiecki discovered several vulnerabilities in the FreeType font 
library, which could lead to the execution of arbitrary code if a
malformed font file is processed.

Also, several buffer overflows were found in the included demo programs.


For the stable distribution (lenny), these problems have been fixed in
version 2.3.7-2+lenny2.

For the unstable distribution (sid), these problems have been fixed in
version 2.4.0-1.

We recommend that you upgrade your freetype packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny2.dsc
    Size/MD5 checksum:     1219 a5930e5dfa3757bed045a67b7ef0e3e2
  http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7.orig.tar.gz
    Size/MD5 checksum:  1567540 c1a9f44fde316470176fd6d66af3a0e8
  http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny2.diff.gz
    Size/MD5 checksum:    36156 f1cb13247588b40f8f6c9d232df7efde

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_alpha.deb
    Size/MD5 checksum:   775180 d9d1a2680550113aab5a5aa23998458e
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_alpha.deb
    Size/MD5 checksum:   411954 63d800f83bd77f18b9307cd77b5cfd1d
  http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_alpha.deb
    Size/MD5 checksum:   253784 b95be0af80d58e4e0818dd9b66447d9e
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_alpha.udeb
    Size/MD5 checksum:   296564 6e080492ee03692588c5953b36bade6d

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_amd64.udeb
    Size/MD5 checksum:   269680 4c9e6efc6c36f0867c74dde033b97ac8
  http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_amd64.deb
    Size/MD5 checksum:   223010 5b9c55fc8ef35251ccdc3c1d22b13edd
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_amd64.deb
    Size/MD5 checksum:   713084 b5933f78399f7d690f786fb7f04d1eca
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_amd64.deb
    Size/MD5 checksum:   385600 741877f101eef1dd6f77aead47ddbba1

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_arm.deb
    Size/MD5 checksum:   205134 624b8b38b6cea2d569c70a18a5f78934
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_arm.udeb
    Size/MD5 checksum:   242180 d7c5020f9cb5417378b80571bc2eccd4
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_arm.deb
    Size/MD5 checksum:   686080 a12f9cb0b5f76071ed204cfdcc571cd5
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_arm.deb
    Size/MD5 checksum:   356996 ff79207089cce445fa6d0514156f12cf

armel architecture (ARM EABI)

  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_armel.deb
    Size/MD5 checksum:   684278 7654ae1ba45138f11c53da2acce6055c
  http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_armel.deb
    Size/MD5 checksum:   210040 2d05fa53273572a89c81c9085a291fee
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_armel.udeb
    Size/MD5 checksum:   236524 727d731977efad369b51fdc28d42bade
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_armel.deb
    Size/MD5 checksum:   353412 0bd84857e81e20c777cfaa5cf75532f2

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_hppa.deb
    Size/MD5 checksum:   390130 633e25d7f8c8c618d9bae093ccb82ce3
  http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_hppa.deb
    Size/MD5 checksum:   226818 cddac3930a33e08d60652f33c9a74951
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_hppa.deb
    Size/MD5 checksum:   724826 9b77d359086e5379ded04c10e2acd20e
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_hppa.udeb
    Size/MD5 checksum:   273756 4e144120db5dcbf29368b95a783e55ca

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_i386.deb
    Size/MD5 checksum:   198154 db88552ea82caf3939e7b0cf50aaacd6
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_i386.deb
    Size/MD5 checksum:   369100 303fa098f2a6ae9b96dda6911f0bd7fb
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_i386.deb
    Size/MD5 checksum:   681856 df21b1a3835e262d844f60f9da27b279
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_i386.udeb
    Size/MD5 checksum:   254120 bfb155340e5d588d06f09901b508661b

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_ia64.deb
    Size/MD5 checksum:   530172 3eb3af7df07000f3f77046c21476d336
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_ia64.udeb
    Size/MD5 checksum:   415500 a7790020bc8e89e29d22ba21de275386
  http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_ia64.deb
    Size/MD5 checksum:   331586 c0c579a4f47c6239c33cf1b139850d1c
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_ia64.deb
    Size/MD5 checksum:   876158 52006540c63793635d2dcac9f8179dbf

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_mips.deb
    Size/MD5 checksum:   716244 e62cde7460caa83b189326abbe6a5347
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_mips.deb
    Size/MD5 checksum:   370118 606f0b24f3694f40eb5331e8d74c4f3b
  http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_mips.deb
    Size/MD5 checksum:   215180 33b08b6b36a20501276e657c3613701e
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_mips.udeb
    Size/MD5 checksum:   253874 fe4977d926f17b3cbc338ea9926fec40

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_mipsel.udeb
    Size/MD5 checksum:   254212 58be71c203785b01889176e8b028afac
  http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_mipsel.deb
    Size/MD5 checksum:   215322 f376b04c5b8450a03b7299a86cc4a586
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_mipsel.deb
    Size/MD5 checksum:   369756 412a79e35817f664f76dcaab0df63a59
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_mipsel.deb
    Size/MD5 checksum:   716552 3bc89b0f776eaaf3fcd5ec8f6373b599

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_powerpc.deb
    Size/MD5 checksum:   379634 a6f5c6e8ff755639559e55973ec1074d
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_powerpc.deb
    Size/MD5 checksum:   708420 6596bcb33887463503ad0507b216e4ed
  http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_powerpc.deb
    Size/MD5 checksum:   233050 40ee5ec08547be283b808d3afd5f97ba
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_powerpc.udeb
    Size/MD5 checksum:   262690 ed1fff07f9e2f763ca481b2f8599e4af

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_s390.deb
    Size/MD5 checksum:   383824 3fbd3dc038b0ac35b961a964cb1147e6
  http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_s390.deb
    Size/MD5 checksum:   225144 04291aff7589607427d175721aafe8c3
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_s390.udeb
    Size/MD5 checksum:   268070 d565627ddbf45d36920a27b8f42c1f55
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_s390.deb
    Size/MD5 checksum:   698596 f161a20932cbdbb2ccf4d3a30a555231

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_sparc.deb
    Size/MD5 checksum:   351162 9f308ff70921739fffbbfe9fca486a87
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_sparc.deb
    Size/MD5 checksum:   679330 4bee549927cdfc3b52fc62a5f16b3d49
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_sparc.udeb
    Size/MD5 checksum:   235344 ed806b039d7d8868ae9f7c89fe794629
  http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_sparc.deb
    Size/MD5 checksum:   200794 49a26fa64c57498279481a4786919055


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@...ts.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkw+GCUACgkQXm3vHE4uylrkywCgy9GpS2XDmy5Y+pj3JOVAwpFs
mWwAn1lQsDqPntOyBssbJ901IHmL8FW/
=Y+AX
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ