lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1OaaBU-0003YM-LY@titan.mandriva.com>
Date: Sun, 18 Jul 2010 22:10:00 +0200
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2010:137 ] freetype2


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:137
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : freetype2
 Date    : July 18, 2010
 Affected: 2008.0, 2009.0, 2009.1, 2010.0, 2010.1, Corporate 4.0,
           Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been found and corrected in freetype2:
 
 Multiple integer underflows/overflows and heap buffer overflows was
 discovered and fixed (CVE-2010-2497, CVE-2010-2498, CVE-2010-2499,
 CVE-2010-2500, CVE-2010-2519).
 
 A heap buffer overflow was discovered in the bytecode support. The
 bytecode support is NOT enabled per default in Mandriva due to previous
 patent claims, but packages by PLF is affected (CVE-2010-2520).
 
 Packages for 2008.0 and 2009.0 are provided as of the Extended
 Maintenance Program. Please visit this link to learn more:
 http://store.mandriva.com/product_info.php?cPath=149&products_id=490
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2497
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2498
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2499
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2500
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2519
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2520
 http://savannah.nongnu.org/bugs/index.php?30082
 http://savannah.nongnu.org/bugs/index.php?30083
 http://savannah.nongnu.org/bugs/index.php?30106
 http://savannah.nongnu.org/bugs/index.php?30248
 http://savannah.nongnu.org/bugs/index.php?30249
 http://savannah.nongnu.org/bugs/index.php?30263
 http://savannah.nongnu.org/bugs/index.php?30306
 http://savannah.nongnu.org/bugs/index.php?30361
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.0:
 a350e339a4fe6a22f36657cabbe6141a  2008.0/i586/libfreetype6-2.3.5-2.3mdv2008.0.i586.rpm
 bc9f891fe8d8a8c714d2534e06ad43d4  2008.0/i586/libfreetype6-devel-2.3.5-2.3mdv2008.0.i586.rpm
 a50784f5664168dc977a3ddcd493086a  2008.0/i586/libfreetype6-static-devel-2.3.5-2.3mdv2008.0.i586.rpm 
 1d1dbb9f37f74602796924f7ca63dce8  2008.0/SRPMS/freetype2-2.3.5-2.3mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 5ab49d2b55215d52399a254cf50a1956  2008.0/x86_64/lib64freetype6-2.3.5-2.3mdv2008.0.x86_64.rpm
 f820a98378b967322135bb10b75327c5  2008.0/x86_64/lib64freetype6-devel-2.3.5-2.3mdv2008.0.x86_64.rpm
 61ff08937d8ae39f41a1851b2b042ff3  2008.0/x86_64/lib64freetype6-static-devel-2.3.5-2.3mdv2008.0.x86_64.rpm 
 1d1dbb9f37f74602796924f7ca63dce8  2008.0/SRPMS/freetype2-2.3.5-2.3mdv2008.0.src.rpm

 Mandriva Linux 2009.0:
 f017f08c4b65d81140aa847e61c234a4  2009.0/i586/libfreetype6-2.3.7-1.2mdv2009.0.i586.rpm
 e2a712f6d532fa7cede07ff456b1f659  2009.0/i586/libfreetype6-devel-2.3.7-1.2mdv2009.0.i586.rpm
 b7b0c9acd3e79d7df842a0b8708386d2  2009.0/i586/libfreetype6-static-devel-2.3.7-1.2mdv2009.0.i586.rpm 
 2a9fe20c41938453790e8554dd7a38b2  2009.0/SRPMS/freetype2-2.3.7-1.2mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 06e1c0b0330ea7485f0a1058e3ea410c  2009.0/x86_64/lib64freetype6-2.3.7-1.2mdv2009.0.x86_64.rpm
 2e8d45b79ca52ec58b701b058d5042e5  2009.0/x86_64/lib64freetype6-devel-2.3.7-1.2mdv2009.0.x86_64.rpm
 73758504e74f747a577ba14f91d1fff6  2009.0/x86_64/lib64freetype6-static-devel-2.3.7-1.2mdv2009.0.x86_64.rpm 
 2a9fe20c41938453790e8554dd7a38b2  2009.0/SRPMS/freetype2-2.3.7-1.2mdv2009.0.src.rpm

 Mandriva Linux 2009.1:
 df9d47720ebf2d9dcc3574a3b28f1f41  2009.1/i586/libfreetype6-2.3.9-1.3mdv2009.1.i586.rpm
 32517c3e3680189ababc2bfb316dcbca  2009.1/i586/libfreetype6-devel-2.3.9-1.3mdv2009.1.i586.rpm
 35577f7a2056c88f572f6bd646332b9a  2009.1/i586/libfreetype6-static-devel-2.3.9-1.3mdv2009.1.i586.rpm 
 2bd93e051bc87216b866f2e342868cda  2009.1/SRPMS/freetype2-2.3.9-1.3mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 93d370c19ed7db70983a379745fd26c0  2009.1/x86_64/lib64freetype6-2.3.9-1.3mdv2009.1.x86_64.rpm
 7f10623f49b55097ac9eafab3b47b0f4  2009.1/x86_64/lib64freetype6-devel-2.3.9-1.3mdv2009.1.x86_64.rpm
 739ba87a09510c56db2efddcf7b025a6  2009.1/x86_64/lib64freetype6-static-devel-2.3.9-1.3mdv2009.1.x86_64.rpm 
 2bd93e051bc87216b866f2e342868cda  2009.1/SRPMS/freetype2-2.3.9-1.3mdv2009.1.src.rpm

 Mandriva Linux 2010.0:
 6d902cc9de35aa3be96aedc53e42fbc8  2010.0/i586/libfreetype6-2.3.11-1.1mdv2010.0.i586.rpm
 15499b1ad5daf5e8eef7bd02081b2b9a  2010.0/i586/libfreetype6-devel-2.3.11-1.1mdv2010.0.i586.rpm
 ed079e1c8bba12831544e89f41f61902  2010.0/i586/libfreetype6-static-devel-2.3.11-1.1mdv2010.0.i586.rpm 
 26c3d66563a661b2d5dd4320006608e8  2010.0/SRPMS/freetype2-2.3.11-1.1mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 a74b2d177174752d43977810e821c6c7  2010.0/x86_64/lib64freetype6-2.3.11-1.1mdv2010.0.x86_64.rpm
 9c50ecf9f507944ee152f5984a79db8c  2010.0/x86_64/lib64freetype6-devel-2.3.11-1.1mdv2010.0.x86_64.rpm
 3522e4b48ea9970bdd6aabfb22aa0edd  2010.0/x86_64/lib64freetype6-static-devel-2.3.11-1.1mdv2010.0.x86_64.rpm 
 26c3d66563a661b2d5dd4320006608e8  2010.0/SRPMS/freetype2-2.3.11-1.1mdv2010.0.src.rpm

 Mandriva Linux 2010.1:
 0f19f70a4e6d8c02beab6648c23b8285  2010.1/i586/libfreetype6-2.3.12-1.1mdv2010.1.i586.rpm
 5a934ad9a2f448f9329ec6af80333111  2010.1/i586/libfreetype6-devel-2.3.12-1.1mdv2010.1.i586.rpm
 241e874e820a0970f98b707b8291c340  2010.1/i586/libfreetype6-static-devel-2.3.12-1.1mdv2010.1.i586.rpm 
 592e74e5a310612d4e1b8660e94a712b  2010.1/SRPMS/freetype2-2.3.12-1.1mdv2010.1.src.rpm

 Mandriva Linux 2010.1/X86_64:
 0771262b102961d7edc94575528d5948  2010.1/x86_64/lib64freetype6-2.3.12-1.1mdv2010.1.x86_64.rpm
 01f630dde7c5896f9152e2a1d1ad141d  2010.1/x86_64/lib64freetype6-devel-2.3.12-1.1mdv2010.1.x86_64.rpm
 9c8e3745e78491cdfb2a039181de7e86  2010.1/x86_64/lib64freetype6-static-devel-2.3.12-1.1mdv2010.1.x86_64.rpm 
 592e74e5a310612d4e1b8660e94a712b  2010.1/SRPMS/freetype2-2.3.12-1.1mdv2010.1.src.rpm

 Corporate 4.0:
 b47474a48a5374b118a03dedb32675df  corporate/4.0/i586/libfreetype6-2.1.10-9.10.20060mlcs4.i586.rpm
 ddd413cc050cc9bb5b36339b749f784a  corporate/4.0/i586/libfreetype6-devel-2.1.10-9.10.20060mlcs4.i586.rpm
 96eccead61eb74c0ca706349f27fd318  corporate/4.0/i586/libfreetype6-static-devel-2.1.10-9.10.20060mlcs4.i586.rpm 
 3d08f8107cc7abab6570adb06b985ea2  corporate/4.0/SRPMS/freetype2-2.1.10-9.10.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 6b01ebbb7476d3cc2d2a469d4250df63  corporate/4.0/x86_64/lib64freetype6-2.1.10-9.10.20060mlcs4.x86_64.rpm
 9ace9cf4dee54ad6a78b126f3ff1cdd6  corporate/4.0/x86_64/lib64freetype6-devel-2.1.10-9.10.20060mlcs4.x86_64.rpm
 7a17d135bb1d36852c271fa353e50da0  corporate/4.0/x86_64/lib64freetype6-static-devel-2.1.10-9.10.20060mlcs4.x86_64.rpm 
 3d08f8107cc7abab6570adb06b985ea2  corporate/4.0/SRPMS/freetype2-2.1.10-9.10.20060mlcs4.src.rpm

 Mandriva Enterprise Server 5:
 ab6b886c00b3956805885f42bb480d19  mes5/i586/libfreetype6-2.3.7-1.2mdvmes5.1.i586.rpm
 184fc3238d6f761a727a51582d0ff2ff  mes5/i586/libfreetype6-devel-2.3.7-1.2mdvmes5.1.i586.rpm
 b414bb7c2e78d7606a096bcda6ea2730  mes5/i586/libfreetype6-static-devel-2.3.7-1.2mdvmes5.1.i586.rpm 
 d9fefde1ace3f7127c95fffb678b56bc  mes5/SRPMS/freetype2-2.3.7-1.2mdvmes5.1.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 011bff1c7507d1c5b9039f9c48865f5e  mes5/x86_64/lib64freetype6-2.3.7-1.2mdvmes5.1.x86_64.rpm
 9a0b94b603f3765dc61590af87016b46  mes5/x86_64/lib64freetype6-devel-2.3.7-1.2mdvmes5.1.x86_64.rpm
 ef94a826eb1218e9f6d027f50c1abad5  mes5/x86_64/lib64freetype6-static-devel-2.3.7-1.2mdvmes5.1.x86_64.rpm 
 d9fefde1ace3f7127c95fffb678b56bc  mes5/SRPMS/freetype2-2.3.7-1.2mdvmes5.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFMQy2YmqjQ0CJFipgRAltfAJ4x+MQOm7pdWHXtx2uj6129UFUHWwCfcRSu
ff6oX1VrH4m/hTnNaqDy5Nw=
=XCr9
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ