lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1Ojd5J-0001jz-Gs@titan.mandriva.com>
Date: Thu, 12 Aug 2010 21:05:01 +0200
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2010:149 ] freetype2

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:149
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : freetype2
 Date    : August 12, 2010
 Affected: 2008.0, 2009.0, 2009.1, 2010.0, 2010.1, Corporate 4.0,
           Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been discovered and corrected in freetype2:
 
 Multiple stack overflow flaws have been reported in the way FreeType
 font rendering engine processed certain CFF opcodes. An attacker
 could use these flaws to create a specially-crafted font file that,
 when opened, would cause an application linked against libfreetype
 to crash, or, possibly execute arbitrary code (CVE-2010-1797).
 
 Packages for 2008.0 and 2009.0 are provided as of the Extended
 Maintenance Program. Please visit this link to learn more:
 http://store.mandriva.com/product_info.php?cPath=149&products_id=490
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1797
 https://bugzilla.redhat.com/show_bug.cgi?id=621144
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.0:
 e5b2f1ac6039b90de44e4c54a7dc15ad  2008.0/i586/libfreetype6-2.3.5-2.4mdv2008.0.i586.rpm
 ec559f7f70f91973c7c3337d170c2bf1  2008.0/i586/libfreetype6-devel-2.3.5-2.4mdv2008.0.i586.rpm
 0f87bab9e3ba83faf24b13b13e8a16a5  2008.0/i586/libfreetype6-static-devel-2.3.5-2.4mdv2008.0.i586.rpm 
 0d6118b220d595e52174eb7cc2675980  2008.0/SRPMS/freetype2-2.3.5-2.4mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 5d3a64ac00fb880838ea068bceb28055  2008.0/x86_64/lib64freetype6-2.3.5-2.4mdv2008.0.x86_64.rpm
 d052dabc9b4f9fa41863eb8ca1fe334b  2008.0/x86_64/lib64freetype6-devel-2.3.5-2.4mdv2008.0.x86_64.rpm
 281d278bf445567d29c510d0d27f7489  2008.0/x86_64/lib64freetype6-static-devel-2.3.5-2.4mdv2008.0.x86_64.rpm 
 0d6118b220d595e52174eb7cc2675980  2008.0/SRPMS/freetype2-2.3.5-2.4mdv2008.0.src.rpm

 Mandriva Linux 2009.0:
 ed81cc7ed3660ce94c3c6d00d556ac18  2009.0/i586/libfreetype6-2.3.7-1.3mdv2009.0.i586.rpm
 325432a13a72aaf457847f4a205b9823  2009.0/i586/libfreetype6-devel-2.3.7-1.3mdv2009.0.i586.rpm
 bcd0dbb954f1a4e09d10e03556ea2497  2009.0/i586/libfreetype6-static-devel-2.3.7-1.3mdv2009.0.i586.rpm 
 373a3d35198adefaabfdb3d75c4359b1  2009.0/SRPMS/freetype2-2.3.7-1.3mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 4af7ec1921662eaa37e6a5b27998cdec  2009.0/x86_64/lib64freetype6-2.3.7-1.3mdv2009.0.x86_64.rpm
 c53e5285ea05fc68168a800df25a9556  2009.0/x86_64/lib64freetype6-devel-2.3.7-1.3mdv2009.0.x86_64.rpm
 3a5b5a4aa2eec538b0479f066fa6e7e7  2009.0/x86_64/lib64freetype6-static-devel-2.3.7-1.3mdv2009.0.x86_64.rpm 
 373a3d35198adefaabfdb3d75c4359b1  2009.0/SRPMS/freetype2-2.3.7-1.3mdv2009.0.src.rpm

 Mandriva Linux 2009.1:
 ce6a11ba3156f8e1ac8339bf3c94f709  2009.1/i586/libfreetype6-2.3.9-1.4mdv2009.1.i586.rpm
 dc2573dc94973052652f2481651e927a  2009.1/i586/libfreetype6-devel-2.3.9-1.4mdv2009.1.i586.rpm
 aee56bcfbed1899495f00e87ddaed7ce  2009.1/i586/libfreetype6-static-devel-2.3.9-1.4mdv2009.1.i586.rpm 
 aaa5a09d40624240e901b31d4f0e98c0  2009.1/SRPMS/freetype2-2.3.9-1.4mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 9e51fa000bb7e106189845ca6694ae15  2009.1/x86_64/lib64freetype6-2.3.9-1.4mdv2009.1.x86_64.rpm
 2ec9a71562a8d40a8accaf967b3c2a75  2009.1/x86_64/lib64freetype6-devel-2.3.9-1.4mdv2009.1.x86_64.rpm
 8e87a5ba6fd376aeceef71fe5b809f86  2009.1/x86_64/lib64freetype6-static-devel-2.3.9-1.4mdv2009.1.x86_64.rpm 
 aaa5a09d40624240e901b31d4f0e98c0  2009.1/SRPMS/freetype2-2.3.9-1.4mdv2009.1.src.rpm

 Mandriva Linux 2010.0:
 faf191e76adc0e2f8f4bebfd97f36a49  2010.0/i586/libfreetype6-2.3.11-1.2mdv2010.0.i586.rpm
 7202581d10580a63ba28eb4b0dce708c  2010.0/i586/libfreetype6-devel-2.3.11-1.2mdv2010.0.i586.rpm
 ecaad382e83f7005a1d76a585dfe879c  2010.0/i586/libfreetype6-static-devel-2.3.11-1.2mdv2010.0.i586.rpm 
 3c34f8f0e0352ef0a11c57d4eadc1ccd  2010.0/SRPMS/freetype2-2.3.11-1.2mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 9ffe17211ba4e4a6aa67e73e4c22e020  2010.0/x86_64/lib64freetype6-2.3.11-1.2mdv2010.0.x86_64.rpm
 eebaba0b5509b21da03a432699198342  2010.0/x86_64/lib64freetype6-devel-2.3.11-1.2mdv2010.0.x86_64.rpm
 90e215bda5483ee6b5d5ca74bfedf7c0  2010.0/x86_64/lib64freetype6-static-devel-2.3.11-1.2mdv2010.0.x86_64.rpm 
 3c34f8f0e0352ef0a11c57d4eadc1ccd  2010.0/SRPMS/freetype2-2.3.11-1.2mdv2010.0.src.rpm

 Mandriva Linux 2010.1:
 437be09971963217a5daef5dc04d451b  2010.1/i586/libfreetype6-2.3.12-1.2mdv2010.1.i586.rpm
 42f5ddeeb25353a9fa20677112e9ae7c  2010.1/i586/libfreetype6-devel-2.3.12-1.2mdv2010.1.i586.rpm
 c77ce226104a1febd22c920c73a807f7  2010.1/i586/libfreetype6-static-devel-2.3.12-1.2mdv2010.1.i586.rpm 
 11f6a185216335c804f0988621dd637c  2010.1/SRPMS/freetype2-2.3.12-1.2mdv2010.1.src.rpm

 Mandriva Linux 2010.1/X86_64:
 a4a5170f277a9654f19b208deab8027c  2010.1/x86_64/lib64freetype6-2.3.12-1.2mdv2010.1.x86_64.rpm
 4637ff02b2739b2d29c94333f00ce59e  2010.1/x86_64/lib64freetype6-devel-2.3.12-1.2mdv2010.1.x86_64.rpm
 20a9488e5100b9a4f925fb777e00248d  2010.1/x86_64/lib64freetype6-static-devel-2.3.12-1.2mdv2010.1.x86_64.rpm 
 11f6a185216335c804f0988621dd637c  2010.1/SRPMS/freetype2-2.3.12-1.2mdv2010.1.src.rpm

 Corporate 4.0:
 516a71993da7404ae96b14699cb1aa5f  corporate/4.0/i586/libfreetype6-2.1.10-9.11.20060mlcs4.i586.rpm
 839108110543d3243a725c3c2153ea46  corporate/4.0/i586/libfreetype6-devel-2.1.10-9.11.20060mlcs4.i586.rpm
 8c912e309a35917d533fcf3be251f662  corporate/4.0/i586/libfreetype6-static-devel-2.1.10-9.11.20060mlcs4.i586.rpm 
 e6e59f81030a80f5a1704f130e34b3ec  corporate/4.0/SRPMS/freetype2-2.1.10-9.11.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 cf591c59af6e46e62609ff34892f52d3  corporate/4.0/x86_64/lib64freetype6-2.1.10-9.11.20060mlcs4.x86_64.rpm
 55e0f089dee699185f317e863b12c590  corporate/4.0/x86_64/lib64freetype6-devel-2.1.10-9.11.20060mlcs4.x86_64.rpm
 7eec0361fb43382f4aa9558e2698af89  corporate/4.0/x86_64/lib64freetype6-static-devel-2.1.10-9.11.20060mlcs4.x86_64.rpm 
 e6e59f81030a80f5a1704f130e34b3ec  corporate/4.0/SRPMS/freetype2-2.1.10-9.11.20060mlcs4.src.rpm

 Mandriva Enterprise Server 5:
 cfed1363663ad29113cb1655c3e56429  mes5/i586/libfreetype6-2.3.7-1.3mdvmes5.1.i586.rpm
 bfc520ee4832553381a304209442dcc1  mes5/i586/libfreetype6-devel-2.3.7-1.3mdvmes5.1.i586.rpm
 92f6f546f2dad9a2bf7031261079294a  mes5/i586/libfreetype6-static-devel-2.3.7-1.3mdvmes5.1.i586.rpm 
 d32510c26f462ffb120f4c4284f412d4  mes5/SRPMS/freetype2-2.3.7-1.3mdvmes5.1.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 35c99bfa9c7a0799a4f304d3a2de2f11  mes5/x86_64/lib64freetype6-2.3.7-1.3mdvmes5.1.x86_64.rpm
 9dcb3dfb3769618d8b2c93f3f4ba53db  mes5/x86_64/lib64freetype6-devel-2.3.7-1.3mdvmes5.1.x86_64.rpm
 165edd82ca0492d88d393e8a65ad5869  mes5/x86_64/lib64freetype6-static-devel-2.3.7-1.3mdvmes5.1.x86_64.rpm 
 d32510c26f462ffb120f4c4284f412d4  mes5/SRPMS/freetype2-2.3.7-1.3mdvmes5.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFMZBO6mqjQ0CJFipgRAvckAKCpFuRGLxgICBqETRTbXhdZpg8RywCgjKjm
46cbqAt0xVJvR5AdhA3z/FY=
=T9it
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ