lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060608143303.GH5127@piware.de>
Date: Thu Jun  8 15:33:15 2006
From: martin.pitt at canonical.com (Martin Pitt)
Subject: [USN-291-1] FreeType vulnerabilities

=========================================================== 
Ubuntu Security Notice USN-291-1              June 08, 2006
freetype vulnerabilities
CVE-2006-0747, CVE-2006-1861, CVE-2006-2493, CVE-2006-2661
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:
  libfreetype6                   2.1.7-2.3ubuntu0.1

Ubuntu 5.10:
  libfreetype6                   2.1.7-2.4ubuntu1.1

Ubuntu 6.06 LTS:
  libfreetype6                   2.1.10-1ubuntu2.1

After a standard system upgrade you need to reboot your computer to
effect the necessary changes.

Details follow:

Several integer overflows have been discovered in the FreeType
library. By tricking a user into installing and/or opening a specially
crafted font file, these could be exploited to execute arbitrary code
with the privileges of that user.


Updated packages for Ubuntu 5.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.7-2.3ubuntu0.1.diff.gz
      Size/MD5:    55085 0be8f928fd34db525db66f8cd07f79e2
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.7-2.3ubuntu0.1.dsc
      Size/MD5:      695 55710d777fdc8cee093e4eb17d03b8e4
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.7.orig.tar.gz
      Size/MD5:  1245623 991ff86e88b075ba363e876f4ea58680

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.7-2.3ubuntu0.1_amd64.deb
      Size/MD5:    76248 654defa84e451a720843e160d9e0ad4b
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.7-2.3ubuntu0.1_amd64.deb
      Size/MD5:   723698 ac752c537fcd86b0e15366f75237c8c4
    http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.7-2.3ubuntu0.1_amd64.udeb
      Size/MD5:   238246 7bcc9b311d84ac923693484563415fc0
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.7-2.3ubuntu0.1_amd64.deb
      Size/MD5:   389494 0c1c61803010adc6ac4303e0ed34cab4

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.7-2.3ubuntu0.1_i386.deb
      Size/MD5:    57070 96143b6b668cdf1301a1f0d8cb935f38
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.7-2.3ubuntu0.1_i386.deb
      Size/MD5:   688162 c16278b396bc6a3932e6488f6a4302d6
    http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.7-2.3ubuntu0.1_i386.udeb
      Size/MD5:   208092 ce4669a078ce4c5cd25e53e372fbc0f2
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.7-2.3ubuntu0.1_i386.deb
      Size/MD5:   358818 1e05d62b7c8fd3ed25ce9590289038b7

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.7-2.3ubuntu0.1_powerpc.deb
      Size/MD5:    81974 261cb107a20048a653b7363e5e763095
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.7-2.3ubuntu0.1_powerpc.deb
      Size/MD5:   730026 45f7603197520093383be1bc4ef71768
    http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.7-2.3ubuntu0.1_powerpc.udeb
      Size/MD5:   227736 82ba5fdb752f1e14a168356eb58040d4
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.7-2.3ubuntu0.1_powerpc.deb
      Size/MD5:   378628 560ddb84ab50151db4950def5ca94f20

Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.7-2.4ubuntu1.1.diff.gz
      Size/MD5:    56497 c0d09dab367b91d60391bfbe1614a751
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.7-2.4ubuntu1.1.dsc
      Size/MD5:      695 baa464576ecff8f71180b69c43f3d3d7
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.7.orig.tar.gz
      Size/MD5:  1245623 991ff86e88b075ba363e876f4ea58680

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.7-2.4ubuntu1.1_amd64.deb
      Size/MD5:    75536 763397ace4438b17c1d553e742164392
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.7-2.4ubuntu1.1_amd64.deb
      Size/MD5:   722918 ab4ac77fc4c341c5b9e3e5d8b7cd03ad
    http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.7-2.4ubuntu1.1_amd64.udeb
      Size/MD5:   241670 71a3a0944b74daf49d428096258481d4
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.7-2.4ubuntu1.1_amd64.deb
      Size/MD5:   392814 ac0b9929a7839fe770b81d8934811f91

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.7-2.4ubuntu1.1_i386.deb
      Size/MD5:    52860 a37576a3dbe5adfed3a05c4fbddb19b2
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.7-2.4ubuntu1.1_i386.deb
      Size/MD5:   686328 4f072876bcec9df39915a566ac49e2a2
    http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.7-2.4ubuntu1.1_i386.udeb
      Size/MD5:   209218 a9d8c9cab213fbe51a8eef52a4267ea8
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.7-2.4ubuntu1.1_i386.deb
      Size/MD5:   361040 66daf7be5122e8369b7085911474324c

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.7-2.4ubuntu1.1_powerpc.deb
      Size/MD5:    80650 225e45de7b0bef7738099c6ab540d837
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.7-2.4ubuntu1.1_powerpc.deb
      Size/MD5:   729230 389b6d1fff87a233ac1069f2f6e8eeda
    http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.7-2.4ubuntu1.1_powerpc.udeb
      Size/MD5:   230578 78766403e83e824b01f3766536aef1b6
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.7-2.4ubuntu1.1_powerpc.deb
      Size/MD5:   382364 042a895f84a516016cf9bf7356c2b447

Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.10-1ubuntu2.1.diff.gz
      Size/MD5:    58558 79b6094aa1485cb4b51492a694ad2467
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.10-1ubuntu2.1.dsc
      Size/MD5:      712 6618f5ae25407290002cd630a1cb192c
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.10.orig.tar.gz
      Size/MD5:  1323617 adf145ce51196ad1b3054d5fb032efe6

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.1_amd64.deb
      Size/MD5:   133860 b0e59ff50e7416e9a2c4fc8ba1788c9e
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.1_amd64.deb
      Size/MD5:   717390 0fcd39ae070d8a8430a8cd543ce8b704
    http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.1_amd64.udeb
      Size/MD5:   251578 1fb9bc4ea48ec0ae313ccd5c8168dcbc
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.1_amd64.deb
      Size/MD5:   439670 fad383210a9aa49c63860ad8a1e289e7

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.1_i386.deb
      Size/MD5:   117362 a685d9019bb23650e2f283dd059ed095
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.1_i386.deb
      Size/MD5:   677390 7e56e5fd91125b15d28f59f15bb38689
    http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.1_i386.udeb
      Size/MD5:   227202 6655ab5bcef72341109e6a9ac070a945
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.1_i386.deb
      Size/MD5:   415304 a3cd03083f522a103c4580cbfc335297

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.1_powerpc.deb
      Size/MD5:   134240 47d1ce7690132ebaf7e0f434a0f0b25a
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.1_powerpc.deb
      Size/MD5:   708398 f76b4949a148fe47b55fe17de22ccc64
    http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.1_powerpc.udeb
      Size/MD5:   241400 7837a5d97bba618e35fcfc085e91e9ae
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.1_powerpc.deb
      Size/MD5:   429784 93f21b206f517f81b6498fe791e5ef3a

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060608/8b73b965/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ