Debian: DSA-2105-1: New freetype packages fix several vulnerabilities

    Date07 Sep 2010
    CategoryDebian
    69
    Posted ByLinuxSecurity Advisories
    Several vulnerabilities have been discovered in the FreeType font library. The Common Vulnerabilities and Exposures project identifies the following problems:
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-2105-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                        Giuseppe Iuculano
    September 07, 2010                    http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : freetype
    Vulnerability  : several
    Problem type   : local(remote)
    Debian-specific: no
    CVE Id(s)      : CVE-2010-1797 CVE-2010-2541 CVE-2010-2805 CVE-2010-2806
                     CVE-2010-2807 CVE-2010-2808 CVE-2010-3053
    
    
    Several vulnerabilities have been discovered in the FreeType font 
    library. The Common Vulnerabilities and Exposures project identifies the
    following problems:
    
    CVE-2010-1797
    
      Multiple stack-based buffer overflows in the 
      cff_decoder_parse_charstrings function in the CFF Type2 CharStrings
      interpreter in cff/cffgload.c in FreeType allow remote attackers to
      execute arbitrary code or cause a denial of service (memory
      corruption) via crafted CFF opcodes in embedded fonts in a PDF
      document, as demonstrated by JailbreakMe.
    
    CVE-2010-2541
    
      Buffer overflow in ftmulti.c in the ftmulti demo program in FreeType
      allows remote attackers to cause a denial of service (application
      crash) or possibly execute arbitrary code via a crafted font file.
    
    CVE-2010-2805
    
      The FT_Stream_EnterFrame function in base/ftstream.c in FreeType does
      not properly validate certain position values, which allows remote
      attackers to cause a denial of service (application crash) or
      possibly execute arbitrary code via a crafted font file
    
    CVE-2010-2806
    
      Array index error in the t42_parse_sfnts function in
      type42/t42parse.c in FreeType allows remote attackers to cause a
      denial of service (application crash) or possibly execute arbitrary
      code via negative size values for certain strings in FontType42 font
      files, leading to a heap-based buffer overflow.
    
    CVE-2010-2807
    
      FreeType uses incorrect integer data types during bounds checking,
      which allows remote attackers to cause a denial of service
      (application crash) or possibly execute arbitrary code via a crafted
      font file.
    
    CVE-2010-2808
    
      Buffer overflow in the Mac_Read_POST_Resource function in
      base/ftobjs.c in FreeType allows remote attackers to cause a denial
      of service (memory corruption and application crash) or possibly
      execute arbitrary code via a crafted Adobe Type 1 Mac Font File (aka
      LWFN) font.
    
    CVE-2010-3053
    
      bdf/bdflib.c in FreeType allows remote attackers to cause a denial of
      service (application crash) via a crafted BDF font file, related to
      an attempted modification of a value in a static string.
    
    
    For the stable distribution (lenny), these problems have been fixed in
    version 2.3.7-2+lenny3
    
    For the unstable distribution (sid) and the testing distribution
    (squeeze), these problems have been fixed in version 2.4.2-1
    
    
    We recommend that you upgrade your freetype package.
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 5.0 alias lenny
    - --------------------------------
    
    Debian (stable)
    - ---------------
    
    Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny3.diff.gz
        Size/MD5 checksum:    39230 95a3841e7258573ca2d3e0075b8e7f73
      http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7.orig.tar.gz
        Size/MD5 checksum:  1567540 c1a9f44fde316470176fd6d66af3a0e8
      http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny3.dsc
        Size/MD5 checksum:     1219 2a2bf3d4568d92e2a48ebcda38140e73
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_alpha.deb
        Size/MD5 checksum:   775278 2f2ca060588fc33b6d7baae02201dbd2
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_alpha.deb
        Size/MD5 checksum:   412188 ad9537e93ed3fb61f9348470940f3ce5
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_alpha.udeb
        Size/MD5 checksum:   296592 e689b1c4b6bd7779e44d1cd641be9622
      http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_alpha.deb
        Size/MD5 checksum:   253786 287a98ca57139d4dee8041eba2881e3b
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_amd64.deb
        Size/MD5 checksum:   713260 f1d4002e7b6d185ff9f46bc25d67c4c9
      http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_amd64.deb
        Size/MD5 checksum:   223170 cb00f76d826be115243faa9dfd0b8a91
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_amd64.udeb
        Size/MD5 checksum:   269796 40762e686138c27ac92b20174e67012e
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_amd64.deb
        Size/MD5 checksum:   385848 0294d7e3e1d6b37532f98344a9849cde
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_arm.deb
        Size/MD5 checksum:   686154 fbe32c7124ba2ce093b31f46736e002b
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_arm.deb
        Size/MD5 checksum:   357158 0d793d543a33cfa192098234c925d639
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_arm.udeb
        Size/MD5 checksum:   242196 1cfc9f7dc6a7cd0843aa234bab35b69e
      http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_arm.deb
        Size/MD5 checksum:   205120 39ab4dfbc19c8a63affc493e0b5aaf2d
    
    armel architecture (ARM EABI)
    
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_armel.deb
        Size/MD5 checksum:   684568 325686fbc2fba7687da424ada57b9419
      http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_armel.deb
        Size/MD5 checksum:   209992 69f6a68fb90658ec74dfd7cc7cc0b766
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_armel.udeb
        Size/MD5 checksum:   236564 a48afca5c6798d16b140b3362dfac0ca
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_armel.deb
        Size/MD5 checksum:   353814 76960109910d6de2f74ec0e345f00854
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_i386.udeb
        Size/MD5 checksum:   254452 a34af74eda0feb2b763cfc6f5b8330c1
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_i386.deb
        Size/MD5 checksum:   371586 ec294ffffeb9ddec389e3e988d880534
      http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_i386.deb
        Size/MD5 checksum:   198558 3283ad058d37eed8bca46df743c6a915
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_i386.deb
        Size/MD5 checksum:   684624 014d335b35ed41022adb628796a0c122
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_ia64.deb
        Size/MD5 checksum:   332160 2dbb364f09414e4b0e0f59d9e91d1edc
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_ia64.deb
        Size/MD5 checksum:   876692 2f6d3421d6c8424523388347c5640666
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_ia64.deb
        Size/MD5 checksum:   531496 5dd7755f63271f597b64c3f513e8e7f1
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_ia64.udeb
        Size/MD5 checksum:   415934 ea2ba16157b3504d8b9c8f251b69b16f
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_mips.deb
        Size/MD5 checksum:   717022 9ee8c246af10f4bf7cdf5cdc54010dd6
      http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_mips.deb
        Size/MD5 checksum:   213212 3641ad81738e8935c5df2b648383c8e0
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_mips.deb
        Size/MD5 checksum:   369018 18559e273ffcea5614e71ab32b95ef47
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_mips.udeb
        Size/MD5 checksum:   253924 1be1e224f27a780beb6799d55fa74663
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_mipsel.deb
        Size/MD5 checksum:   369772 6181d98166fe1f004fb033f2665ce4af
      http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_mipsel.deb
        Size/MD5 checksum:   214802 6edbec67ff79e96921d1fe4bf57b0fce
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_mipsel.deb
        Size/MD5 checksum:   712502 4a99ccc68b1913f88901c5e0686fea4f
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_mipsel.udeb
        Size/MD5 checksum:   254212 e30825a94175fd78a561b8365392cbad
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_powerpc.udeb
        Size/MD5 checksum:   262804 d35ced8ba625f39dc7a04e3e61e0d49d
      http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_powerpc.deb
        Size/MD5 checksum:   233882 6e294c19dd0109ee80fe6cd401b6a185
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_powerpc.deb
        Size/MD5 checksum:   378612 c96a180e7132c543396486b14107cdad
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_powerpc.deb
        Size/MD5 checksum:   708212 9602a7786b2ebffd1d75d443901574c5
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_s390.deb
        Size/MD5 checksum:   225190 393c9515f7cd89bcd8b0c38d6d6dd7ac
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_s390.deb
        Size/MD5 checksum:   384160 4e20bc56e5fc65fb08529d8765d28850
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_s390.deb
        Size/MD5 checksum:   698798 f589b6b8882d998bb7b89fa1dfa40b3a
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_s390.udeb
        Size/MD5 checksum:   268272 7b6511b9ad657aa165e906a4fcbfee11
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_sparc.deb
        Size/MD5 checksum:   200078 29c1833cbde5b4da5c2e35aaf856ab58
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_sparc.udeb
        Size/MD5 checksum:   235424 e64a8fc3b744253b22161e31fbb6e92a
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_sparc.deb
        Size/MD5 checksum:   352544 a7f480889460b104bbab16fd8d8da2d5
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_sparc.deb
        Size/MD5 checksum:   676520 6d0f57a5bd6457a9b9b85271c7001531
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and http://packages.debian.org/
    
    You are not authorised to post comments.

    Comments powered by CComment

    Advisories

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"64","type":"x","order":"1","pct":57.14,"resources":[]},{"id":"88","title":"Should be more technical","votes":"15","type":"x","order":"2","pct":13.39,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"33","type":"x","order":"3","pct":29.46,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.