Debian: New freetype packages fix arbitary code execution

    Date18 Jul 2007
    CategoryDebian
    3468
    Posted ByLinuxSecurity Advisories
    A problem was discovered with freetype, a FreeType2 font engine, which could allow the execution of arbitary code via an integer overflow in specially crafted TTF files.
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1334                    This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                               Steve Kemp
    July 18th, 2007
    - ------------------------------------------------------------------------
    
    Package        : freetype
    Vulnerability  : integer overflow
    Problem type   : local
    Debian-specific: no
    CVE Id(s)      : CVE-2007-2754
    Debian Bug     : 425625
    
    
    A problem was discovered with freetype, a FreeType2 font engine, which
    could allow the execution of arbitary code via an integer overflow in
    specially crafted TTF files.
    
    For the old stable distribution (sarge), this problem has been fixed in
    version 2.1.7-8.
    
    We recommend that you upgrade your freetype package.
    
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
    
    Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/f/freetype/freetype_2.1.7-8.diff.gz
        Size/MD5 checksum:    57953 d94a3a7e7575ab5c5aa67d5fc630077d
      http://security.debian.org/pool/updates/main/f/freetype/freetype_2.1.7-8.dsc
        Size/MD5 checksum:      754 f04967ca8fffb4340fd8ef716d8fbfb5
      http://security.debian.org/pool/updates/main/f/freetype/freetype_2.1.7.orig.tar.gz
        Size/MD5 checksum:  1245623 991ff86e88b075ba363e876f4ea58680
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-8_amd64.deb
        Size/MD5 checksum:    76244 53d4356cfbea6313e1ee0990d2d83b49
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.1.7-8_amd64.udeb
        Size/MD5 checksum:   238290 afadfd7dd3c2a2063826e1116740f04e
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-8_amd64.deb
        Size/MD5 checksum:   390326 6ed30e4b053950c321e4c2010a8265cc
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-8_amd64.deb
        Size/MD5 checksum:   723758 231145ee63a527899fea4d049e95b58d
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-8_arm.deb
        Size/MD5 checksum:   714504 dbe9287cce58eea37c754e8d0a3e7e41
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.1.7-8_arm.udeb
        Size/MD5 checksum:   201950 a7811a90eefb9d9e468ab7e93327bcc2
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-8_arm.deb
        Size/MD5 checksum:   352948 b3a8d18cde53bee6b5b6840541b999f4
      http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-8_arm.deb
        Size/MD5 checksum:    58750 9bea9b63383a79219152946274113d80
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-8_hppa.deb
        Size/MD5 checksum:    80764 f2233eae737a535cbd3a30093d89bde6
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.1.7-8_hppa.udeb
        Size/MD5 checksum:   256256 45ad964f89b8d1d51e5bca8a446e40c1
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-8_hppa.deb
        Size/MD5 checksum:   734426 9a831f2c775dd9dae5a237681dedfffb
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-8_hppa.deb
        Size/MD5 checksum:   407518 659cedf86f7e23bbc492bab1049783a3
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.1.7-8_i386.udeb
        Size/MD5 checksum:   212968 df44023a71960bb13e8cbc868a99805c
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-8_i386.deb
        Size/MD5 checksum:   695068 7e558fc40413ac96d54a6e187619923a
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-8_i386.deb
        Size/MD5 checksum:   364974 7abd8cdd3d0b864b0f593eb391e95dc8
      http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-8_i386.deb
        Size/MD5 checksum:    63184 e6c2ceadaa8a74247d1fe3eb4eead534
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-8_ia64.deb
        Size/MD5 checksum:   493880 945ff8b8ae11ce35e6dbf53c0068eec7
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-8_ia64.deb
        Size/MD5 checksum:   843972 e7838653f9bbc9cf243e00f26d435ff6
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.1.7-8_ia64.udeb
        Size/MD5 checksum:   341116 12676831a0ccabb37e6346b8aa063d0a
      http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-8_ia64.deb
        Size/MD5 checksum:   102618 86014510edee689b0d570c83a94dea30
    
    m68k architecture (Motorola Mc680x0)
    
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-8_m68k.deb
        Size/MD5 checksum:   359844 b90a83af3e723062b5f9ab590c67ecda
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.1.7-8_m68k.udeb
        Size/MD5 checksum:   208454 86533c9cd2e94209d04e938042ff25e9
      http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-8_m68k.deb
        Size/MD5 checksum:    43856 f00cf40416546eccb2b4d8a1d14b94ff
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-8_m68k.deb
        Size/MD5 checksum:   678792 1e51d7c3ace5e00736dfe1082665a0aa
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-8_mipsel.deb
        Size/MD5 checksum:   735756 60e2a76fe143e22ec18e968407efff2b
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-8_mipsel.deb
        Size/MD5 checksum:   376574 465eeacb3d5069ce4011afe790eec611
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.1.7-8_mipsel.udeb
        Size/MD5 checksum:   224484 747637f4000b1255ed79165f31306e26
      http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-8_mipsel.deb
        Size/MD5 checksum:    91516 861bc134ad1e3b8f636c7cb04f920146
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-8_powerpc.deb
        Size/MD5 checksum:    81972 21c655f4a0f23ac0156a4e647eef3c6b
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.1.7-8_powerpc.udeb
        Size/MD5 checksum:   227788 471baf7fc8deab7573a3874d69eb7fc4
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-8_powerpc.deb
        Size/MD5 checksum:   379710 6d2395c5493b22950e03ed7076f06053
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-8_powerpc.deb
        Size/MD5 checksum:   730048 ce12974d2c15211717e33f259baf80de
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-8_s390.deb
        Size/MD5 checksum:   752418 b760ce325b6248fe570ccf8308e96988
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-8_s390.deb
        Size/MD5 checksum:   400292 5acc947b96fb8cf2a2b938c9755a9b0a
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.1.7-8_s390.udeb
        Size/MD5 checksum:   248410 b5adecd81d13a3a783d75c3b0e8766ef
      http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-8_s390.deb
        Size/MD5 checksum:    76220 a7d6d405020b46a63962f52e1b6eb220
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-8_sparc.deb
        Size/MD5 checksum:   699932 1547efb201ad609d8bc63bcdb344913e
      http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-8_sparc.deb
        Size/MD5 checksum:    68420 39bc0471fa54e84d3aec973146b15019
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.1.7-8_sparc.udeb
        Size/MD5 checksum:   212702 1bc5e538b41f82dc55185d8a25d3199f
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-8_sparc.deb
        Size/MD5 checksum:   364122 420a5cf5e3886648551f47c6a132971e
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"7","type":"x","order":"1","pct":58.33,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":25,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"2","type":"x","order":"3","pct":16.67,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.