Debian: New freetype packages fix multiple vulnerabilities

    Date10 Sep 2008
    CategoryDebian
    3420
    Posted ByLinuxSecurity Advisories
    An integer overflow allows context-dependent attackers to execute arbitrary code via a crafted set of values within the Private dictionary table in a Printer Font Binary (PFB) file.
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1635-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                               Steve Kemp
    September 10, 2008                   http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : freetype
    Vulnerability  : multiple
    Problem type   : local
    Debian-specific: no
    CVE Id(s)      : CVE-2008-1806 CVE-2008-1807 CVE-2008-1808
    
    Several local vulnerabilities have been discovered in freetype,
    a FreeType 2 font engine, which could allow the execution of arbitrary
    code.
    
    The Common Vulnerabilities and Exposures project identifies the
    following problems:
    
    CVE-2008-1806
        An integer overflow allows context-dependent attackers to execute
        arbitrary code via a crafted set of values within the Private
        dictionary table in a Printer Font Binary (PFB) file.
    
    CVE-2008-1807
        The handling of an invalid "number of axes" field in the PFB file could
        trigger the freeing of aribtrary memory locations, leading to 
        memory corruption.
    
    CVE-2008-1808
        Multiple off-by-one errors allowed the execution of arbitrary code
        via malformed tables in PFB files, or invalid SHC instructions in
        TTF files.
    
    
    For the stable distribution (etch), these problems have been fixed in version
    2.2.1-5+etch3.
    
    For the unstable distribution (sid), these problems have been fixed in
    version 2.3.6-1.
    
    We recommend that you upgrade your freetype package.
    
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 4.0 alias etch
    - -------------------------------
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/f/freetype/freetype_2.2.1-5+etch3.diff.gz
        Size/MD5 checksum:    33815 16f3a9f45c8ba0743fcce4db637b11bf
      http://security.debian.org/pool/updates/main/f/freetype/freetype_2.2.1-5+etch3.dsc
        Size/MD5 checksum:      806 5a9af398d4749d9b1da47b6d9dbab821
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch3_alpha.deb
        Size/MD5 checksum:   169018 c99046707c48ee95504b3584e3acaffa
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch3_alpha.deb
        Size/MD5 checksum:   733276 3db91ded5b0de609d968ab8e53920289
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch3_alpha.deb
        Size/MD5 checksum:   386320 bf7f4273b546ef4826416b2b33e4f94a
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch3_alpha.udeb
        Size/MD5 checksum:   279290 57b6163945dcedbc6269f4a9779c0fd1
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch3_amd64.deb
        Size/MD5 checksum:   673858 0501dce4dff1621ecee0e2ce3eaef4aa
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch3_amd64.udeb
        Size/MD5 checksum:   248168 9b5d402a5937e847a5e950384421d86c
      http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch3_amd64.deb
        Size/MD5 checksum:   151546 2a6ff47137700ff8730440ccd7f7d151
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch3_amd64.deb
        Size/MD5 checksum:   355500 87b2fb3932e86863c46c74916c1a5dde
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch3_arm.deb
        Size/MD5 checksum:   646720 cd1705ecfef442f90d80e1fb83db292c
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch3_arm.deb
        Size/MD5 checksum:   333838 060a4e7f6977045c5d7f35a721edc041
      http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch3_arm.deb
        Size/MD5 checksum:   134028 e6dcac8b5abd633c83547bd34515dd82
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch3_arm.udeb
        Size/MD5 checksum:   227294 41c45c91535b5325ae06649a1e4a3b1c
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch3_hppa.deb
        Size/MD5 checksum:   369068 3bcfc3bbe665b9aae3b3933b25a04661
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch3_hppa.udeb
        Size/MD5 checksum:   260548 5cc41d234eea28201f11485b610fb046
      http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch3_hppa.deb
        Size/MD5 checksum:   151538 3aa7946fc0b6efb9057d108b37389640
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch3_hppa.deb
        Size/MD5 checksum:   685988 1220846ff1f3409afc9c3ad873954315
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch3_i386.deb
        Size/MD5 checksum:   645534 ccaaafcb5eda1820727ddcf67550a9c6
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch3_i386.deb
        Size/MD5 checksum:   342704 9b65398aaaf701879d4106fbc7c1b241
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch3_i386.udeb
        Size/MD5 checksum:   235954 67dc56faf0a5683f42723ceaaff13617
      http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch3_i386.deb
        Size/MD5 checksum:   134990 739490a353dbb1b5a09a7a88faa2d2c2
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch3_ia64.udeb
        Size/MD5 checksum:   383448 0b7a52c014942c4f2b917a6bdb86c404
      http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch3_ia64.deb
        Size/MD5 checksum:   222240 3f474395622187bb18adfc1a4bac738d
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch3_ia64.deb
        Size/MD5 checksum:   489032 281a705970b8e5b5ba9a062c0634a8a7
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch3_ia64.deb
        Size/MD5 checksum:   816978 bc2a62de056e47e5b133dcb5061abe00
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch3_mips.deb
        Size/MD5 checksum:   152594 883cce401aa3f82a3e026d1d18233423
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch3_mips.udeb
        Size/MD5 checksum:   241632 00a2987991c745e62d1c40af58eb66b0
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch3_mips.deb
        Size/MD5 checksum:   348426 4512041f6ab7a4b12e621b6debe6b174
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch3_mips.deb
        Size/MD5 checksum:   683056 a5da23b0a1908b1e06a7146b88c53fb8
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch3_mipsel.deb
        Size/MD5 checksum:   346894 8aeaab27c7c5e54c00464b393902cf5f
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch3_mipsel.udeb
        Size/MD5 checksum:   241206 94fe9bbb2605807b9f5fb96805714d3f
      http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch3_mipsel.deb
        Size/MD5 checksum:   150988 843c3752782b11f40c05db4a74a69ba3
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch3_mipsel.deb
        Size/MD5 checksum:   680682 d7d8ecf3635eebe469798fd6ed0ca87c
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch3_powerpc.deb
        Size/MD5 checksum:   146704 7ae680812709d33cc21478b849a5409a
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch3_powerpc.udeb
        Size/MD5 checksum:   240668 546180335aa2a6501ff2a00e14bb1800
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch3_powerpc.deb
        Size/MD5 checksum:   346082 e65d273c9612ad86299b74aa740d82f6
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch3_powerpc.deb
        Size/MD5 checksum:   661804 66ba32ce56915278025fd8b899cfe439
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch3_sparc.udeb
        Size/MD5 checksum:   219748 5e31a4989029d70f77cca89b1c4eedff
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch3_sparc.deb
        Size/MD5 checksum:   325308 67df6b1a3b1cf002998fd2d4bc0a4633
      http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch3_sparc.deb
        Size/MD5 checksum:   635590 9a7f186818a8fc26f3706a5a1ff54793
      http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch3_sparc.deb
        Size/MD5 checksum:   131042 f9252b689e2bd90c623d9b921c554e64
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"7","type":"x","order":"1","pct":58.33,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":25,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"2","type":"x","order":"3","pct":16.67,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.