Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Red Hat: RHSA-2009:1062-01 Important: Freetype Integer Overflow Risk

red hat
Calendar Grey May 22, 2009
Dist Redhat Esm H88
Significant freetype patch released for Red Hat, featuring vital security remedies for critical integer overflow vulnerabilities.
Updated freetype packages that fix various security issues are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having important security impact by th...

Solution

Summary

FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. These packages provide both the FreeType 1 and FreeType 2 font engines.
Tavis Ormandy of the Google Security Team discovered several integer overflow flaws in the FreeType 2 font engine. If a user loaded a carefully-crafted font file with an application linked against FreeType 2, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2009-0946)
Chris Evans discovered multiple integer overflow flaws in the FreeType font engine. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2006-1861)
An integer overflow flaw was found in the way the FreeType font engine processed TrueType

References

Package List


Severity
important
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2009:1062-01
Product: Red Hat Enterprise Linux
Issue date: 2009-05-22

Topic

Updated freetype packages that fix various security issues are nowavailable for Red Hat Enterprise Linux 2.1.This update has been rated as having important security impact by the RedHat Security Response Team.

Relevant Releases Architectures

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64

Red Hat Linux Advanced Workstation 2.1 - ia64

Red Hat Enterprise Linux ES version 2.1 - i386

Red Hat Enterprise Linux WS version 2.1 - i386

Bugs Fixed

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here