SciLinux: CVE-2007-2754 freetype SL5.x, SL4.x, SL3,x i386/x86_64
Summary
Date: Tue, 12 Jun 2007 16:06:34 -0500Reply-To: Troy DawsonSender: Security Errata for Scientific Linux From: Troy Dawson Subject: Security ERRATA for freetype on SL5.x, SL4.x, SL3,x i386/x86_64Comments: To: scientific-linux-errata@fnal.govSynopsis: Moderate: freetype security updateIssue date: 2007-06-11CVE Names: CVE-2007-2754An integer overflow flaw was found in the way the FreeType font engineprocessed TTF font files. If a user loaded a carefully crafted font filewith a program linked against FreeType, it could cause the application tocrash or execute arbitrary code. While it is uncommon for a user toexplicitly load a font file, there are several application file formatswhich contain embedded fonts that are parsed by FreeType. (CVE-2007-2754)SL 3.0.x SRPMS: freetype-2.1.4-7.el3.src.rpm i386: freetype-2.1.4-7.el3.i386.rpm freetype-demos-2.1.4-7.el3.i386.rpm freetype-devel-2.1.4-7.el3.i386.rpm freetype-utils-2.1.4-7.el3.i386.rpm x86_64: freetype-2.1.4-7.el3.i386.rpm freetype-2.1.4-7.el3.x86_64.rpm freetype-demos-2.1.4-7.el3.x86_64.rpm freetype-devel-2.1.4-7.el3.x86_64.rpm freetype-utils-2.1.4-7.el3.x86_64.rpmSL 4.x SRPMS: freetype-2.1.9-6.el4.src.rpm i386: freetype-2.1.9-6.el4.i386.rpm freetype-demos-2.1.9-6.el4.i386.rpm freetype-devel-2.1.9-6.el4.i386.rpm freetype-utils-2.1.9-6.el4.i386.rpm x86_64: freetype-2.1.9-6.el4.i386.rpm freetype-2.1.9-6.el4.x86_64.rpm freetype-demos-2.1.9-6.el4.x86_64.rpm freetype-devel-2.1.9-6.el4.x86_64.rpm freetype-utils-2.1.9-6.el4.x86_64.rpmSL 5.x SRPMS: freetype-2.2.1-19.el5.src.rpm i386: freetype-2.2.1-19.el5.i386.rpm freetype-demos-2.2.1-19.el5.i386.rpm freetype-devel-2.2.1-19.el5.i386.rpm x86_64: freetype-2.2.1-19.el5.i386.rpm freetype-2.2.1-19.el5.x86_64.rpm freetype-demos-2.2.1-19.el5.x86_64.rpm freetype-devel-2.2.1-19.el5.i386.rpm freetype-devel-2.2.1-19.el5.x86_64.rpm-Connie Sieh-Troy Dawson