What Are You Looking For?

Sign Up
Date:         Mon, 23 Jun 2008 14:18:34 -0500
Reply-To:     Troy Dawson 
Sender:       Security Errata for Scientific Linux
              
From:         Troy Dawson 
Subject:      Security ERRATA for freetype on SL3.x, SL4.x, SL5.x i386/x86_64
Comments: To: "scientific-linux-errata@fnal.gov"
          

Synopsis:	Important: freetype security update
Issue date:	2008-06-20
CVE Names:	CVE-2008-1806 CVE-2008-1807 CVE-2008-1808

Multiple flaws were discovered in FreeType's Printer Font Binary (PFB) and
TrueType Font (TTF) font-file format parsers. If a user loaded a carefully
crafted font-file with a program linked against FreeType, it could cause
the application to crash, or possibly execute arbitrary code.
(CVE-2008-1806, CVE-2008-1807, CVE-2008-1808)

Note: the flaw in FreeType's TrueType Font (TTF) font-file format parser,
covered by CVE-2008-1808, did not affect the freetype packages as shipped
in Scientific Linux 3, 4, and 5, as they are not compiled with TTF
Byte Code Interpreter (BCI) support.


SL 3.0.x

      SRPMS:
freetype-2.1.4-8.el3.src.rpm
      i386:
freetype-2.1.4-8.el3.i386.rpm
freetype-demos-2.1.4-8.el3.i386.rpm
freetype-devel-2.1.4-8.el3.i386.rpm
freetype-utils-2.1.4-8.el3.i386.rpm
      x86_64:
freetype-2.1.4-8.el3.i386.rpm
freetype-2.1.4-8.el3.x86_64.rpm
freetype-demos-2.1.4-8.el3.x86_64.rpm
freetype-devel-2.1.4-8.el3.x86_64.rpm
freetype-utils-2.1.4-8.el3.x86_64.rpm

SL 4.x

      SRPMS:
freetype-2.1.9-7.el4.6.src.rpm
      i386:
freetype-2.1.9-7.el4.6.i386.rpm
freetype-demos-2.1.9-7.el4.6.i386.rpm
freetype-devel-2.1.9-7.el4.6.i386.rpm
freetype-utils-2.1.9-7.el4.6.i386.rpm
      x86_64:
freetype-2.1.9-7.el4.6.i386.rpm
freetype-2.1.9-7.el4.6.x86_64.rpm
freetype-demos-2.1.9-7.el4.6.x86_64.rpm
freetype-devel-2.1.9-7.el4.6.x86_64.rpm
freetype-utils-2.1.9-7.el4.6.x86_64.rpm

SL 5.x

      SRPMS:
freetype-2.2.1-20.el5_2.src.rpm
      i386:
freetype-2.2.1-20.el5_2.i386.rpm
freetype-demos-2.2.1-20.el5_2.i386.rpm
freetype-devel-2.2.1-20.el5_2.i386.rpm
      x86_64:
freetype-2.2.1-20.el5_2.i386.rpm
freetype-2.2.1-20.el5_2.x86_64.rpm
freetype-demos-2.2.1-20.el5_2.x86_64.rpm
freetype-devel-2.2.1-20.el5_2.i386.rpm
freetype-devel-2.2.1-20.el5_2.x86_64.rpm

-Connie Sieh
-Troy Dawson

SciLinux: CVE-2008-1806 freetype SL3.x, SL4.x, SL5.x i386/x86_64

Important: freetype security update

Summary

Date:         Mon, 23 Jun 2008 14:18:34 -0500Reply-To:     Troy Dawson Sender:       Security Errata for Scientific Linux              From:         Troy Dawson Subject:      Security ERRATA for freetype on SL3.x, SL4.x, SL5.x i386/x86_64Comments: To: "scientific-linux-errata@fnal.gov"          Synopsis:	Important: freetype security updateIssue date:	2008-06-20CVE Names:	CVE-2008-1806 CVE-2008-1807 CVE-2008-1808Multiple flaws were discovered in FreeType's Printer Font Binary (PFB) andTrueType Font (TTF) font-file format parsers. If a user loaded a carefullycrafted font-file with a program linked against FreeType, it could causethe application to crash, or possibly execute arbitrary code.(CVE-2008-1806, CVE-2008-1807, CVE-2008-1808)Note: the flaw in FreeType's TrueType Font (TTF) font-file format parser,covered by CVE-2008-1808, did not affect the freetype packages as shippedin Scientific Linux 3, 4, and 5, as they are not compiled with TTFByte Code Interpreter (BCI) support.SL 3.0.x      SRPMS:freetype-2.1.4-8.el3.src.rpm      i386:freetype-2.1.4-8.el3.i386.rpmfreetype-demos-2.1.4-8.el3.i386.rpmfreetype-devel-2.1.4-8.el3.i386.rpmfreetype-utils-2.1.4-8.el3.i386.rpm      x86_64:freetype-2.1.4-8.el3.i386.rpmfreetype-2.1.4-8.el3.x86_64.rpmfreetype-demos-2.1.4-8.el3.x86_64.rpmfreetype-devel-2.1.4-8.el3.x86_64.rpmfreetype-utils-2.1.4-8.el3.x86_64.rpmSL 4.x      SRPMS:freetype-2.1.9-7.el4.6.src.rpm      i386:freetype-2.1.9-7.el4.6.i386.rpmfreetype-demos-2.1.9-7.el4.6.i386.rpmfreetype-devel-2.1.9-7.el4.6.i386.rpmfreetype-utils-2.1.9-7.el4.6.i386.rpm      x86_64:freetype-2.1.9-7.el4.6.i386.rpmfreetype-2.1.9-7.el4.6.x86_64.rpmfreetype-demos-2.1.9-7.el4.6.x86_64.rpmfreetype-devel-2.1.9-7.el4.6.x86_64.rpmfreetype-utils-2.1.9-7.el4.6.x86_64.rpmSL 5.x      SRPMS:freetype-2.2.1-20.el5_2.src.rpm      i386:freetype-2.2.1-20.el5_2.i386.rpmfreetype-demos-2.2.1-20.el5_2.i386.rpmfreetype-devel-2.2.1-20.el5_2.i386.rpm      x86_64:freetype-2.2.1-20.el5_2.i386.rpmfreetype-2.2.1-20.el5_2.x86_64.rpmfreetype-demos-2.2.1-20.el5_2.x86_64.rpmfreetype-devel-2.2.1-20.el5_2.i386.rpmfreetype-devel-2.2.1-20.el5_2.x86_64.rpm-Connie Sieh-Troy Dawson



Security Fixes

Severity

Related News

Krasue RAT Malware Hides on Linux Servers Using Embedded Rootkits

Dec 7, 2023

The Present & Future of Kernel Security: Linux's Unique Method for Securing Code

Dec 8, 2023

Kali vs. ParrotOS: 2 Versatile Linux Distros for Security Pros

Dec 9, 2023

Kali Linux 2023.4 Released With New Hacking Tools

Dec 6, 2023

News

Advisories

HOWTOs

Features

Password Guessing as an Attack Vector
Using Open Source to Ensure Compliance & Data Integrity through Data Governance
Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management

About Us

Powered By

Footer Logo