Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Scientific Linux SL6: Important Freetype Security Update

Calendar Mar 03, 2011 User Avatar LinuxSecurity Advisories
1 - 2 min read
Scientific Large Esm H500
Topics%20covered

Topics Covered

security advisory buffer overflow important arbitrary code application crash freetype SL6
Important: freetype security update 
Date: Thu, 3 Mar 2011 15:40:48 -0600
Reply-To: Troy Dawson 
Sender: Security Errata for Scientific Linux
 
From: Troy Dawson 
Subject: Security ERRATA Important: freetype on SL6.x i386/x86_64
Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it."
 

Synopsis:	Important: freetype security update
Issue date:	2010-11-10
CVE Names:	CVE-2010-2805 CVE-2010-2806 CVE-2010-2808
 CVE-2010-3311

It was found that the FreeType font rendering engine improperly
validated certain position values when processing input streams. If a
user loaded a specially-crafted font file with an application linked
against FreeType, it could cause the application to crash or, possibly,
execute arbitrary code with the privileges of the user running the
application. (CVE-2010-2805, CVE-2010-3311)

A stack-based buffer overflow flaw was found in the way the FreeType
font rendering engine processed some PostScript Type 1 fonts. If a user
loaded a specially-crafted font file with an application linked against
FreeType, it could cause the application to crash or, possibly, execute
arbitrary code with the privileges of the user running the application.
(CVE-2010-2808)

An array index error was found in the way the FreeType font rendering
engine processed certain PostScript Type 42 font files. If a user loaded
a specially-crafted font file with an application linked against
FreeType, it could cause the application to crash or, possibly, execute
arbitrary code with the privileges of the user running the application.
(CVE-2010-2806)

Note: All of the issues in this erratum only affect the FreeType 2 font
engine.

The X server must be restarted (log out, then log back in) for this
update to take effect.

SL 6.x

 SRPMS:
freetype-2.3.11-6.el6_0.1.src.rpm
 i386:
freetype-2.3.11-6.el6_0.1.i686.rpm
freetype-demos-2.3.11-6.el6_0.1.i686.rpm
freetype-devel-2.3.11-6.el6_0.1.i686.rpm
 x86_64:
freetype-2.3.11-6.el6_0.1.i686.rpm
freetype-2.3.11-6.el6_0.1.x86_64.rpm
freetype-demos-2.3.11-6.el6_0.1.x86_64.rpm
freetype-devel-2.3.11-6.el6_0.1.i686.rpm
freetype-devel-2.3.11-6.el6_0.1.x86_64.rpm

-Connie Sieh
-Troy Dawson
Your message here