Scientific Linux: Important Freetype Security Update Advisory

Date: Tue, 15 Nov 2011 09:25:20 -0600
Reply-To: Pat Riehecky 
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Organization: Fermilab
Subject: FASTBUGS for SL 6x i386, x86_64 now available
MIME-Version: 1.0

The following FASTBUGS have been uploaded to

i386:

libvirt-0.8.7-18.el6_1.4.i386.rpm
libvirt-client-0.8.7-18.el6_1.4.i386.rpm
libvirt-devel-0.8.7-18.el6_1.4.i386.rpm
libvirt-python-0.8.7-18.el6_1.4.i386.rpm

x86_64:

libvirt-0.8.7-18.el6_1.4.x86_64.rpm
libvirt-client-0.8.7-18.el6_1.4.x86_64.rpm
libvirt-devel-0.8.7-18.el6_1.4.x86_64.rpm
libvirt-python-0.8.7-18.el6_1.4.x86_64.rpm
Date: Thu, 17 Nov 2011 09:37:03 -0600
Reply-To: This email address is being protected from spambots. You need JavaScript enabled to view it.
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Important: freetype on SL4.x, SL5.x,
 SL6.x i386/x86_64
Comments: To: This email address is being protected from spambots. You need JavaScript enabled to view it.

Synopsis: Important: freetype security update
Issue Date: 2011-11-16
CVE Numbers: CVE-2011-3439

FreeType is a free, high-quality, portable font engine that can open and
manage font files. It also loads, hints, and renders individual glyphs
efficiently. The freetype packages for Scientific Linux 4 provide
both the FreeType 1 and FreeType 2 font engines. The freetype packages for
Scientific Linux 5 and 6 provide only the FreeType 2 font engine.

Multiple input validation flaws were found in the way FreeType processed
CID-keyed fonts. If a specially-crafted font file was loaded by an
application linked against FreeType, it could cause the application to
crash or, potentially, execute arbitrary code with the privileges of the
user running the application. (CVE-2011-3439)

Note: These issues only affected the FreeType 2 font engine.

Users are advised to upgrade to these updated packages, which contain a
backported patch to correct these issues. The X server must be restarted
(log out, then log back in) for this update to take effect.

SL4:
 i386
 freetype-2.1.9-21.el4.i386.rpm
 freetype-debuginfo-2.1.9-21.el4.i386.rpm
 freetype-demos-2.1.9-21.el4.i386.rpm
 freetype-devel-2.1.9-21.el4.i386.rpm
 freetype-utils-2.1.9-21.el4.i386.rpm
 x86_64
 freetype-2.1.9-21.el4.i386.rpm
 freetype-2.1.9-21.el4.x86_64.rpm
 freetype-debuginfo-2.1.9-21.el4.i386.rpm
 freetype-debuginfo-2.1.9-21.el4.x86_64.rpm
 freetype-demos-2.1.9-21.el4.x86_64.rpm
 freetype-devel-2.1.9-21.el4.x86_64.rpm
 freetype-utils-2.1.9-21.el4.x86_64.rpm
SL5:
 i386
 freetype-2.2.1-28.el5_7.2.i386.rpm
 freetype-debuginfo-2.2.1-28.el5_7.2.i386.rpm
 freetype-demos-2.2.1-28.el5_7.2.i386.rpm
 freetype-devel-2.2.1-28.el5_7.2.i386.rpm
 x86_64
 freetype-2.2.1-28.el5_7.2.i386.rpm
 freetype-2.2.1-28.el5_7.2.x86_64.rpm
 freetype-debuginfo-2.2.1-28.el5_7.2.i386.rpm
 freetype-debuginfo-2.2.1-28.el5_7.2.x86_64.rpm
 freetype-demos-2.2.1-28.el5_7.2.x86_64.rpm
 freetype-devel-2.2.1-28.el5_7.2.i386.rpm
 freetype-devel-2.2.1-28.el5_7.2.x86_64.rpm
SL6:
 i386
 freetype-2.3.11-6.el6_1.8.i686.rpm
 freetype-debuginfo-2.3.11-6.el6_1.8.i686.rpm
 freetype-demos-2.3.11-6.el6_1.8.i686.rpm
 freetype-devel-2.3.11-6.el6_1.8.i686.rpm
 x86_64
 freetype-2.3.11-6.el6_1.8.i686.rpm
 freetype-2.3.11-6.el6_1.8.x86_64.rpm
 freetype-debuginfo-2.3.11-6.el6_1.8.i686.rpm
 freetype-debuginfo-2.3.11-6.el6_1.8.x86_64.rpm
 freetype-demos-2.3.11-6.el6_1.8.x86_64.rpm
 freetype-devel-2.3.11-6.el6_1.8.i686.rpm
 freetype-devel-2.3.11-6.el6_1.8.x86_64.rpm

- Scientific Linux Development Team