Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 554
Alerts This Week
Warning Icon 1 554

Scientific Linux: Important Freetype Update for SL5.x and SL6.x

Scientific Large Esm H446
Important: freetype security update
Date: Wed, 11 Apr 2012 09:05:35 -0500
Reply-To: This email address is being protected from spambots. You need JavaScript enabled to view it.
Sender: Security Errata for Scientific Linux
 
From: Patrick Riehecky 
Subject: Security ERRATA Important: freetype on SL5.x, SL6.x i386/x86_64
Comments: To: This email address is being protected from spambots. You need JavaScript enabled to view it.

Synopsis: Important: freetype security update
Issue Date: 2012-04-10
CVE Numbers: CVE-2012-1126
 CVE-2012-1127
 CVE-2012-1130
 CVE-2012-1131
 CVE-2012-1132
 CVE-2012-1134
 CVE-2012-1136
 CVE-2012-1137
 CVE-2012-1139
 CVE-2012-1140
 CVE-2012-1141
 CVE-2012-1142
 CVE-2012-1143
 CVE-2012-1144

FreeType is a free, high-quality, portable font engine that can open and
manage font files. It also loads, hints, and renders individual glyphs
efficiently.

Multiple flaws were found in the way FreeType handled TrueType Font (TTF),
Glyph Bitmap Distribution Format (BDF), Windows.fnt and.fon, and
PostScript Type 1 fonts. If a specially-crafted font file was loaded by an
application linked against FreeType, it could cause the application to
crash or, potentially, execute arbitrary code with the privileges of the
user running the application. (CVE-2012-1134, CVE-2012-1136, CVE-2012-1142,
CVE-2012-1144)

Multiple flaws were found in the way FreeType handled fonts in various
formats. If a specially-crafted font file was loaded by an application
linked against FreeType, it could cause the application to crash.
(CVE-2012-1126, CVE-2012-1127, CVE-2012-1130, CVE-2012-1131, CVE-2012-1132,
CVE-2012-1137, CVE-2012-1139, CVE-2012-1140, CVE-2012-1141, CVE-2012-1143)

Users are advised to upgrade to these updated packages, which contain a
backported patch to correct these issues. The X server must be restarted
(log out, then log back in) for this update to take effect.

SL5:
 i386
 freetype-2.2.1-31.el5_8.1.i386.rpm
 freetype-debuginfo-2.2.1-31.el5_8.1.i386.rpm
 freetype-demos-2.2.1-31.el5_8.1.i386.rpm
 freetype-devel-2.2.1-31.el5_8.1.i386.rpm
 x86_64
 freetype-2.2.1-31.el5_8.1.i386.rpm
 freetype-2.2.1-31.el5_8.1.x86_64.rpm
 freetype-debuginfo-2.2.1-31.el5_8.1.i386.rpm
 freetype-debuginfo-2.2.1-31.el5_8.1.x86_64.rpm
 freetype-demos-2.2.1-31.el5_8.1.x86_64.rpm
 freetype-devel-2.2.1-31.el5_8.1.i386.rpm
 freetype-devel-2.2.1-31.el5_8.1.x86_64.rpm
SL6:
 i386
 freetype-2.3.11-6.el6_2.9.i686.rpm
 freetype-debuginfo-2.3.11-6.el6_2.9.i686.rpm
 freetype-demos-2.3.11-6.el6_2.9.i686.rpm
 freetype-devel-2.3.11-6.el6_2.9.i686.rpm
 x86_64
 freetype-2.3.11-6.el6_2.9.i686.rpm
 freetype-2.3.11-6.el6_2.9.x86_64.rpm
 freetype-debuginfo-2.3.11-6.el6_2.9.i686.rpm
 freetype-debuginfo-2.3.11-6.el6_2.9.x86_64.rpm
 freetype-demos-2.3.11-6.el6_2.9.x86_64.rpm
 freetype-devel-2.3.11-6.el6_2.9.i686.rpm
 freetype-devel-2.3.11-6.el6_2.9.x86_64.rpm

- Scientific Linux Development Team