Alerts This Week
Warning Icon 1 535
Alerts This Week
Warning Icon 1 535

Ubuntu 11.04 & 10.10: 1173-1 Critical FreeType Code Execution Risk

Calendar Jul 25, 2011 User Avatar LinuxSecurity Advisories
1 - 2 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory critical code execution ubuntu freetype font handling
FreeType could be made to run programs as your login if it opened a specially crafted font file. 
=========================================================================Ubuntu Security Notice USN-1173-1
July 25, 2011

freetype vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.04
- Ubuntu 10.10

Summary:

FreeType could be made to run programs as your login if it opened a
specially crafted font file.

Software Description:
- freetype: FreeType 2 is a font engine library

Details:

It was discovered that FreeType did not correctly handle certain malformed
Type 1 font files. If a user were tricked into using a specially crafted
font file, a remote attacker could cause FreeType to crash or possibly
execute arbitrary code with user privileges.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.04:
  libfreetype6                    2.4.4-1ubuntu2.1

Ubuntu 10.10:
  libfreetype6                    2.4.2-2ubuntu0.2

After a standard system update you need to restart your session to make
all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-1173-1
  CVE-2011-0226

Package Information:
  https://launchpad.net/ubuntu/+source/freetype/2.4.4-1ubuntu2.1
  https://launchpad.net/ubuntu/+source/freetype/2.4.2-2ubuntu0.2

Ubuntu 11.04 & 10.10: 1173-1 Critical FreeType Code Execution Risk

ubuntu
Calendar Grey July 25, 2011
Dist Ubuntu Esm H88
Critical security flaw in FreeType permits remote code execution through maliciously designed font files on Ubuntu platforms.
FreeType could be made to run programs as your login if it opened a specially crafted font file.

Summary

Topics%20covered

Topics Covered

security advisory critical code execution ubuntu freetype font handling

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 11.04: libfreetype6 2.4.4-1ubuntu2.1 Ubuntu 10.10: libfreetype6 2.4.2-2ubuntu0.2 After a standard system update you need to restart your session to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-1173-1

CVE-2011-0226

Severity
critical
Lowest
Low
Medium
High
Critical

July 25, 2011

Topics%20covered

Topics Covered

security advisory critical code execution ubuntu freetype font handling

Package Information

https://launchpad.net/ubuntu/+source/freetype/2.4.4-1ubuntu2.1 https://launchpad.net/ubuntu/+source/freetype/2.4.2-2ubuntu0.2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here