Stay Vigilant with Timely Linux Security Advisories

security advisorysecurity updatedebian

Debian 8: DLA-1887-1 Moderate: Freetype Buffer Over-Read Fix

A buffer over-read in the t1-parser of freetype, a font engine, has been found and fixed by checking limits more sensible. . Package : freetype Version : 2.5.2-3+deb8u3 CVE ID : CVE-2015-9290 A buffer over-read in the t1-parser of freetype, a font engine, has been found and fixed by checking limits more sensible. For Debian 8 "Jessie", this problem has been fixed in version 2.5.2-3+deb8u3. We recommend that you upgrade your freetype packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . A vulnerability patch in freetype for Debian 8, enhancing safety and software reliability.. freetype security, Debian update, buffer over-read, font engine fix, security patch. . LinuxSecurity.com Team

Aug 15, 2019 Debian LTS

security advisoryRed Hatcritical

Red Hat: RHSA-2013:0216-01 Critical: Freetype Buffer Over-read

Updated freetype packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Important: freetype security update Advisory ID: RHSA-2013:0216-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2013:0216.html Issue date: 2013-01-31 CVE Names: CVE-2012-5669 ==================================================================== 1. Summary: Updated freetype packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. A flaw was found in the way the FreeType font rendering engine processed certain Glyph Bitmap Distribution Format (BDF) fonts.If a user loaded a specially-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2012-5669) Users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The X server must be restarted (log out, then log back in) for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 890088 - CVE-2012-5669 freetype: heap buffer over-read in BDF parsing _bdf_parse_glyphs() (#37906) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: i386: freetype-2.2.1-32.el5_9.1.i386.rpm freetype-debuginfo-2.2.1-32.el5_9.1.i386.rpm x86_64: freetype-2.2.1-32.el5_9.1.i386.rpm freetype-2.2.1-32.el5_9.1.x86_64.rpm freetype-debuginfo-2.2.1-32.el5_9.1.i386.rpm freetype-debuginfo-2.2.1-32.el5_9.1.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: i386: freetype-debuginfo-2.2.1-32.el5_9.1.i386.rpm freetype-demos-2.2.1-32.el5_9.1.i386.rpm freetype-devel-2.2.1-32.el5_9.1.i386.rpm x86_64: freetype-debuginfo-2.2.1-32.el5_9.1.i386.rpm freetype-debuginfo-2.2.1-32.el5_9.1.x86_64.rpm freetype-demos-2.2.1-32.el5_9.1.x86_64.rpm freetype-devel-2.2.1-32.el5_9.1.i386.rpm freetype-devel-2.2.1-32.el5_9.1.x86_64.rpm Red Hat Enterprise Linux (v. 5server): Source: i386: freetype-2.2.1-32.el5_9.1.i386.rpm freetype-debuginfo-2.2.1-32.el5_9.1.i386.rpm freetype-demos-2.2.1-32.el5_9.1.i386.rpm freetype-devel-2.2.1-32.el5_9.1.i386.rpm ia64: freetype-2.2.1-32.el5_9.1.i386.rpm freetype-2.2.1-32.el5_9.1.ia64.rpm freetype-debuginfo-2.2.1-32.el5_9.1.i386.rpm freetype-debuginfo-2.2.1-32.el5_9.1.ia64.rpm freetype-demos-2.2.1-32.el5_9.1.ia64.rpm freetype-devel-2.2.1-32.el5_9.1.ia64.rpm ppc: freetype-2.2.1-32.el5_9.1.ppc.rpm freetype-2.2.1-32.el5_9.1.ppc64.rpm freetype-debuginfo-2.2.1-32.el5_9.1.ppc.rpm freetype-debuginfo-2.2.1-32.el5_9.1.ppc64.rpm freetype-demos-2.2.1-32.el5_9.1.ppc.rpm freetype-devel-2.2.1-32.el5_9.1.ppc.rpm freetype-devel-2.2.1-32.el5_9.1.ppc64.rpm s390x: freetype-2.2.1-32.el5_9.1.s390.rpm freetype-2.2.1-32.el5_9.1.s390x.rpm freetype-debuginfo-2.2.1-32.el5_9.1.s390.rpm freetype-debuginfo-2.2.1-32.el5_9.1.s390x.rpm freetype-demos-2.2.1-32.el5_9.1.s390x.rpm freetype-devel-2.2.1-32.el5_9.1.s390.rpm freetype-devel-2.2.1-32.el5_9.1.s390x.rpm x86_64: freetype-2.2.1-32.el5_9.1.i386.rpm freetype-2.2.1-32.el5_9.1.x86_64.rpm freetype-debuginfo-2.2.1-32.el5_9.1.i386.rpm freetype-debuginfo-2.2.1-32.el5_9.1.x86_64.rpm freetype-demos-2.2.1-32.el5_9.1.x86_64.rpm freetype-devel-2.2.1-32.el5_9.1.i386.rpm freetype-devel-2.2.1-32.el5_9.1.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: i386: freetype-2.3.11-14.el6_3.1.i686.rpm freetype-debuginfo-2.3.11-14.el6_3.1.i686.rpm x86_64: freetype-2.3.11-14.el6_3.1.i686.rpm freetype-2.3.11-14.el6_3.1.x86_64.rpm freetype-debuginfo-2.3.11-14.el6_3.1.i686.rpm freetype-debuginfo-2.3.11-14.el6_3.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v.6): Source: i386: freetype-debuginfo-2.3.11-14.el6_3.1.i686.rpm freetype-demos-2.3.11-14.el6_3.1.i686.rpm freetype-devel-2.3.11-14.el6_3.1.i686.rpm x86_64: freetype-debuginfo-2.3.11-14.el6_3.1.i686.rpm freetype-debuginfo-2.3.11-14.el6_3.1.x86_64.rpm freetype-demos-2.3.11-14.el6_3.1.x86_64.rpm freetype-devel-2.3.11-14.el6_3.1.i686.rpm freetype-devel-2.3.11-14.el6_3.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: x86_64: freetype-2.3.11-14.el6_3.1.i686.rpm freetype-2.3.11-14.el6_3.1.x86_64.rpm freetype-debuginfo-2.3.11-14.el6_3.1.i686.rpm freetype-debuginfo-2.3.11-14.el6_3.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: x86_64: freetype-debuginfo-2.3.11-14.el6_3.1.i686.rpm freetype-debuginfo-2.3.11-14.el6_3.1.x86_64.rpm freetype-demos-2.3.11-14.el6_3.1.x86_64.rpm freetype-devel-2.3.11-14.el6_3.1.i686.rpm freetype-devel-2.3.11-14.el6_3.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: i386: freetype-2.3.11-14.el6_3.1.i686.rpm freetype-debuginfo-2.3.11-14.el6_3.1.i686.rpm freetype-devel-2.3.11-14.el6_3.1.i686.rpm ppc64: freetype-2.3.11-14.el6_3.1.ppc.rpm freetype-2.3.11-14.el6_3.1.ppc64.rpm freetype-debuginfo-2.3.11-14.el6_3.1.ppc.rpm freetype-debuginfo-2.3.11-14.el6_3.1.ppc64.rpm freetype-devel-2.3.11-14.el6_3.1.ppc.rpm freetype-devel-2.3.11-14.el6_3.1.ppc64.rpm s390x: freetype-2.3.11-14.el6_3.1.s390.rpm freetype-2.3.11-14.el6_3.1.s390x.rpm freetype-debuginfo-2.3.11-14.el6_3.1.s390.rpm freetype-debuginfo-2.3.11-14.el6_3.1.s390x.rpm freetype-devel-2.3.11-14.el6_3.1.s390.rpm freetype-devel-2.3.11-14.el6_3.1.s390x.rpm x86_64: freetype-2.3.11-14.el6_3.1.i686.rpm freetype-2.3.11-14.el6_3.1.x86_64.rpm freetype-debuginfo-2.3.11-14.el6_3.1.i686.rpm freetype-debuginfo-2.3.11-14.el6_3.1.x86_64.rpm freetype-devel-2.3.11-14.el6_3.1.i686.rpm freetype-devel-2.3.11-14.el6_3.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v.6): Source: i386: freetype-debuginfo-2.3.11-14.el6_3.1.i686.rpm freetype-demos-2.3.11-14.el6_3.1.i686.rpm ppc64: freetype-debuginfo-2.3.11-14.el6_3.1.ppc64.rpm freetype-demos-2.3.11-14.el6_3.1.ppc64.rpm s390x: freetype-debuginfo-2.3.11-14.el6_3.1.s390x.rpm freetype-demos-2.3.11-14.el6_3.1.s390x.rpm x86_64: freetype-debuginfo-2.3.11-14.el6_3.1.x86_64.rpm freetype-demos-2.3.11-14.el6_3.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: i386: freetype-2.3.11-14.el6_3.1.i686.rpm freetype-debuginfo-2.3.11-14.el6_3.1.i686.rpm freetype-devel-2.3.11-14.el6_3.1.i686.rpm x86_64: freetype-2.3.11-14.el6_3.1.i686.rpm freetype-2.3.11-14.el6_3.1.x86_64.rpm freetype-debuginfo-2.3.11-14.el6_3.1.i686.rpm freetype-debuginfo-2.3.11-14.el6_3.1.x86_64.rpm freetype-devel-2.3.11-14.el6_3.1.i686.rpm freetype-devel-2.3.11-14.el6_3.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: i386: freetype-debuginfo-2.3.11-14.el6_3.1.i686.rpm freetype-demos-2.3.11-14.el6_3.1.i686.rpm x86_64: freetype-debuginfo-2.3.11-14.el6_3.1.x86_64.rpm freetype-demos-2.3.11-14.el6_3.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2012-5669 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2013 Red Hat, Inc. . Newly released freetype updates have been issued to address a critical vulnerability in Red Hat Enterprise Linux versions 5 and 6.. Freetype Update, Red Hat Advisory, Security Impact, Software Vulnerability. . Severity: Important. LinuxSecurity.com Team

Jan 31, 2013 •Important Red Hat

security advisorycode executioninput validation

Scientific Linux: Important Freetype Security Update Advisory

Important: freetype security update. Date: Tue, 15 Nov 2011 09:25:20 -0600 Reply-To: Pat Riehecky Sender: Security Errata for Scientific Linux From: Pat Riehecky Organization: Fermilab Subject: FASTBUGS for SL 6x i386, x86_64 now available MIME-Version: 1.0 The following FASTBUGS have been uploaded to i386: libvirt-0.8.7-18.el6_1.4.i386.rpm libvirt-client-0.8.7-18.el6_1.4.i386.rpm libvirt-devel-0.8.7-18.el6_1.4.i386.rpm libvirt-python-0.8.7-18.el6_1.4.i386.rpm x86_64: libvirt-0.8.7-18.el6_1.4.x86_64.rpm libvirt-client-0.8.7-18.el6_1.4.x86_64.rpm libvirt-devel-0.8.7-18.el6_1.4.x86_64.rpm libvirt-python-0.8.7-18.el6_1.4.x86_64.rpm Date: Thu, 17 Nov 2011 09:37:03 -0600 Reply-To: This email address is being protected from spambots. You need JavaScript enabled to view it. Sender: Security Errata for Scientific Linux From: Pat Riehecky Subject: Security ERRATA Important: freetype on SL4.x, SL5.x, SL6.x i386/x86_64 Comments: To: This email address is being protected from spambots. You need JavaScript enabled to view it. Synopsis: Important: freetype security update Issue Date: 2011-11-16 CVE Numbers: CVE-2011-3439 FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Scientific Linux 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for Scientific Linux 5 and 6 provide only the FreeType 2 font engine. Multiple input validation flaws were found in the way FreeType processed CID-keyed fonts. If a specially-crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3439) Note: These issues only affected the FreeType 2 font engine. Users are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect. SL4: i386 freetype-2.1.9-21.el4.i386.rpm freetype-debuginfo-2.1.9-21.el4.i386.rpm freetype-demos-2.1.9-21.el4.i386.rpm freetype-devel-2.1.9-21.el4.i386.rpm freetype-utils-2.1.9-21.el4.i386.rpm x86_64 freetype-2.1.9-21.el4.i386.rpm freetype-2.1.9-21.el4.x86_64.rpm freetype-debuginfo-2.1.9-21.el4.i386.rpm freetype-debuginfo-2.1.9-21.el4.x86_64.rpm freetype-demos-2.1.9-21.el4.x86_64.rpm freetype-devel-2.1.9-21.el4.x86_64.rpm freetype-utils-2.1.9-21.el4.x86_64.rpm SL5: i386 freetype-2.2.1-28.el5_7.2.i386.rpm freetype-debuginfo-2.2.1-28.el5_7.2.i386.rpm freetype-demos-2.2.1-28.el5_7.2.i386.rpm freetype-devel-2.2.1-28.el5_7.2.i386.rpm x86_64 freetype-2.2.1-28.el5_7.2.i386.rpm freetype-2.2.1-28.el5_7.2.x86_64.rpm freetype-debuginfo-2.2.1-28.el5_7.2.i386.rpm freetype-debuginfo-2.2.1-28.el5_7.2.x86_64.rpm freetype-demos-2.2.1-28.el5_7.2.x86_64.rpm freetype-devel-2.2.1-28.el5_7.2.i386.rpm freetype-devel-2.2.1-28.el5_7.2.x86_64.rpm SL6: i386 freetype-2.3.11-6.el6_1.8.i686.rpm freetype-debuginfo-2.3.11-6.el6_1.8.i686.rpm freetype-demos-2.3.11-6.el6_1.8.i686.rpm freetype-devel-2.3.11-6.el6_1.8.i686.rpm x86_64 freetype-2.3.11-6.el6_1.8.i686.rpm freetype-2.3.11-6.el6_1.8.x86_64.rpm freetype-debuginfo-2.3.11-6.el6_1.8.i686.rpm freetype-debuginfo-2.3.11-6.el6_1.8.x86_64.rpm freetype-demos-2.3.11-6.el6_1.8.x86_64.rpm freetype-devel-2.3.11-6.el6_1.8.i686.rpm freetype-devel-2.3.11-6.el6_1.8.x86_64.rpm - Scientific Linux Development Team . Important freetype patch for Scientific Linux fixes significant security vulnerabilities and offers essential package enhancements.. Freetype Update, Important Security Fix, Scientific Linux Advisory. . Severity: Important. LinuxSecurity.com Team

Nov 17, 2011 •Important Scientific Linux

security advisorymoderatebuffer overflow

Scientific Linux 4.x Moderate Update for freetype - Buffer Overflow Risk

Moderate: freetype security update. Date: Tue, 16 Aug 2011 10:28:43 -0500 Reply-To: Troy Dawson Sender: Security Errata for Scientific Linux From: Troy Dawson Subject: Security ERRATA Moderate: freetype on SL4.x i386/x86_64 Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it." MIME-Version: 1.0 Synopsis: Moderate: freetype security update Issue Date: 2011-08-15 CVE Numbers: CVE-2011-2895 FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. These packages provide both the FreeType 1 and FreeType 2 font engines. A buffer overflow flaw was found in the way the FreeType library handled malformed font files compressed using UNIX compress. If a user loaded a specially-crafted compressed font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-2895) Note: This issue only affects the FreeType 2 font engine. Users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The X server must be restarted (log out, then log back in) for this update to take effect. SL4: i386 freetype-2.1.9-19.el4.i386.rpm freetype-demos-2.1.9-19.el4.i386.rpm freetype-devel-2.1.9-19.el4.i386.rpm freetype-utils-2.1.9-19.el4.i386.rpm x86_64 freetype-2.1.9-19.el4.i386.rpm freetype-2.1.9-19.el4.x86_64.rpm freetype-demos-2.1.9-19.el4.x86_64.rpm freetype-devel-2.1.9-19.el4.x86_64.rpm freetype-utils-2.1.9-19.el4.x86_64.rpm - Scientific Linux Development Team . Cautious freetype security notice for CentOS addresses critical buffer overflow issue in typography engine, installation of the update is crucial for protection.. freetype Security Patch, Scientific Linux Update, Moderate Security Advisory, Buffer Overflow Issue. . Severity: Important. LinuxSecurity.com Team

Aug 16, 2011 •Important Scientific Linux

security advisorybuffer overflowRed Hat Enterprise Linux

Red Hat: RHSA-2010:0864-02 Critical: Freetype Font Engine Flaw

Updated freetype packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: freetype security update Advisory ID: RHSA-2010:0864-02 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2010:0864.html Issue date: 2010-11-10 CVE Names: CVE-2010-2805 CVE-2010-2806 CVE-2010-2808 CVE-2010-3311 ==================================================================== 1. Summary: Updated freetype packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. These packages provide the FreeType 2 font engine. It was found that the FreeType font rendering engine improperlyvalidated certain position values when processing input streams. If a user loaded a specially-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2805, CVE-2010-3311) A stack-based buffer overflow flaw was found in the way the FreeType font rendering engine processed some PostScript Type 1 fonts. If a user loaded a specially-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2808) An array index error was found in the way the FreeType font rendering engine processed certain PostScript Type 42 font files. If a user loaded a specially-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2806) Note: All of the issues in this erratum only affect the FreeType 2 font engine. Users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bugs fixed (http://bugzilla.redhat.com/): 621907 - CVE-2010-2808 FreeType: Stack-based buffer overflow by processing certain LWFN fonts 621980 - CVE-2010-2806 FreeType: Heap-based buffer overflow by processing FontType42 fonts with negative length of SFNT strings (FT bug #30656) 623625 - CVE-2010-3311 freetype: Input stream position error by processing Compact Font Format (CFF) font files 625626 - CVE-2010-2805 freetype:FT_Stream_EnterFrame() does not properly validate certain position values 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: i386: freetype-2.3.11-6.el6_0.1.i686.rpm freetype-debuginfo-2.3.11-6.el6_0.1.i686.rpm x86_64: freetype-2.3.11-6.el6_0.1.i686.rpm freetype-2.3.11-6.el6_0.1.x86_64.rpm freetype-debuginfo-2.3.11-6.el6_0.1.i686.rpm freetype-debuginfo-2.3.11-6.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: i386: freetype-debuginfo-2.3.11-6.el6_0.1.i686.rpm freetype-demos-2.3.11-6.el6_0.1.i686.rpm freetype-devel-2.3.11-6.el6_0.1.i686.rpm x86_64: freetype-debuginfo-2.3.11-6.el6_0.1.i686.rpm freetype-debuginfo-2.3.11-6.el6_0.1.x86_64.rpm freetype-demos-2.3.11-6.el6_0.1.x86_64.rpm freetype-devel-2.3.11-6.el6_0.1.i686.rpm freetype-devel-2.3.11-6.el6_0.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: x86_64: freetype-2.3.11-6.el6_0.1.i686.rpm freetype-2.3.11-6.el6_0.1.x86_64.rpm freetype-debuginfo-2.3.11-6.el6_0.1.i686.rpm freetype-debuginfo-2.3.11-6.el6_0.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: x86_64: freetype-debuginfo-2.3.11-6.el6_0.1.i686.rpm freetype-debuginfo-2.3.11-6.el6_0.1.x86_64.rpm freetype-demos-2.3.11-6.el6_0.1.x86_64.rpm freetype-devel-2.3.11-6.el6_0.1.i686.rpm freetype-devel-2.3.11-6.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Server (v.6): Source: i386: freetype-2.3.11-6.el6_0.1.i686.rpm freetype-debuginfo-2.3.11-6.el6_0.1.i686.rpm freetype-devel-2.3.11-6.el6_0.1.i686.rpm ppc64: freetype-2.3.11-6.el6_0.1.ppc.rpm freetype-2.3.11-6.el6_0.1.ppc64.rpm freetype-debuginfo-2.3.11-6.el6_0.1.ppc.rpm freetype-debuginfo-2.3.11-6.el6_0.1.ppc64.rpm freetype-devel-2.3.11-6.el6_0.1.ppc.rpm freetype-devel-2.3.11-6.el6_0.1.ppc64.rpm s390x: freetype-2.3.11-6.el6_0.1.s390.rpm freetype-2.3.11-6.el6_0.1.s390x.rpm freetype-debuginfo-2.3.11-6.el6_0.1.s390.rpm freetype-debuginfo-2.3.11-6.el6_0.1.s390x.rpm freetype-devel-2.3.11-6.el6_0.1.s390.rpm freetype-devel-2.3.11-6.el6_0.1.s390x.rpm x86_64: freetype-2.3.11-6.el6_0.1.i686.rpm freetype-2.3.11-6.el6_0.1.x86_64.rpm freetype-debuginfo-2.3.11-6.el6_0.1.i686.rpm freetype-debuginfo-2.3.11-6.el6_0.1.x86_64.rpm freetype-devel-2.3.11-6.el6_0.1.i686.rpm freetype-devel-2.3.11-6.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: i386: freetype-debuginfo-2.3.11-6.el6_0.1.i686.rpm freetype-demos-2.3.11-6.el6_0.1.i686.rpm ppc64: freetype-debuginfo-2.3.11-6.el6_0.1.ppc64.rpm freetype-demos-2.3.11-6.el6_0.1.ppc64.rpm s390x: freetype-debuginfo-2.3.11-6.el6_0.1.s390x.rpm freetype-demos-2.3.11-6.el6_0.1.s390x.rpm x86_64: freetype-debuginfo-2.3.11-6.el6_0.1.x86_64.rpm freetype-demos-2.3.11-6.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: i386: freetype-2.3.11-6.el6_0.1.i686.rpm freetype-debuginfo-2.3.11-6.el6_0.1.i686.rpm freetype-devel-2.3.11-6.el6_0.1.i686.rpm x86_64: freetype-2.3.11-6.el6_0.1.i686.rpm freetype-2.3.11-6.el6_0.1.x86_64.rpm freetype-debuginfo-2.3.11-6.el6_0.1.i686.rpm freetype-debuginfo-2.3.11-6.el6_0.1.x86_64.rpm freetype-devel-2.3.11-6.el6_0.1.i686.rpm freetype-devel-2.3.11-6.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: i386: freetype-debuginfo-2.3.11-6.el6_0.1.i686.rpm freetype-demos-2.3.11-6.el6_0.1.i686.rpm x86_64: freetype-debuginfo-2.3.11-6.el6_0.1.x86_64.rpm freetype-demos-2.3.11-6.el6_0.1.x86_64.rpm Thesepackages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2010-2805 https://access.redhat.com/security/cve/CVE-2010-2806 https://access.redhat.com/security/cve/CVE-2010-2808 https://access.redhat.com/security/cve/CVE-2010-3311 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFM2vObXlSAg2UNWIIRAkzlAKCOwfOhUQYus2LbAtvBnGiORA827QCgn7c+ qqJRZequxdKFKsl4g7SEycA=07mU -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Uncover the crucial freetype security patch for Red Hat Linux that tackles several vulnerabilities impacting users.. Freetype Security, Red Hat Advisory, Critical Security Update, Font Engine Patch. . Severity: Important. LinuxSecurity.com Team

Nov 10, 2010 •Important Red Hat

security advisorysecurity issuebuffer overflow

Red Hat Enterprise Linux Update: RHSA-2010-0737 Important: Freetype Risk

Updated freetype packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: freetype security update Advisory ID: RHSA-2010:0737-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2010:0737.html Issue date: 2010-10-04 CVE Names: CVE-2010-2806 CVE-2010-2808 CVE-2010-3054 CVE-2010-3311 ==================================================================== 1. Summary: Updated freetype packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for Red Hat Enterprise Linux 5provide only the FreeType 2 font engine. It was discovered that the FreeType font rendering engine improperly validated certain position values when processing input streams. If a user loaded a specially-crafted font file with an application linked against FreeType, and the relevant font glyphs were subsequently rendered with the X FreeType library (libXft), it could trigger a heap-based buffer overflow in the libXft library, causing the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-3311) A stack-based buffer overflow flaw was found in the way the FreeType font rendering engine processed some PostScript Type 1 fonts. If a user loaded a specially-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2808) An array index error was found in the way the FreeType font rendering engine processed certain PostScript Type 42 font files. If a user loaded a specially-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2806) A stack overflow flaw was found in the way the FreeType font rendering engine processed PostScript Type 1 font files that contain nested Standard Encoding Accented Character (seac) calls. If a user loaded a specially-crafted font file with an application linked against FreeType, it could cause the application to crash. (CVE-2010-3054) Note: All of the issues in this erratum only affect the FreeType 2 font engine. Users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to yoursystem have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bugs fixed (http://bugzilla.redhat.com/): 621907 - CVE-2010-2808 FreeType: Stack-based buffer overflow by processing certain LWFN fonts 621980 - CVE-2010-2806 FreeType: Heap-based buffer overflow by processing FontType42 fonts with negative length of SFNT strings (FT bug #30656) 623625 - CVE-2010-3311 freetype: Input stream position error by processing Compact Font Format (CFF) font files 625632 - CVE-2010-3054 freetype: DoS via nested "seac" calls 6. Package List: Red Hat Enterprise Linux AS version4: Source: i386: freetype-2.1.9-17.el4.8.i386.rpm freetype-debuginfo-2.1.9-17.el4.8.i386.rpm freetype-demos-2.1.9-17.el4.8.i386.rpm freetype-devel-2.1.9-17.el4.8.i386.rpm freetype-utils-2.1.9-17.el4.8.i386.rpm ia64: freetype-2.1.9-17.el4.8.i386.rpm freetype-2.1.9-17.el4.8.ia64.rpm freetype-debuginfo-2.1.9-17.el4.8.i386.rpm freetype-debuginfo-2.1.9-17.el4.8.ia64.rpm freetype-demos-2.1.9-17.el4.8.ia64.rpm freetype-devel-2.1.9-17.el4.8.ia64.rpm freetype-utils-2.1.9-17.el4.8.ia64.rpm ppc: freetype-2.1.9-17.el4.8.ppc.rpm freetype-2.1.9-17.el4.8.ppc64.rpm freetype-debuginfo-2.1.9-17.el4.8.ppc.rpm freetype-debuginfo-2.1.9-17.el4.8.ppc64.rpm freetype-demos-2.1.9-17.el4.8.ppc.rpm freetype-devel-2.1.9-17.el4.8.ppc.rpm freetype-utils-2.1.9-17.el4.8.ppc.rpm s390: freetype-2.1.9-17.el4.8.s390.rpm freetype-debuginfo-2.1.9-17.el4.8.s390.rpm freetype-demos-2.1.9-17.el4.8.s390.rpm freetype-devel-2.1.9-17.el4.8.s390.rpm freetype-utils-2.1.9-17.el4.8.s390.rpm s390x: freetype-2.1.9-17.el4.8.s390.rpm freetype-2.1.9-17.el4.8.s390x.rpm freetype-debuginfo-2.1.9-17.el4.8.s390.rpm freetype-debuginfo-2.1.9-17.el4.8.s390x.rpm freetype-demos-2.1.9-17.el4.8.s390x.rpm freetype-devel-2.1.9-17.el4.8.s390x.rpm freetype-utils-2.1.9-17.el4.8.s390x.rpm x86_64: freetype-2.1.9-17.el4.8.i386.rpm freetype-2.1.9-17.el4.8.x86_64.rpm freetype-debuginfo-2.1.9-17.el4.8.i386.rpm freetype-debuginfo-2.1.9-17.el4.8.x86_64.rpm freetype-demos-2.1.9-17.el4.8.x86_64.rpm freetype-devel-2.1.9-17.el4.8.x86_64.rpm freetype-utils-2.1.9-17.el4.8.x86_64.rpm Red Hat Enterprise Linux Desktop version4: Source: i386: freetype-2.1.9-17.el4.8.i386.rpm freetype-debuginfo-2.1.9-17.el4.8.i386.rpm freetype-demos-2.1.9-17.el4.8.i386.rpm freetype-devel-2.1.9-17.el4.8.i386.rpm freetype-utils-2.1.9-17.el4.8.i386.rpm x86_64: freetype-2.1.9-17.el4.8.i386.rpm freetype-2.1.9-17.el4.8.x86_64.rpm freetype-debuginfo-2.1.9-17.el4.8.i386.rpm freetype-debuginfo-2.1.9-17.el4.8.x86_64.rpm freetype-demos-2.1.9-17.el4.8.x86_64.rpm freetype-devel-2.1.9-17.el4.8.x86_64.rpm freetype-utils-2.1.9-17.el4.8.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: i386: freetype-2.1.9-17.el4.8.i386.rpm freetype-debuginfo-2.1.9-17.el4.8.i386.rpm freetype-demos-2.1.9-17.el4.8.i386.rpm freetype-devel-2.1.9-17.el4.8.i386.rpm freetype-utils-2.1.9-17.el4.8.i386.rpm ia64: freetype-2.1.9-17.el4.8.i386.rpm freetype-2.1.9-17.el4.8.ia64.rpm freetype-debuginfo-2.1.9-17.el4.8.i386.rpm freetype-debuginfo-2.1.9-17.el4.8.ia64.rpm freetype-demos-2.1.9-17.el4.8.ia64.rpm freetype-devel-2.1.9-17.el4.8.ia64.rpm freetype-utils-2.1.9-17.el4.8.ia64.rpm x86_64: freetype-2.1.9-17.el4.8.i386.rpm freetype-2.1.9-17.el4.8.x86_64.rpm freetype-debuginfo-2.1.9-17.el4.8.i386.rpm freetype-debuginfo-2.1.9-17.el4.8.x86_64.rpm freetype-demos-2.1.9-17.el4.8.x86_64.rpm freetype-devel-2.1.9-17.el4.8.x86_64.rpm freetype-utils-2.1.9-17.el4.8.x86_64.rpm Red Hat Enterprise Linux WS version4: Source: i386: freetype-2.1.9-17.el4.8.i386.rpm freetype-debuginfo-2.1.9-17.el4.8.i386.rpm freetype-demos-2.1.9-17.el4.8.i386.rpm freetype-devel-2.1.9-17.el4.8.i386.rpm freetype-utils-2.1.9-17.el4.8.i386.rpm ia64: freetype-2.1.9-17.el4.8.i386.rpm freetype-2.1.9-17.el4.8.ia64.rpm freetype-debuginfo-2.1.9-17.el4.8.i386.rpm freetype-debuginfo-2.1.9-17.el4.8.ia64.rpm freetype-demos-2.1.9-17.el4.8.ia64.rpm freetype-devel-2.1.9-17.el4.8.ia64.rpm freetype-utils-2.1.9-17.el4.8.ia64.rpm x86_64: freetype-2.1.9-17.el4.8.i386.rpm freetype-2.1.9-17.el4.8.x86_64.rpm freetype-debuginfo-2.1.9-17.el4.8.i386.rpm freetype-debuginfo-2.1.9-17.el4.8.x86_64.rpm freetype-demos-2.1.9-17.el4.8.x86_64.rpm freetype-devel-2.1.9-17.el4.8.x86_64.rpm freetype-utils-2.1.9-17.el4.8.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: i386: freetype-2.2.1-28.el5_5.i386.rpm freetype-debuginfo-2.2.1-28.el5_5.i386.rpm x86_64: freetype-2.2.1-28.el5_5.i386.rpm freetype-2.2.1-28.el5_5.x86_64.rpm freetype-debuginfo-2.2.1-28.el5_5.i386.rpm freetype-debuginfo-2.2.1-28.el5_5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: i386: freetype-debuginfo-2.2.1-28.el5_5.i386.rpm freetype-demos-2.2.1-28.el5_5.i386.rpm freetype-devel-2.2.1-28.el5_5.i386.rpm x86_64: freetype-debuginfo-2.2.1-28.el5_5.i386.rpm freetype-debuginfo-2.2.1-28.el5_5.x86_64.rpm freetype-demos-2.2.1-28.el5_5.x86_64.rpm freetype-devel-2.2.1-28.el5_5.i386.rpm freetype-devel-2.2.1-28.el5_5.x86_64.rpm Red Hat Enterprise Linux (v. 5server): Source: i386: freetype-2.2.1-28.el5_5.i386.rpm freetype-debuginfo-2.2.1-28.el5_5.i386.rpm freetype-demos-2.2.1-28.el5_5.i386.rpm freetype-devel-2.2.1-28.el5_5.i386.rpm ia64: freetype-2.2.1-28.el5_5.i386.rpm freetype-2.2.1-28.el5_5.ia64.rpm freetype-debuginfo-2.2.1-28.el5_5.i386.rpm freetype-debuginfo-2.2.1-28.el5_5.ia64.rpm freetype-demos-2.2.1-28.el5_5.ia64.rpm freetype-devel-2.2.1-28.el5_5.ia64.rpm ppc: freetype-2.2.1-28.el5_5.ppc.rpm freetype-2.2.1-28.el5_5.ppc64.rpm freetype-debuginfo-2.2.1-28.el5_5.ppc.rpm freetype-debuginfo-2.2.1-28.el5_5.ppc64.rpm freetype-demos-2.2.1-28.el5_5.ppc.rpm freetype-devel-2.2.1-28.el5_5.ppc.rpm freetype-devel-2.2.1-28.el5_5.ppc64.rpm s390x: freetype-2.2.1-28.el5_5.s390.rpm freetype-2.2.1-28.el5_5.s390x.rpm freetype-debuginfo-2.2.1-28.el5_5.s390.rpm freetype-debuginfo-2.2.1-28.el5_5.s390x.rpm freetype-demos-2.2.1-28.el5_5.s390x.rpm freetype-devel-2.2.1-28.el5_5.s390.rpm freetype-devel-2.2.1-28.el5_5.s390x.rpm x86_64: freetype-2.2.1-28.el5_5.i386.rpm freetype-2.2.1-28.el5_5.x86_64.rpm freetype-debuginfo-2.2.1-28.el5_5.i386.rpm freetype-debuginfo-2.2.1-28.el5_5.x86_64.rpm freetype-demos-2.2.1-28.el5_5.x86_64.rpm freetype-devel-2.2.1-28.el5_5.i386.rpm freetype-devel-2.2.1-28.el5_5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2010-2806 https://access.redhat.com/security/cve/CVE-2010-2808 https://access.redhat.com/security/cve/CVE-2010-3054 https://access.redhat.com/security/cve/CVE-2010-3311 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4(GNU/Linux) iD8DBQFMqh0PXlSAg2UNWIIRAkzOAJoDm790+SyOmwcX0TdRlB0EWRbscQCgmULL IgxgcopOxWzDfxpZ+rzQ5Pk=uf1Q -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Several crucial patches for FreeType address vulnerabilities impacting Red Hat Enterprise Linux. Ensure that these updates are applied.. freetype patch, Red Hat security, font engine fix, Linux update. . Severity: Important. LinuxSecurity.com Team

Oct 04, 2010 •Important Red Hat

security advisorydenial of servicebuffer overflow

Red Hat Enterprise Linux 3: RHSA-2010:0736-01 Important: Freetype DoS Issue

Updated freetype packages that fix three security issues are now available for Red Hat Enterprise Linux 3. The Red Hat Security Response Team has rated this update as having [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Important: freetype security update Advisory ID: RHSA-2010:0736-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2010:0736.html Issue date: 2010-10-04 CVE Names: CVE-2010-2806 CVE-2010-3054 CVE-2010-3311 ==================================================================== 1. Summary: Updated freetype packages that fix three security issues are now available for Red Hat Enterprise Linux 3. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Description: FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 3 provide both the FreeType 1 and FreeType 2 font engines. It was discovered that the FreeType font rendering engine improperly validated certain position values when processing input streams. If a user loaded a specially-crafted font file with an application linked against FreeType, and the relevant font glyphs were subsequently rendered with the X FreeType library (libXft), it could trigger a heap-based buffer overflow in the libXft library, causing the application to crash or,possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-3311) An array index error was found in the way the FreeType font rendering engine processed certain PostScript Type 42 font files. If a user loaded a specially-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2806) A stack overflow flaw was found in the way the FreeType font rendering engine processed PostScript Type 1 font files that contain nested Standard Encoding Accented Character (seac) calls. If a user loaded a specially-crafted font file with an application linked against FreeType, it could cause the application to crash. (CVE-2010-3054) Note: All of the issues in this erratum only affect the FreeType 2 font engine. Users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bugs fixed (http://bugzilla.redhat.com/): 621980 - CVE-2010-2806 FreeType: Heap-based buffer overflow by processing FontType42 fonts with negative length of SFNT strings (FT bug #30656) 623625 - CVE-2010-3311 freetype: Input stream position error by processing Compact Font Format (CFF) font files 625632 - CVE-2010-3054 freetype: DoS via nested "seac" calls 6. Package List: Red Hat Enterprise Linux AS version3: Source: i386: freetype-2.1.4-18.el3.i386.rpm freetype-debuginfo-2.1.4-18.el3.i386.rpm freetype-devel-2.1.4-18.el3.i386.rpm ia64: freetype-2.1.4-18.el3.i386.rpm freetype-2.1.4-18.el3.ia64.rpm freetype-debuginfo-2.1.4-18.el3.i386.rpm freetype-debuginfo-2.1.4-18.el3.ia64.rpm freetype-devel-2.1.4-18.el3.ia64.rpm ppc: freetype-2.1.4-18.el3.ppc.rpm freetype-2.1.4-18.el3.ppc64.rpm freetype-debuginfo-2.1.4-18.el3.ppc.rpm freetype-debuginfo-2.1.4-18.el3.ppc64.rpm freetype-devel-2.1.4-18.el3.ppc.rpm s390: freetype-2.1.4-18.el3.s390.rpm freetype-debuginfo-2.1.4-18.el3.s390.rpm freetype-devel-2.1.4-18.el3.s390.rpm s390x: freetype-2.1.4-18.el3.s390.rpm freetype-2.1.4-18.el3.s390x.rpm freetype-debuginfo-2.1.4-18.el3.s390.rpm freetype-debuginfo-2.1.4-18.el3.s390x.rpm freetype-devel-2.1.4-18.el3.s390x.rpm x86_64: freetype-2.1.4-18.el3.i386.rpm freetype-2.1.4-18.el3.x86_64.rpm freetype-debuginfo-2.1.4-18.el3.i386.rpm freetype-debuginfo-2.1.4-18.el3.x86_64.rpm freetype-devel-2.1.4-18.el3.x86_64.rpm Red Hat Desktop version 3: Source: i386: freetype-2.1.4-18.el3.i386.rpm freetype-debuginfo-2.1.4-18.el3.i386.rpm freetype-devel-2.1.4-18.el3.i386.rpm x86_64: freetype-2.1.4-18.el3.i386.rpm freetype-2.1.4-18.el3.x86_64.rpm freetype-debuginfo-2.1.4-18.el3.i386.rpm freetype-debuginfo-2.1.4-18.el3.x86_64.rpm freetype-devel-2.1.4-18.el3.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: i386: freetype-2.1.4-18.el3.i386.rpm freetype-debuginfo-2.1.4-18.el3.i386.rpm freetype-devel-2.1.4-18.el3.i386.rpm ia64: freetype-2.1.4-18.el3.i386.rpm freetype-2.1.4-18.el3.ia64.rpm freetype-debuginfo-2.1.4-18.el3.i386.rpm freetype-debuginfo-2.1.4-18.el3.ia64.rpm freetype-devel-2.1.4-18.el3.ia64.rpm x86_64: freetype-2.1.4-18.el3.i386.rpm freetype-2.1.4-18.el3.x86_64.rpm freetype-debuginfo-2.1.4-18.el3.i386.rpm freetype-debuginfo-2.1.4-18.el3.x86_64.rpm freetype-devel-2.1.4-18.el3.x86_64.rpm Red Hat Enterprise Linux WS version3: Source: i386: freetype-2.1.4-18.el3.i386.rpm freetype-debuginfo-2.1.4-18.el3.i386.rpm freetype-devel-2.1.4-18.el3.i386.rpm ia64: freetype-2.1.4-18.el3.i386.rpm freetype-2.1.4-18.el3.ia64.rpm freetype-debuginfo-2.1.4-18.el3.i386.rpm freetype-debuginfo-2.1.4-18.el3.ia64.rpm freetype-devel-2.1.4-18.el3.ia64.rpm x86_64: freetype-2.1.4-18.el3.i386.rpm freetype-2.1.4-18.el3.x86_64.rpm freetype-debuginfo-2.1.4-18.el3.i386.rpm freetype-debuginfo-2.1.4-18.el3.x86_64.rpm freetype-devel-2.1.4-18.el3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2010-2806 https://access.redhat.com/security/cve/CVE-2010-3054 https://access.redhat.com/security/cve/CVE-2010-3311 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2010 Red Hat, Inc. . Crucial freetype security patch released for Red Hat addressing severe vulnerabilities in font rendering system. Immediate upgrade recommended!. freetype update, critical security patch, Red Hat advisory, font engine security. . Severity: Important. LinuxSecurity.com Team

Oct 04, 2010 •Important Red Hat

Community Poll

More Polls

Stay Secure with the Latest Linux Advisories

Ubuntu 26.04 LTS python-pip Moderate DoS Regression Fix USN-8344-3

Ubuntu 20.04 LTS GStreamer Base Significant DoS Attack Vulnerability Alert

Ubuntu 20.04 LTS MySQL Important Security Issues USN-8363-2

Ubuntu 20.04 LTS nginx Security Advisory for Critical DoS Vulnerabilities

Oracle Linux 8 gnutls Important Buffer Overflow Auth Bypass ELSA-2026-20611

Oracle Linux 8 ELSA-2026-22315 compat-openssl10 Moderate DoS Fix

Oracle Linux 8 httpd Important Denial of Service Vuln ELSA-2026-22140

Oracle Linux 8 Important Kernel Security Advisory ELSA-2026-21706

Fedora 43 hplip Major Update Addressing Possible Arbitrary Code Execution

Refine advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Explore Latest Linux Security advisories

Debian 8: DLA-1887-1 Moderate: Freetype Buffer Over-Read Fix

Red Hat: RHSA-2013:0216-01 Critical: Freetype Buffer Over-read

Scientific Linux: Important Freetype Security Update Advisory

Scientific Linux 4.x Moderate Update for freetype - Buffer Overflow Risk

Red Hat: RHSA-2010:0864-02 Critical: Freetype Font Engine Flaw

Red Hat Enterprise Linux Update: RHSA-2010-0737 Important: Freetype Risk

Red Hat Enterprise Linux 3: RHSA-2010:0736-01 Important: Freetype DoS Issue

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Stay Secure with the Latest Linux Advisories

Ubuntu 26.04 LTS python-pip Moderate DoS Regression Fix USN-8344-3

Ubuntu 20.04 LTS GStreamer Base Significant DoS Attack Vulnerability Alert

Ubuntu 20.04 LTS MySQL Important Security Issues USN-8363-2

Ubuntu 20.04 LTS nginx Security Advisory for Critical DoS Vulnerabilities

Oracle Linux 8 gnutls Important Buffer Overflow Auth Bypass ELSA-2026-20611

Oracle Linux 8 ELSA-2026-22315 compat-openssl10 Moderate DoS Fix

Oracle Linux 8 httpd Important Denial of Service Vuln ELSA-2026-22140

Oracle Linux 8 Important Kernel Security Advisory ELSA-2026-21706

Fedora 43 hplip Major Update Addressing Possible Arbitrary Code Execution

Refine advisories

severity

Topics

Distro

Published Date

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Explore Latest Linux Security advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Search Topics

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!