Date: 25 May 2009
References: ESB-2006.0403 ESB-2006.0479 ESB-2007.0058 ESB-2007.0361 ESB-2007.0394 ESB-2007.0400 ESB-2007.0430 ESB-2007.0915 ESB-2008.0019 ESB-2008.0599
ESB-2008.0637 ESB-2008.0639 ESB-2008.0846 ESB-2008.0861 ESB-2008.0874 ESB-2009.0147 ESB-2009.0421 ESB-2009.0541
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2009.0504 -- [RedHat]
freetype: Execute Arbitrary Code
26 May 2009
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: freetype
Publisher: Red Hat
Operating System: Red Hat Linux 4
Red Hat Linux 3
Impact: Execute Arbitrary Code/Commands
Denial of Service
Access: Remote/Unauthenticated
CVE Names: CVE-2009-0946 CVE-2008-1808 CVE-2007-2754
CVE-2006-1861
Ref: ESB-2006.0479
ESB-2007.0058
ESB-2007.0361
ESB-2007.0394
ESB-2007.0400
ESB-2006.0403
ESB-2007.0430
ESB-2007.0915
ESB-2008.0019
ESB-2008.0599
ESB-2008.0637
ESB-2008.0639
ESB-2008.0846
ESB-2008.0861
ESB-2008.0874
ESB-2009.0147
ESB-2009.0421
ESB-2009.0459
Original Bulletin: https://rhn.redhat.com/errata/RHSA-2009-0329.html
Comment: This advisory contains three (3) Red Hat bulletins.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Important: freetype security update
Advisory ID: RHSA-2009:0329-02
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-0329.html
Issue date: 2009-05-22
CVE Names: CVE-2006-1861 CVE-2007-2754 CVE-2008-1808
CVE-2009-0946
=====================================================================
1. Summary:
Updated freetype packages that fix various security issues are now
available for Red Hat Enterprise Linux 3 and 4.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x,
x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x,
x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
3. Description:
FreeType is a free, high-quality, portable font engine that can open and
manage font files. It also loads, hints, and renders individual glyphs
efficiently. These packages provide both the FreeType 1 and FreeType 2
font engines.
Tavis Ormandy of the Google Security Team discovered several integer
overflow flaws in the FreeType 2 font engine. If a user loaded a
carefully-crafted font file with an application linked against FreeType 2,
it could cause the application to crash or, possibly, execute arbitrary
code with the privileges of the user running the application.
(CVE-2009-0946)
Chris Evans discovered multiple integer overflow flaws in the FreeType font
engine. If a user loaded a carefully-crafted font file with an application
linked against FreeType, it could cause the application to crash or,
possibly, execute arbitrary code with the privileges of the user running
the application. (CVE-2006-1861)
An integer overflow flaw was found in the way the FreeType font engine
processed TrueTypeŽ Font (TTF) files. If a user loaded a carefully-crafted
font file with an application linked against FreeType, it could cause the
application to crash or, possibly, execute arbitrary code with the
privileges of the user running the application. (CVE-2007-2754)
A flaw was discovered in the FreeType TTF font-file format parser when the
TrueType virtual machine Byte Code Interpreter (BCI) is enabled. If a user
loaded a carefully-crafted font file with an application linked against
FreeType, it could cause the application to crash or, possibly, execute
arbitrary code with the privileges of the user running the application.
(CVE-2008-1808)
The CVE-2008-1808 flaw did not affect the freetype packages as distributed
in Red Hat Enterprise Linux 3 and 4, as they are not compiled with TrueType
BCI support. A fix for this flaw has been included in this update as users
may choose to recompile the freetype packages in order to enable TrueType
BCI support. Red Hat does not, however, provide support for modified and
recompiled packages.
Note: For the FreeType 2 font engine, the CVE-2006-1861, CVE-2007-2754,
and CVE-2008-1808 flaws were addressed via RHSA-2006:0500, RHSA-2007:0403,
and RHSA-2008:0556 respectively. This update provides corresponding
updates for the FreeType 1 font engine, included in the freetype packages
distributed in Red Hat Enterprise Linux 3 and 4.
Users are advised to upgrade to these updated packages, which contain
backported patches to correct these issues. The X server must be restarted
(log out, then log back in) for this update to take effect.
4. Solution:
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
5. Bugs fixed (http://bugzilla.redhat.com/):
240200 - CVE-2007-2754 freetype integer overflow
450774 - CVE-2008-1808 FreeType off-by-one flaws
484437 - CVE-2006-1861 freetype: multiple integer overflow vulnerabilities
491384 - CVE-2009-0946 freetype: multiple integer overflows
6. Package List:
Red Hat Enterprise Linux AS version 3:
Source:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/freetype-2.1.4-12.el3.src.rpm
i386:
freetype-2.1.4-12.el3.i386.rpm
freetype-debuginfo-2.1.4-12.el3.i386.rpm
freetype-devel-2.1.4-12.el3.i386.rpm
ia64:
freetype-2.1.4-12.el3.i386.rpm
freetype-2.1.4-12.el3.ia64.rpm
freetype-debuginfo-2.1.4-12.el3.i386.rpm
freetype-debuginfo-2.1.4-12.el3.ia64.rpm
freetype-devel-2.1.4-12.el3.ia64.rpm
ppc:
freetype-2.1.4-12.el3.ppc.rpm
freetype-2.1.4-12.el3.ppc64.rpm
freetype-debuginfo-2.1.4-12.el3.ppc.rpm
freetype-debuginfo-2.1.4-12.el3.ppc64.rpm
freetype-devel-2.1.4-12.el3.ppc.rpm
s390:
freetype-2.1.4-12.el3.s390.rpm
freetype-debuginfo-2.1.4-12.el3.s390.rpm
freetype-devel-2.1.4-12.el3.s390.rpm
s390x:
freetype-2.1.4-12.el3.s390.rpm
freetype-2.1.4-12.el3.s390x.rpm
freetype-debuginfo-2.1.4-12.el3.s390.rpm
freetype-debuginfo-2.1.4-12.el3.s390x.rpm
freetype-devel-2.1.4-12.el3.s390x.rpm
x86_64:
freetype-2.1.4-12.el3.i386.rpm
freetype-2.1.4-12.el3.x86_64.rpm
freetype-debuginfo-2.1.4-12.el3.i386.rpm
freetype-debuginfo-2.1.4-12.el3.x86_64.rpm
freetype-devel-2.1.4-12.el3.x86_64.rpm
Red Hat Desktop version 3:
Source:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/freetype-2.1.4-12.el3.src.rpm
i386:
freetype-2.1.4-12.el3.i386.rpm
freetype-debuginfo-2.1.4-12.el3.i386.rpm
freetype-devel-2.1.4-12.el3.i386.rpm
x86_64:
freetype-2.1.4-12.el3.i386.rpm
freetype-2.1.4-12.el3.x86_64.rpm
freetype-debuginfo-2.1.4-12.el3.i386.rpm
freetype-debuginfo-2.1.4-12.el3.x86_64.rpm
freetype-devel-2.1.4-12.el3.x86_64.rpm
Red Hat Enterprise Linux ES version 3:
Source:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/freetype-2.1.4-12.el3.src.rpm
i386:
freetype-2.1.4-12.el3.i386.rpm
freetype-debuginfo-2.1.4-12.el3.i386.rpm
freetype-devel-2.1.4-12.el3.i386.rpm
ia64:
freetype-2.1.4-12.el3.i386.rpm
freetype-2.1.4-12.el3.ia64.rpm
freetype-debuginfo-2.1.4-12.el3.i386.rpm
freetype-debuginfo-2.1.4-12.el3.ia64.rpm
freetype-devel-2.1.4-12.el3.ia64.rpm
x86_64:
freetype-2.1.4-12.el3.i386.rpm
freetype-2.1.4-12.el3.x86_64.rpm
freetype-debuginfo-2.1.4-12.el3.i386.rpm
freetype-debuginfo-2.1.4-12.el3.x86_64.rpm
freetype-devel-2.1.4-12.el3.x86_64.rpm
Red Hat Enterprise Linux WS version 3:
Source:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/freetype-2.1.4-12.el3.src.rpm
i386:
freetype-2.1.4-12.el3.i386.rpm
freetype-debuginfo-2.1.4-12.el3.i386.rpm
freetype-devel-2.1.4-12.el3.i386.rpm
ia64:
freetype-2.1.4-12.el3.i386.rpm
freetype-2.1.4-12.el3.ia64.rpm
freetype-debuginfo-2.1.4-12.el3.i386.rpm
freetype-debuginfo-2.1.4-12.el3.ia64.rpm
freetype-devel-2.1.4-12.el3.ia64.rpm
x86_64:
freetype-2.1.4-12.el3.i386.rpm
freetype-2.1.4-12.el3.x86_64.rpm
freetype-debuginfo-2.1.4-12.el3.i386.rpm
freetype-debuginfo-2.1.4-12.el3.x86_64.rpm
freetype-devel-2.1.4-12.el3.x86_64.rpm
Red Hat Enterprise Linux AS version 4:
Source:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/freetype-2.1.9-10.el4.7.src.rpm
i386:
freetype-2.1.9-10.el4.7.i386.rpm
freetype-debuginfo-2.1.9-10.el4.7.i386.rpm
freetype-demos-2.1.9-10.el4.7.i386.rpm
freetype-devel-2.1.9-10.el4.7.i386.rpm
freetype-utils-2.1.9-10.el4.7.i386.rpm
ia64:
freetype-2.1.9-10.el4.7.i386.rpm
freetype-2.1.9-10.el4.7.ia64.rpm
freetype-debuginfo-2.1.9-10.el4.7.i386.rpm
freetype-debuginfo-2.1.9-10.el4.7.ia64.rpm
freetype-demos-2.1.9-10.el4.7.ia64.rpm
freetype-devel-2.1.9-10.el4.7.ia64.rpm
freetype-utils-2.1.9-10.el4.7.ia64.rpm
ppc:
freetype-2.1.9-10.el4.7.ppc.rpm
freetype-2.1.9-10.el4.7.ppc64.rpm
freetype-debuginfo-2.1.9-10.el4.7.ppc.rpm
freetype-debuginfo-2.1.9-10.el4.7.ppc64.rpm
freetype-demos-2.1.9-10.el4.7.ppc.rpm
freetype-devel-2.1.9-10.el4.7.ppc.rpm
freetype-utils-2.1.9-10.el4.7.ppc.rpm
s390:
freetype-2.1.9-10.el4.7.s390.rpm
freetype-debuginfo-2.1.9-10.el4.7.s390.rpm
freetype-demos-2.1.9-10.el4.7.s390.rpm
freetype-devel-2.1.9-10.el4.7.s390.rpm
freetype-utils-2.1.9-10.el4.7.s390.rpm
s390x:
freetype-2.1.9-10.el4.7.s390.rpm
freetype-2.1.9-10.el4.7.s390x.rpm
freetype-debuginfo-2.1.9-10.el4.7.s390.rpm
freetype-debuginfo-2.1.9-10.el4.7.s390x.rpm
freetype-demos-2.1.9-10.el4.7.s390x.rpm
freetype-devel-2.1.9-10.el4.7.s390x.rpm
freetype-utils-2.1.9-10.el4.7.s390x.rpm
x86_64:
freetype-2.1.9-10.el4.7.i386.rpm
freetype-2.1.9-10.el4.7.x86_64.rpm
freetype-debuginfo-2.1.9-10.el4.7.i386.rpm
freetype-debuginfo-2.1.9-10.el4.7.x86_64.rpm
freetype-demos-2.1.9-10.el4.7.x86_64.rpm
freetype-devel-2.1.9-10.el4.7.x86_64.rpm
freetype-utils-2.1.9-10.el4.7.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
Source:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/freetype-2.1.9-10.el4.7.src.rpm
i386:
freetype-2.1.9-10.el4.7.i386.rpm
freetype-debuginfo-2.1.9-10.el4.7.i386.rpm
freetype-demos-2.1.9-10.el4.7.i386.rpm
freetype-devel-2.1.9-10.el4.7.i386.rpm
freetype-utils-2.1.9-10.el4.7.i386.rpm
x86_64:
freetype-2.1.9-10.el4.7.i386.rpm
freetype-2.1.9-10.el4.7.x86_64.rpm
freetype-debuginfo-2.1.9-10.el4.7.i386.rpm
freetype-debuginfo-2.1.9-10.el4.7.x86_64.rpm
freetype-demos-2.1.9-10.el4.7.x86_64.rpm
freetype-devel-2.1.9-10.el4.7.x86_64.rpm
freetype-utils-2.1.9-10.el4.7.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
Source:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/freetype-2.1.9-10.el4.7.src.rpm
i386:
freetype-2.1.9-10.el4.7.i386.rpm
freetype-debuginfo-2.1.9-10.el4.7.i386.rpm
freetype-demos-2.1.9-10.el4.7.i386.rpm
freetype-devel-2.1.9-10.el4.7.i386.rpm
freetype-utils-2.1.9-10.el4.7.i386.rpm
ia64:
freetype-2.1.9-10.el4.7.i386.rpm
freetype-2.1.9-10.el4.7.ia64.rpm
freetype-debuginfo-2.1.9-10.el4.7.i386.rpm
freetype-debuginfo-2.1.9-10.el4.7.ia64.rpm
freetype-demos-2.1.9-10.el4.7.ia64.rpm
freetype-devel-2.1.9-10.el4.7.ia64.rpm
freetype-utils-2.1.9-10.el4.7.ia64.rpm
x86_64:
freetype-2.1.9-10.el4.7.i386.rpm
freetype-2.1.9-10.el4.7.x86_64.rpm
freetype-debuginfo-2.1.9-10.el4.7.i386.rpm
freetype-debuginfo-2.1.9-10.el4.7.x86_64.rpm
freetype-demos-2.1.9-10.el4.7.x86_64.rpm
freetype-devel-2.1.9-10.el4.7.x86_64.rpm
freetype-utils-2.1.9-10.el4.7.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
Source:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/freetype-2.1.9-10.el4.7.src.rpm
i386:
freetype-2.1.9-10.el4.7.i386.rpm
freetype-debuginfo-2.1.9-10.el4.7.i386.rpm
freetype-demos-2.1.9-10.el4.7.i386.rpm
freetype-devel-2.1.9-10.el4.7.i386.rpm
freetype-utils-2.1.9-10.el4.7.i386.rpm
ia64:
freetype-2.1.9-10.el4.7.i386.rpm
freetype-2.1.9-10.el4.7.ia64.rpm
freetype-debuginfo-2.1.9-10.el4.7.i386.rpm
freetype-debuginfo-2.1.9-10.el4.7.ia64.rpm
freetype-demos-2.1.9-10.el4.7.ia64.rpm
freetype-devel-2.1.9-10.el4.7.ia64.rpm
freetype-utils-2.1.9-10.el4.7.ia64.rpm
x86_64:
freetype-2.1.9-10.el4.7.i386.rpm
freetype-2.1.9-10.el4.7.x86_64.rpm
freetype-debuginfo-2.1.9-10.el4.7.i386.rpm
freetype-debuginfo-2.1.9-10.el4.7.x86_64.rpm
freetype-demos-2.1.9-10.el4.7.x86_64.rpm
freetype-devel-2.1.9-10.el4.7.x86_64.rpm
freetype-utils-2.1.9-10.el4.7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1861
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2754
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1808
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0946
http://www.redhat.com/security/updates/classification/#important
http://www.redhat.com/support/policy/soc/production/
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2009 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFKFplJXlSAg2UNWIIRAqEdAKCQIWrgeF7w5AxL/SLn5Hx3lHfcKACgr4Pz
b5G5e/0/e1CIVBLzsmqe15Q=
=CMeo
- -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Important: freetype security update
Advisory ID: RHSA-2009:1062-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1062.html
Issue date: 2009-05-22
CVE Names: CVE-2006-1861 CVE-2007-2754 CVE-2009-0946
=====================================================================
1. Summary:
Updated freetype packages that fix various security issues are now
available for Red Hat Enterprise Linux 2.1.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
3. Description:
FreeType is a free, high-quality, portable font engine that can open and
manage font files. It also loads, hints, and renders individual glyphs
efficiently. These packages provide both the FreeType 1 and FreeType 2
font engines.
Tavis Ormandy of the Google Security Team discovered several integer
overflow flaws in the FreeType 2 font engine. If a user loaded a
carefully-crafted font file with an application linked against FreeType 2,
it could cause the application to crash or, possibly, execute arbitrary
code with the privileges of the user running the application.
(CVE-2009-0946)
Chris Evans discovered multiple integer overflow flaws in the FreeType font
engine. If a user loaded a carefully-crafted font file with an application
linked against FreeType, it could cause the application to crash or,
possibly, execute arbitrary code with the privileges of the user running
the application. (CVE-2006-1861)
An integer overflow flaw was found in the way the FreeType font engine
processed TrueTypeŽ Font (TTF) files. If a user loaded a carefully-crafted
font file with an application linked against FreeType, it could cause the
application to crash or, possibly, execute arbitrary code with the
privileges of the user running the application. (CVE-2007-2754)
Note: For the FreeType 2 font engine, the CVE-2006-1861 and CVE-2007-2754
flaws were addressed via RHSA-2006:0500 and RHSA-2007:0403 respectively.
This update provides corresponding updates for the FreeType 1 font engine,
included in the freetype packages distributed in Red Hat Enterprise Linux
2.1.
Users are advised to upgrade to these updated packages, which contain
backported patches to correct these issues. The X server must be restarted
(log out, then log back in) for this update to take effect.
4. Solution:
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
5. Bugs fixed (http://bugzilla.redhat.com/):
240200 - CVE-2007-2754 freetype integer overflow
484437 - CVE-2006-1861 freetype: multiple integer overflow vulnerabilities
491384 - CVE-2009-0946 freetype: multiple integer overflows
6. Package List:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 :
Source:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/freetype-2.0.3-17.el21.src.rpm
i386:
freetype-2.0.3-17.el21.i386.rpm
freetype-devel-2.0.3-17.el21.i386.rpm
freetype-utils-2.0.3-17.el21.i386.rpm
ia64:
freetype-2.0.3-17.el21.ia64.rpm
freetype-devel-2.0.3-17.el21.ia64.rpm
freetype-utils-2.0.3-17.el21.ia64.rpm
Red Hat Linux Advanced Workstation 2.1:
Source:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/freetype-2.0.3-17.el21.src.rpm
ia64:
freetype-2.0.3-17.el21.ia64.rpm
freetype-devel-2.0.3-17.el21.ia64.rpm
freetype-utils-2.0.3-17.el21.ia64.rpm
Red Hat Enterprise Linux ES version 2.1:
Source:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/freetype-2.0.3-17.el21.src.rpm
i386:
freetype-2.0.3-17.el21.i386.rpm
freetype-devel-2.0.3-17.el21.i386.rpm
freetype-utils-2.0.3-17.el21.i386.rpm
Red Hat Enterprise Linux WS version 2.1:
Source:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/freetype-2.0.3-17.el21.src.rpm
i386:
freetype-2.0.3-17.el21.i386.rpm
freetype-devel-2.0.3-17.el21.i386.rpm
freetype-utils-2.0.3-17.el21.i386.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1861
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2754
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0946
http://www.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2009 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFKFpmZXlSAg2UNWIIRAqZSAKC+2gYFtmFByqsY9wuw4+h7QDb2VgCfXuvf
CqpoXhxXsXTJkwgc6XfMuso=
=bNGf
- -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Important: freetype security update
Advisory ID: RHSA-2009:1061-02
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1061.html
Issue date: 2009-05-22
CVE Names: CVE-2009-0946
=====================================================================
1. Summary:
Updated freetype packages that fix various security issues are now
available for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
3. Description:
FreeType is a free, high-quality, portable font engine that can open and
manage font files. It also loads, hints, and renders individual glyphs
efficiently. These packages provide the FreeType 2 font engine.
Tavis Ormandy of the Google Security Team discovered several integer
overflow flaws in the FreeType 2 font engine. If a user loaded a
carefully-crafted font file with an application linked against FreeType 2,
it could cause the application to crash or, possibly, execute arbitrary
code with the privileges of the user running the application.
(CVE-2009-0946)
Users are advised to upgrade to these updated packages, which contain a
backported patch to correct these issues. The X server must be restarted
(log out, then log back in) for this update to take effect.
4. Solution:
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
5. Bugs fixed (http://bugzilla.redhat.com/):
491384 - CVE-2009-0946 freetype: multiple integer overflows
6. Package List:
Red Hat Enterprise Linux Desktop (v. 5 client):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/freetype-2.2.1-21.el5_3.src.rpm
i386:
freetype-2.2.1-21.el5_3.i386.rpm
freetype-debuginfo-2.2.1-21.el5_3.i386.rpm
x86_64:
freetype-2.2.1-21.el5_3.i386.rpm
freetype-2.2.1-21.el5_3.x86_64.rpm
freetype-debuginfo-2.2.1-21.el5_3.i386.rpm
freetype-debuginfo-2.2.1-21.el5_3.x86_64.rpm
RHEL Desktop Workstation (v. 5 client):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/freetype-2.2.1-21.el5_3.src.rpm
i386:
freetype-debuginfo-2.2.1-21.el5_3.i386.rpm
freetype-demos-2.2.1-21.el5_3.i386.rpm
freetype-devel-2.2.1-21.el5_3.i386.rpm
x86_64:
freetype-debuginfo-2.2.1-21.el5_3.i386.rpm
freetype-debuginfo-2.2.1-21.el5_3.x86_64.rpm
freetype-demos-2.2.1-21.el5_3.x86_64.rpm
freetype-devel-2.2.1-21.el5_3.i386.rpm
freetype-devel-2.2.1-21.el5_3.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/freetype-2.2.1-21.el5_3.src.rpm
i386:
freetype-2.2.1-21.el5_3.i386.rpm
freetype-debuginfo-2.2.1-21.el5_3.i386.rpm
freetype-demos-2.2.1-21.el5_3.i386.rpm
freetype-devel-2.2.1-21.el5_3.i386.rpm
ia64:
freetype-2.2.1-21.el5_3.i386.rpm
freetype-2.2.1-21.el5_3.ia64.rpm
freetype-debuginfo-2.2.1-21.el5_3.i386.rpm
freetype-debuginfo-2.2.1-21.el5_3.ia64.rpm
freetype-demos-2.2.1-21.el5_3.ia64.rpm
freetype-devel-2.2.1-21.el5_3.ia64.rpm
ppc:
freetype-2.2.1-21.el5_3.ppc.rpm
freetype-2.2.1-21.el5_3.ppc64.rpm
freetype-debuginfo-2.2.1-21.el5_3.ppc.rpm
freetype-debuginfo-2.2.1-21.el5_3.ppc64.rpm
freetype-demos-2.2.1-21.el5_3.ppc.rpm
freetype-devel-2.2.1-21.el5_3.ppc.rpm
freetype-devel-2.2.1-21.el5_3.ppc64.rpm
s390x:
freetype-2.2.1-21.el5_3.s390.rpm
freetype-2.2.1-21.el5_3.s390x.rpm
freetype-debuginfo-2.2.1-21.el5_3.s390.rpm
freetype-debuginfo-2.2.1-21.el5_3.s390x.rpm
freetype-demos-2.2.1-21.el5_3.s390x.rpm
freetype-devel-2.2.1-21.el5_3.s390.rpm
freetype-devel-2.2.1-21.el5_3.s390x.rpm
x86_64:
freetype-2.2.1-21.el5_3.i386.rpm
freetype-2.2.1-21.el5_3.x86_64.rpm
freetype-debuginfo-2.2.1-21.el5_3.i386.rpm
freetype-debuginfo-2.2.1-21.el5_3.x86_64.rpm
freetype-demos-2.2.1-21.el5_3.x86_64.rpm
freetype-devel-2.2.1-21.el5_3.i386.rpm
freetype-devel-2.2.1-21.el5_3.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0946
http://www.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2009 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFKFpmKXlSAg2UNWIIRAjy3AKDAwMJ4dZUB5W3ZUB25p35ihWThWACfcBq/
4GINPC2e/aGWnhUBDkaGtbg=
=NKdt
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iD8DBQFKGyOuNVH5XJJInbgRAtX+AJ9soEjB2XeK5BbjjnrKvZ9SMu1EeACeP9rP
UtM7GXq5StnG2gn5H/fmlLA=
=DnYJ
-----END PGP SIGNATURE-----
|