what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2010-201

Mandriva Linux Security Advisory 2010-201
Posted Oct 14, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-201 - Marc Schoenefeld found an input stream position error in the way FreeType font rendering engine processed input file streams. If a user loaded a specially-crafted font file with an application linked against FreeType and relevant font glyphs were subsequently rendered with the X FreeType library, it could cause the application to crash or, possibly execute arbitrary code (integer overflow leading to heap-based buffer overflow in the libXft library) with the privileges of the user running the application. Different vulnerability than CVE-2010-1797.

tags | advisory, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2010-3311
SHA-256 | cf77ad478e89a3ba2c6046a48e6f32429662f19ea59b6368bbb43895bb0b789e
Download | Favorite | View

Mandriva Linux Security Advisory 2010-201

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:201
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : freetype2
 Date    : October 13, 2010
 Affected: 2009.0, 2009.1, 2010.0, 2010.1, Corporate 4.0,
           Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability was discovered and corrected in freetype2:
 
 Marc Schoenefeld found an input stream position error in the way
 FreeType font rendering engine processed input file streams. If
 a user loaded a specially-crafted font file with an application
 linked against FreeType and relevant font glyphs were subsequently
 rendered with the X FreeType library (libXft), it could cause the
 application to crash or, possibly execute arbitrary code (integer
 overflow leading to heap-based buffer overflow in the libXft library)
 with the privileges of the user running the application. Different
 vulnerability than CVE-2010-1797 (CVE-2010-3311).
 
 Packages for 2009.0 are provided as of the Extended Maintenance
 Program. Please visit this link to learn more:
 http://store.mandriva.com/product_info.php?cPath=149&products_id=490
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3311
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.0:
 248523a7d7a2c3d6a85cb88513f3a830  2009.0/i586/libfreetype6-2.3.7-1.5mdv2009.0.i586.rpm
 d732b628d679e6c1f1825fc8651dbba4  2009.0/i586/libfreetype6-devel-2.3.7-1.5mdv2009.0.i586.rpm
 eba4f60c32555f0cccee21bd1604ecdd  2009.0/i586/libfreetype6-static-devel-2.3.7-1.5mdv2009.0.i586.rpm 
 9a95af00a0336bbd89965d410ecf7dbf  2009.0/SRPMS/freetype2-2.3.7-1.5mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 30127aa3b8f70207269911dc74d5d1f6  2009.0/x86_64/lib64freetype6-2.3.7-1.5mdv2009.0.x86_64.rpm
 3b6020558fbaf3651ff7c3ca13f1b7dc  2009.0/x86_64/lib64freetype6-devel-2.3.7-1.5mdv2009.0.x86_64.rpm
 0f572c7db1071b843ef103226f058bf8  2009.0/x86_64/lib64freetype6-static-devel-2.3.7-1.5mdv2009.0.x86_64.rpm 
 9a95af00a0336bbd89965d410ecf7dbf  2009.0/SRPMS/freetype2-2.3.7-1.5mdv2009.0.src.rpm

 Mandriva Linux 2009.1:
 06b12f4db64361f3d7b749ea97b23573  2009.1/i586/libfreetype6-2.3.9-1.6mdv2009.1.i586.rpm
 bfe315852b8d3e9595796f9c9933694f  2009.1/i586/libfreetype6-devel-2.3.9-1.6mdv2009.1.i586.rpm
 2b493d1661300189e5551acf31822088  2009.1/i586/libfreetype6-static-devel-2.3.9-1.6mdv2009.1.i586.rpm 
 2a72ac2132ed6513dd1b2f93e06364fe  2009.1/SRPMS/freetype2-2.3.9-1.6mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 9b0158596861029412f697767cfce475  2009.1/x86_64/lib64freetype6-2.3.9-1.6mdv2009.1.x86_64.rpm
 9389f0616c2633adec3ee5dc0788d0d3  2009.1/x86_64/lib64freetype6-devel-2.3.9-1.6mdv2009.1.x86_64.rpm
 da638cb0fc6f198e195fefc94ae4d052  2009.1/x86_64/lib64freetype6-static-devel-2.3.9-1.6mdv2009.1.x86_64.rpm 
 2a72ac2132ed6513dd1b2f93e06364fe  2009.1/SRPMS/freetype2-2.3.9-1.6mdv2009.1.src.rpm

 Mandriva Linux 2010.0:
 81e94386ee8cd6641a46dce9df0efcae  2010.0/i586/libfreetype6-2.3.11-1.4mdv2010.0.i586.rpm
 e585d63da11b17c74f456ea97368ae97  2010.0/i586/libfreetype6-devel-2.3.11-1.4mdv2010.0.i586.rpm
 6f08eacbc92f4b8ea2e2880c97890f9e  2010.0/i586/libfreetype6-static-devel-2.3.11-1.4mdv2010.0.i586.rpm 
 a1cb1cc205c73df55e5576c3d53dfe5b  2010.0/SRPMS/freetype2-2.3.11-1.4mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 8bb4d116a20020735920acdef6edb36c  2010.0/x86_64/lib64freetype6-2.3.11-1.4mdv2010.0.x86_64.rpm
 3e71bd23288d28261e6494389a945c8d  2010.0/x86_64/lib64freetype6-devel-2.3.11-1.4mdv2010.0.x86_64.rpm
 7c720ab93b651535c31fa51ff7a4062d  2010.0/x86_64/lib64freetype6-static-devel-2.3.11-1.4mdv2010.0.x86_64.rpm 
 a1cb1cc205c73df55e5576c3d53dfe5b  2010.0/SRPMS/freetype2-2.3.11-1.4mdv2010.0.src.rpm

 Mandriva Linux 2010.1:
 be9c8f1b5cd2f417f0ae646bc8cbc0f2  2010.1/i586/libfreetype6-2.3.12-1.4mdv2010.1.i586.rpm
 87165bb194725472642623489e13c3d2  2010.1/i586/libfreetype6-devel-2.3.12-1.4mdv2010.1.i586.rpm
 f6b9da29780ed1c3d4192a2de2df965a  2010.1/i586/libfreetype6-static-devel-2.3.12-1.4mdv2010.1.i586.rpm 
 8f9e6f8272bdd85b655f77c3bc0f1186  2010.1/SRPMS/freetype2-2.3.12-1.4mdv2010.1.src.rpm

 Mandriva Linux 2010.1/X86_64:
 426a77c1681ccb983b4421025a705622  2010.1/x86_64/lib64freetype6-2.3.12-1.4mdv2010.1.x86_64.rpm
 8847d5d1a4aa7a007e97e60dc638fcb1  2010.1/x86_64/lib64freetype6-devel-2.3.12-1.4mdv2010.1.x86_64.rpm
 1d61007c529ec3775d30fd417829590a  2010.1/x86_64/lib64freetype6-static-devel-2.3.12-1.4mdv2010.1.x86_64.rpm 
 8f9e6f8272bdd85b655f77c3bc0f1186  2010.1/SRPMS/freetype2-2.3.12-1.4mdv2010.1.src.rpm

 Corporate 4.0:
 c86147b513f4c157f6790a2e4ada0fd2  corporate/4.0/i586/libfreetype6-2.1.10-9.13.20060mlcs4.i586.rpm
 a9fa44acaef91683cad125612df13c92  corporate/4.0/i586/libfreetype6-devel-2.1.10-9.13.20060mlcs4.i586.rpm
 a4aae0884a8a56d305a15b3d46f42cee  corporate/4.0/i586/libfreetype6-static-devel-2.1.10-9.13.20060mlcs4.i586.rpm 
 0a1de080fd2d95e2bfd3a89f3e941742  corporate/4.0/SRPMS/freetype2-2.1.10-9.13.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 f38670ff2950f26aca44a5aae5668487  corporate/4.0/x86_64/lib64freetype6-2.1.10-9.13.20060mlcs4.x86_64.rpm
 23de0669bb0c18c43ca3f4c4143a2a45  corporate/4.0/x86_64/lib64freetype6-devel-2.1.10-9.13.20060mlcs4.x86_64.rpm
 487f9047aa914a9ff87fe4642e1dea9f  corporate/4.0/x86_64/lib64freetype6-static-devel-2.1.10-9.13.20060mlcs4.x86_64.rpm 
 0a1de080fd2d95e2bfd3a89f3e941742  corporate/4.0/SRPMS/freetype2-2.1.10-9.13.20060mlcs4.src.rpm

 Mandriva Enterprise Server 5:
 f990681b978c21632695ce8026e00e7f  mes5/i586/libfreetype6-2.3.7-1.5mdvmes5.1.i586.rpm
 4b46a043a230f88dbd8df174ce52bf61  mes5/i586/libfreetype6-devel-2.3.7-1.5mdvmes5.1.i586.rpm
 4520f9874288317c70d769b22f36cb72  mes5/i586/libfreetype6-static-devel-2.3.7-1.5mdvmes5.1.i586.rpm 
 e9b104e41904bf0e23fd551ad7537696  mes5/SRPMS/freetype2-2.3.7-1.5mdvmes5.1.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 d6c2911551cc1cc010b0b64e8e0b842b  mes5/x86_64/lib64freetype6-2.3.7-1.5mdvmes5.1.x86_64.rpm
 d772a09bece742077abae2a96a2f7ebd  mes5/x86_64/lib64freetype6-devel-2.3.7-1.5mdvmes5.1.x86_64.rpm
 d0ecc6df23b6aa94fdaf945756d47ccd  mes5/x86_64/lib64freetype6-static-devel-2.3.7-1.5mdvmes5.1.x86_64.rpm 
 e9b104e41904bf0e23fd551ad7537696  mes5/SRPMS/freetype2-2.3.7-1.5mdvmes5.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFMtcWRmqjQ0CJFipgRAgQgAJ4+cTAwi6mX+HqQDY6h4R8SF5RWUwCgmD44
+a5z4ffWY3Qm4BrHauRwMnA=
=TX/N
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    0 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    0 Files
  • 10
    May 10th
    0 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    0 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    0 Files
  • 17
    May 17th
    0 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close