BugTraq
[ MDVSA-2010:137 ] freetype2 Jul 18 2010 08:10PM
security mandriva com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2010:137
http://www.mandriva.com/security/
_______________________________________________________________________

Package : freetype2
Date : July 18, 2010
Affected: 2008.0, 2009.0, 2009.1, 2010.0, 2010.1, Corporate 4.0,
Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities has been found and corrected in freetype2:

Multiple integer underflows/overflows and heap buffer overflows was
discovered and fixed (CVE-2010-2497, CVE-2010-2498, CVE-2010-2499,
CVE-2010-2500, CVE-2010-2519).

A heap buffer overflow was discovered in the bytecode support. The
bytecode support is NOT enabled per default in Mandriva due to previous
patent claims, but packages by PLF is affected (CVE-2010-2520).

Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2497
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2498
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2499
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2500
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2519
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2520
http://savannah.nongnu.org/bugs/index.php?30082
http://savannah.nongnu.org/bugs/index.php?30083
http://savannah.nongnu.org/bugs/index.php?30106
http://savannah.nongnu.org/bugs/index.php?30248
http://savannah.nongnu.org/bugs/index.php?30249
http://savannah.nongnu.org/bugs/index.php?30263
http://savannah.nongnu.org/bugs/index.php?30306
http://savannah.nongnu.org/bugs/index.php?30361
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2008.0:
a350e339a4fe6a22f36657cabbe6141a 2008.0/i586/libfreetype6-2.3.5-2.3mdv2008.0.i586.rpm
bc9f891fe8d8a8c714d2534e06ad43d4 2008.0/i586/libfreetype6-devel-2.3.5-2.3mdv2008.0.i586.rpm
a50784f5664168dc977a3ddcd493086a 2008.0/i586/libfreetype6-static-devel-2.3.5-2.3mdv2008.0.i586.rpm
1d1dbb9f37f74602796924f7ca63dce8 2008.0/SRPMS/freetype2-2.3.5-2.3mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
5ab49d2b55215d52399a254cf50a1956 2008.0/x86_64/lib64freetype6-2.3.5-2.3mdv2008.0.x86_64.rpm
f820a98378b967322135bb10b75327c5 2008.0/x86_64/lib64freetype6-devel-2.3.5-2.3mdv2008.0.x86_64.rpm
61ff08937d8ae39f41a1851b2b042ff3 2008.0/x86_64/lib64freetype6-static-devel-2.3.5-2.3mdv2008.0.x86_64.rpm
1d1dbb9f37f74602796924f7ca63dce8 2008.0/SRPMS/freetype2-2.3.5-2.3mdv2008.0.src.rpm

Mandriva Linux 2009.0:
f017f08c4b65d81140aa847e61c234a4 2009.0/i586/libfreetype6-2.3.7-1.2mdv2009.0.i586.rpm
e2a712f6d532fa7cede07ff456b1f659 2009.0/i586/libfreetype6-devel-2.3.7-1.2mdv2009.0.i586.rpm
b7b0c9acd3e79d7df842a0b8708386d2 2009.0/i586/libfreetype6-static-devel-2.3.7-1.2mdv2009.0.i586.rpm
2a9fe20c41938453790e8554dd7a38b2 2009.0/SRPMS/freetype2-2.3.7-1.2mdv2009.0.src.rpm

Mandriva Linux 2009.0/X86_64:
06e1c0b0330ea7485f0a1058e3ea410c 2009.0/x86_64/lib64freetype6-2.3.7-1.2mdv2009.0.x86_64.rpm
2e8d45b79ca52ec58b701b058d5042e5 2009.0/x86_64/lib64freetype6-devel-2.3.7-1.2mdv2009.0.x86_64.rpm
73758504e74f747a577ba14f91d1fff6 2009.0/x86_64/lib64freetype6-static-devel-2.3.7-1.2mdv2009.0.x86_64.rpm
2a9fe20c41938453790e8554dd7a38b2 2009.0/SRPMS/freetype2-2.3.7-1.2mdv2009.0.src.rpm

Mandriva Linux 2009.1:
df9d47720ebf2d9dcc3574a3b28f1f41 2009.1/i586/libfreetype6-2.3.9-1.3mdv2009.1.i586.rpm
32517c3e3680189ababc2bfb316dcbca 2009.1/i586/libfreetype6-devel-2.3.9-1.3mdv2009.1.i586.rpm
35577f7a2056c88f572f6bd646332b9a 2009.1/i586/libfreetype6-static-devel-2.3.9-1.3mdv2009.1.i586.rpm
2bd93e051bc87216b866f2e342868cda 2009.1/SRPMS/freetype2-2.3.9-1.3mdv2009.1.src.rpm

Mandriva Linux 2009.1/X86_64:
93d370c19ed7db70983a379745fd26c0 2009.1/x86_64/lib64freetype6-2.3.9-1.3mdv2009.1.x86_64.rpm
7f10623f49b55097ac9eafab3b47b0f4 2009.1/x86_64/lib64freetype6-devel-2.3.9-1.3mdv2009.1.x86_64.rpm
739ba87a09510c56db2efddcf7b025a6 2009.1/x86_64/lib64freetype6-static-devel-2.3.9-1.3mdv2009.1.x86_64.rpm
2bd93e051bc87216b866f2e342868cda 2009.1/SRPMS/freetype2-2.3.9-1.3mdv2009.1.src.rpm

Mandriva Linux 2010.0:
6d902cc9de35aa3be96aedc53e42fbc8 2010.0/i586/libfreetype6-2.3.11-1.1mdv2010.0.i586.rpm
15499b1ad5daf5e8eef7bd02081b2b9a 2010.0/i586/libfreetype6-devel-2.3.11-1.1mdv2010.0.i586.rpm
ed079e1c8bba12831544e89f41f61902 2010.0/i586/libfreetype6-static-devel-2.3.11-1.1mdv2010.0.i586.rpm
26c3d66563a661b2d5dd4320006608e8 2010.0/SRPMS/freetype2-2.3.11-1.1mdv2010.0.src.rpm

Mandriva Linux 2010.0/X86_64:
a74b2d177174752d43977810e821c6c7 2010.0/x86_64/lib64freetype6-2.3.11-1.1mdv2010.0.x86_64.rpm
9c50ecf9f507944ee152f5984a79db8c 2010.0/x86_64/lib64freetype6-devel-2.3.11-1.1mdv2010.0.x86_64.rpm
3522e4b48ea9970bdd6aabfb22aa0edd 2010.0/x86_64/lib64freetype6-static-devel-2.3.11-1.1mdv2010.0.x86_64.rpm

26c3d66563a661b2d5dd4320006608e8 2010.0/SRPMS/freetype2-2.3.11-1.1mdv2010.0.src.rpm

Mandriva Linux 2010.1:
0f19f70a4e6d8c02beab6648c23b8285 2010.1/i586/libfreetype6-2.3.12-1.1mdv2010.1.i586.rpm
5a934ad9a2f448f9329ec6af80333111 2010.1/i586/libfreetype6-devel-2.3.12-1.1mdv2010.1.i586.rpm
241e874e820a0970f98b707b8291c340 2010.1/i586/libfreetype6-static-devel-2.3.12-1.1mdv2010.1.i586.rpm
592e74e5a310612d4e1b8660e94a712b 2010.1/SRPMS/freetype2-2.3.12-1.1mdv2010.1.src.rpm

Mandriva Linux 2010.1/X86_64:
0771262b102961d7edc94575528d5948 2010.1/x86_64/lib64freetype6-2.3.12-1.1mdv2010.1.x86_64.rpm
01f630dde7c5896f9152e2a1d1ad141d 2010.1/x86_64/lib64freetype6-devel-2.3.12-1.1mdv2010.1.x86_64.rpm
9c8e3745e78491cdfb2a039181de7e86 2010.1/x86_64/lib64freetype6-static-devel-2.3.12-1.1mdv2010.1.x86_64.rpm

592e74e5a310612d4e1b8660e94a712b 2010.1/SRPMS/freetype2-2.3.12-1.1mdv2010.1.src.rpm

Corporate 4.0:
b47474a48a5374b118a03dedb32675df corporate/4.0/i586/libfreetype6-2.1.10-9.10.20060mlcs4.i586.rpm
ddd413cc050cc9bb5b36339b749f784a corporate/4.0/i586/libfreetype6-devel-2.1.10-9.10.20060mlcs4.i586.rpm
96eccead61eb74c0ca706349f27fd318 corporate/4.0/i586/libfreetype6-static-devel-2.1.10-9.10.20060mlcs4.i586
.rpm
3d08f8107cc7abab6570adb06b985ea2 corporate/4.0/SRPMS/freetype2-2.1.10-9.10.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
6b01ebbb7476d3cc2d2a469d4250df63 corporate/4.0/x86_64/lib64freetype6-2.1.10-9.10.20060mlcs4.x86_64.rpm
9ace9cf4dee54ad6a78b126f3ff1cdd6 corporate/4.0/x86_64/lib64freetype6-devel-2.1.10-9.10.20060mlcs4.x86_64.
rpm
7a17d135bb1d36852c271fa353e50da0 corporate/4.0/x86_64/lib64freetype6-static-devel-2.1.10-9.10.20060mlcs4.
x86_64.rpm
3d08f8107cc7abab6570adb06b985ea2 corporate/4.0/SRPMS/freetype2-2.1.10-9.10.20060mlcs4.src.rpm

Mandriva Enterprise Server 5:
ab6b886c00b3956805885f42bb480d19 mes5/i586/libfreetype6-2.3.7-1.2mdvmes5.1.i586.rpm
184fc3238d6f761a727a51582d0ff2ff mes5/i586/libfreetype6-devel-2.3.7-1.2mdvmes5.1.i586.rpm
b414bb7c2e78d7606a096bcda6ea2730 mes5/i586/libfreetype6-static-devel-2.3.7-1.2mdvmes5.1.i586.rpm
d9fefde1ace3f7127c95fffb678b56bc mes5/SRPMS/freetype2-2.3.7-1.2mdvmes5.1.src.rpm

Mandriva Enterprise Server 5/X86_64:
011bff1c7507d1c5b9039f9c48865f5e mes5/x86_64/lib64freetype6-2.3.7-1.2mdvmes5.1.x86_64.rpm
9a0b94b603f3765dc61590af87016b46 mes5/x86_64/lib64freetype6-devel-2.3.7-1.2mdvmes5.1.x86_64.rpm
ef94a826eb1218e9f6d027f50c1abad5 mes5/x86_64/lib64freetype6-static-devel-2.3.7-1.2mdvmes5.1.x86_64.rpm
d9fefde1ace3f7127c95fffb678b56bc mes5/SRPMS/freetype2-2.3.7-1.2mdvmes5.1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFMQy2YmqjQ0CJFipgRAltfAJ4x+MQOm7pdWHXtx2uj6129UFUHWwCfcRSu
ff6oX1VrH4m/hTnNaqDy5Nw=
=XCr9
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus