BugTraq
[ MDVSA-2012:057 ] freetype2 Apr 12 2012 02:05PM
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2012:057
http://www.mandriva.com/security/
_______________________________________________________________________

Package : freetype2
Date : April 12, 2012
Affected: 2010.1, 2011., Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

Multiple flaws were found in FreeType. Specially crafted files
could cause application crashes or potentially execute arbitrary
code (CVE-2012-1126, CVE-2012-1127, CVE-2012-1128, CVE-2012-1129,
CVE-2012-1130, CVE-2012-1131, CVE-2012-1132, CVE-2012-1133,
CVE-2012-1134, CVE-2012-1135, CVE-2012-1136, CVE-2012-1137,
CVE-2012-1138, CVE-2012-1139, CVE-2012-1140, CVE-2012-1141,
CVE-2012-1142, CVE-2012-1143, CVE-2012-1144).

The updated packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1126
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1127
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1128
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1129
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1130
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1131
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1132
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1133
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1134
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1135
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1136
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1137
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1138
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1139
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1140
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1141
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1142
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1143
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1144
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2010.1:
27ac5c46bbcaee8f960d654b08c620c3 2010.1/i586/freetype2-demos-2.3.12-1.9mdv2010.2.i586.rpm
d2d6c24a4614ff3b838cd082c4487da6 2010.1/i586/libfreetype6-2.3.12-1.9mdv2010.2.i586.rpm
613f7d3ac7de3f5eee9b1dc925d37816 2010.1/i586/libfreetype6-devel-2.3.12-1.9mdv2010.2.i586.rpm
002b002cde3335b8c16875543886fd92 2010.1/i586/libfreetype6-static-devel-2.3.12-1.9mdv2010.2.i586.rpm
0d6c1904469c22a77428c4323bc9ce59 2010.1/SRPMS/freetype2-2.3.12-1.9mdv2010.2.src.rpm

Mandriva Linux 2010.1/X86_64:
fa720ee6e2ba28b1e3ab8b6908dc8389 2010.1/x86_64/freetype2-demos-2.3.12-1.9mdv2010.2.x86_64.rpm
ce9ff4d173364d3f3dd02eadcaa00558 2010.1/x86_64/lib64freetype6-2.3.12-1.9mdv2010.2.x86_64.rpm
cb39f796366819450d8221263bbe52a7 2010.1/x86_64/lib64freetype6-devel-2.3.12-1.9mdv2010.2.x86_64.rpm
0d22f0778fa4fd37c3cf23aca2e540ae 2010.1/x86_64/lib64freetype6-static-devel-2.3.12-1.9mdv2010.2.x86_64.rpm

0d6c1904469c22a77428c4323bc9ce59 2010.1/SRPMS/freetype2-2.3.12-1.9mdv2010.2.src.rpm

Mandriva Linux 2011:
b132cce68da5b73b5c0eb3ab6334344f 2011/i586/freetype2-demos-2.4.5-2.3-mdv2011.0.i586.rpm
49543c61a1547907c31c456023e5e3d6 2011/i586/libfreetype6-2.4.5-2.3-mdv2011.0.i586.rpm
7e2fea21d3346ef0102b01e457338c8c 2011/i586/libfreetype6-devel-2.4.5-2.3-mdv2011.0.i586.rpm
0624a5a99801fdfc15e4e681a6694e1f 2011/i586/libfreetype6-static-devel-2.4.5-2.3-mdv2011.0.i586.rpm
9fa0927b963e00c52a5cc8e52b60488f 2011/SRPMS/freetype2-2.4.5-2.3.src.rpm

Mandriva Linux 2011/X86_64:
1af1f5c163d649294da57bf35747f392 2011/x86_64/freetype2-demos-2.4.5-2.3-mdv2011.0.x86_64.rpm
445ecaeea2d4ff7eb21c13c2d0b6559f 2011/x86_64/lib64freetype6-2.4.5-2.3-mdv2011.0.x86_64.rpm
53f8909052fd9b9d0abf7223d4eccb75 2011/x86_64/lib64freetype6-devel-2.4.5-2.3-mdv2011.0.x86_64.rpm
8d964347212fe30961ec6b542388475e 2011/x86_64/lib64freetype6-static-devel-2.4.5-2.3-mdv2011.0.x86_64.rpm
9fa0927b963e00c52a5cc8e52b60488f 2011/SRPMS/freetype2-2.4.5-2.3.src.rpm

Mandriva Enterprise Server 5:
a8a99f3672f9c34568bcec2ec67c961e mes5/i586/freetype2-demos-2.3.7-1.10mdvmes5.2.i586.rpm
1350b0bf938ba4ac67a148371578dc67 mes5/i586/libfreetype6-2.3.7-1.10mdvmes5.2.i586.rpm
4e86fcdc1e2b69f12ce4ba3ffc64fe40 mes5/i586/libfreetype6-devel-2.3.7-1.10mdvmes5.2.i586.rpm
3441e06db6fccb035e4f73626c74e694 mes5/i586/libfreetype6-static-devel-2.3.7-1.10mdvmes5.2.i586.rpm
40e296bda353cb4351feb3dec6e8b508 mes5/SRPMS/freetype2-2.3.7-1.10mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64:
1908a8af14e177717a3c8fc962834019 mes5/x86_64/freetype2-demos-2.3.7-1.10mdvmes5.2.x86_64.rpm
79a9c7f036c2d69027b5aaabc39554a4 mes5/x86_64/lib64freetype6-2.3.7-1.10mdvmes5.2.x86_64.rpm
462b93d5939a507033b2faa414a26141 mes5/x86_64/lib64freetype6-devel-2.3.7-1.10mdvmes5.2.x86_64.rpm
11896142878498128688d0667bbccd9a mes5/x86_64/lib64freetype6-static-devel-2.3.7-1.10mdvmes5.2.x86_64.rpm
40e296bda353cb4351feb3dec6e8b508 mes5/SRPMS/freetype2-2.3.7-1.10mdvmes5.2.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFPhrLQmqjQ0CJFipgRAlTjAKCLMBynemZAky8w1QxtTeUExoCobQCePExV
tTU2vHcYIJ41fGp4cPaqOrs=
=RegY
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus