| |||||||||||||||||||
Pardus alert 2010-114 (freetype)
------------------------------------------------------------------------ Pardus Linux Security Advisory 2010-114 security@pardus.org.tr ------------------------------------------------------------------------ Date: 2010-08-12 Severity: 4 Type: Remote ------------------------------------------------------------------------ Summary ======= Multiple vulnerabilities have been fixed in FreeType. Description =========== CVE-2010-1797: Buffer overflow errors in the "cff_decoder_parse_charstrings()" [src/cff/cffgload.c] function when processing Compact Font Format (CFF) opcodes allows remote attackers to crash an affected application linked against a vulnerable library, or execute arbitrary code via a malicious font. Stack overflow vulnerability was found allow remote attarckers to execute arbitrary code. CVE-2010-2805, CVE-2010-2806, CVE-2010-2807, CVE-2010-2808: Memory corruption flaws were found in the way FreeType font rendering engine processed certain Adobe Type 1 Mac Font File (LWFN) fonts. An attacker could use this flaw to create a specially-crafted font file that, when opened, would cause an application linked against libfreetype to crash, or, possibly execute arbitrary code. Affected packages: Pardus 2009: freetype, all before 2.4.2-42-11 Resolution ========== There are update(s) for freetype. You can update them via Package Manager or with a single command from console: pisi up freetype References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=13925 * http://bugs.pardus.org.tr/show_bug.cgi?id=13929 * http://www.vupen.com/english/advisories/2010/2018 ------------------------------------------------------------------------ _______________________________________________ Pardus-security mailing list Pardus-security@pardus.org.tr http://liste.pardus.org.tr/mailman/listinfo/pardus-security (Log in to post comments)
|
|||||||||||||||||||