LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Ubuntu alert USN-1013-1 (freetype)



From:
    	      Marc Deslauriers <marc.deslauriers@canonical.com> 


To:
    	      ubuntu-security-announce@lists.ubuntu.com 


Subject:
    	      [USN-1013-1] FreeType vulnerabilities 


Date:
    	      Thu, 04 Nov 2010 10:47:24 -0400


Message-ID:
    	      <1288882044.19092.15.camel@mdlinux>


Cc:
    	      full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com


Archive-link:
    	      Article, Thread
              


===========================================================
Ubuntu Security Notice USN-1013-1          November 04, 2010
freetype vulnerabilities
CVE-2010-3311, CVE-2010-3814, CVE-2010-3855
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 9.10
Ubuntu 10.04 LTS
Ubuntu 10.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  libfreetype6                    2.1.10-1ubuntu2.10

Ubuntu 8.04 LTS:
  libfreetype6                    2.3.5-1ubuntu4.8.04.6

Ubuntu 9.10:
  libfreetype6                    2.3.9-5ubuntu0.4

Ubuntu 10.04 LTS:
  libfreetype6                    2.3.11-1ubuntu2.4

Ubuntu 10.10:
  libfreetype6                    2.4.2-2ubuntu0.1

After a standard system update you need to restart your session to make all
the necessary changes.

Details follow:

Marc Schoenefeld discovered that FreeType did not correctly handle certain
malformed font files. If a user were tricked into using a specially crafted
font file, a remote attacker could cause FreeType to crash or possibly
execute arbitrary code with user privileges. This issue only affected
Ubuntu 6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS. (CVE-2010-3311)

Chris Evans discovered that FreeType did not correctly handle certain
malformed TrueType font files. If a user were tricked into using a
specially crafted TrueType file, a remote attacker could cause FreeType to
crash or possibly execute arbitrary code with user privileges. This issue
only affected Ubuntu 8.04 LTS, 9.10, 10.04 LTS and 10.10. (CVE-2010-3814)

It was discovered that FreeType did not correctly handle certain malformed
TrueType font files. If a user were tricked into using a specially crafted
TrueType file, a remote attacker could cause FreeType to crash or possibly
execute arbitrary code with user privileges. (CVE-2010-3855)


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/fr...
      Size/MD5:    71819 cd55b858aab3f2c897e4fe17cc9aa070
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/fr...
      Size/MD5:     1361 014b2444161d175d000b4a40143bc6db
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/fr...
      Size/MD5:  1323617 adf145ce51196ad1b3054d5fb032efe6

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):


http://security.ubuntu.com/ubuntu/pool/main/f/freetype/li...
      Size/MD5:   720164 130a6c14d1a9f1db1b73f9bc9bb61c8a

http://security.ubuntu.com/ubuntu/pool/main/f/freetype/li...
      Size/MD5:   442550 076fbad8950155211d027b50ba56a93c

http://security.ubuntu.com/ubuntu/pool/universe/f/freetyp...
      Size/MD5:   135470 82f25c235f4927db347f1f5576b0b41a

http://security.ubuntu.com/ubuntu/pool/universe/f/freetyp...
      Size/MD5:   252002 d4280f3c540099ae1e462092ecdf5ab2

  i386 architecture (x86 compatible Intel/AMD):


http://security.ubuntu.com/ubuntu/pool/main/f/freetype/li...
      Size/MD5:   677614 44e9f1e0fedc53ec96c2d9dfacb402fb

http://security.ubuntu.com/ubuntu/pool/main/f/freetype/li...
      Size/MD5:   416500 f45641414f0e34bcb21b9a1849d05f08

http://security.ubuntu.com/ubuntu/pool/universe/f/freetyp...
      Size/MD5:   117312 74145cfb6d044fb40eeb10acb3dbba76

http://security.ubuntu.com/ubuntu/pool/universe/f/freetyp...
      Size/MD5:   227478 0281b919315c577b843976b3d63616b6

  powerpc architecture (Apple Macintosh G3/G4/G5):


http://security.ubuntu.com/ubuntu/pool/main/f/freetype/li...
      Size/MD5:   708648 dd502d4bd31e195abb4f97c93084c7b4

http://security.ubuntu.com/ubuntu/pool/main/f/freetype/li...
      Size/MD5:   431110 1d2d8cbd8be3071d53dec8acfe15ab64

http://security.ubuntu.com/ubuntu/pool/universe/f/freetyp...
      Size/MD5:   134270 5f91cd34e7792d0e778c199d7e9b2753

http://security.ubuntu.com/ubuntu/pool/universe/f/freetyp...
      Size/MD5:   241698 0ce746ac70d197b84d7bcdb11865f69e

  sparc architecture (Sun SPARC/UltraSPARC):


http://security.ubuntu.com/ubuntu/pool/main/f/freetype/li...
      Size/MD5:   683956 402a2760415e5f0d879ece5ade5d684e

http://security.ubuntu.com/ubuntu/pool/main/f/freetype/li...
      Size/MD5:   412190 3022a7579c63085ee0a16dd927b4d7f1

http://security.ubuntu.com/ubuntu/pool/universe/f/freetyp...
      Size/MD5:   120136 418ba73d7f9b771d9008d3f17fcc534e

http://security.ubuntu.com/ubuntu/pool/universe/f/freetyp...
      Size/MD5:   222694 63a8d67712cc996381d26265d68be581

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/fr...
      Size/MD5:    41916 423fc30bf2da50ccd1f2d19d45a5c514
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/fr...
      Size/MD5:     1547 ff653c0c0638614078e0add34f8b2caa
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/fr...
      Size/MD5:  1536077 4a5bdbe1ab92f3fe4c4816f9934a5ec2

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):


http://security.ubuntu.com/ubuntu/pool/main/f/freetype/li...
      Size/MD5:   694364 01f7e39284102ac31c1c0bb272ab7ea1

http://security.ubuntu.com/ubuntu/pool/main/f/freetype/li...
      Size/MD5:   362582 82aff3953b1751fc1713b9fe488a5a2f

http://security.ubuntu.com/ubuntu/pool/universe/f/freetyp...
      Size/MD5:   221368 4ad8d48148e4a464667a014855c8d832

http://security.ubuntu.com/ubuntu/pool/universe/f/freetyp...
      Size/MD5:   258522 cb3d095b75576dbabc68abb30bcf7edc

  i386 architecture (x86 compatible Intel/AMD):


http://security.ubuntu.com/ubuntu/pool/main/f/freetype/li...
      Size/MD5:   663390 d040c3521a7f942fb7fa72f2bf2f39b0

http://security.ubuntu.com/ubuntu/pool/main/f/freetype/li...
      Size/MD5:   347296 b1629e03ea54d9471703e78054bdafba

http://security.ubuntu.com/ubuntu/pool/universe/f/freetyp...
      Size/MD5:   201286 4fc1544827ce21c1386448c73be403b1

http://security.ubuntu.com/ubuntu/pool/universe/f/freetyp...
      Size/MD5:   243518 7680e98cb1702332cd1ee4984f0bdbed

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6...
      Size/MD5:   665150 c3b35e4365cd498ff413a1de142621ba
    http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6...
      Size/MD5:   347674 8e4ede556403ae166bbfe2a8de7c6570

http://ports.ubuntu.com/pool/universe/f/freetype/freetype...
      Size/MD5:   205574 1161cabb7d410027e13021c6841b9432

http://ports.ubuntu.com/pool/universe/f/freetype/libfreet...
      Size/MD5:   244346 1663b16e2042a2d1ab175598d129a546

  powerpc architecture (Apple Macintosh G3/G4/G5):


http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6...
      Size/MD5:   687188 ed64195eefdc6ae18151a5f118abf55e
    http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6...
      Size/MD5:   358168 c3fda826a0e35c5704a7d04241e2105f

http://ports.ubuntu.com/pool/universe/f/freetype/freetype...
      Size/MD5:   235582 f3da2def5787104490312806b43bc88b

http://ports.ubuntu.com/pool/universe/f/freetype/libfreet...
      Size/MD5:   254524 f13db4e9a493f71e073ef85a3b242e58

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6...
      Size/MD5:   658138 3b414f0dceeb57c3d60ec0f7f8c26837
    http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6...
      Size/MD5:   332274 92a90ed3313ba001b0a344bbbe3e6bc1

http://ports.ubuntu.com/pool/universe/f/freetype/freetype...
      Size/MD5:   199762 54848c743d63cee1ffd8603687bff958

http://ports.ubuntu.com/pool/universe/f/freetype/libfreet...
      Size/MD5:   227842 f78e8cc4c3da8ad4c6892140fe457890

Updated packages for Ubuntu 9.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/fr...
      Size/MD5:    44604 8257a21e559665b099b88bdfbe5984db
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/fr...
      Size/MD5:     1951 a4545566627534c28f8086824692bea2
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/fr...
      Size/MD5:  1624314 7b2ab681f1a436876ed888041204e478

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):


http://security.ubuntu.com/ubuntu/pool/main/f/freetype/li...
      Size/MD5:   730386 9fe21d7594f5f5961dfbf285ef5af166

http://security.ubuntu.com/ubuntu/pool/main/f/freetype/li...
      Size/MD5:   275180 382d2a60eecd2037a86430962ddc65a6
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/li...
      Size/MD5:   411630 b1b78ec90ef42a2079931e702c6eb8cf

http://security.ubuntu.com/ubuntu/pool/universe/f/freetyp...
      Size/MD5:   230142 575c90acf7499365a1952ff2f623c75e

  i386 architecture (x86 compatible Intel/AMD):


http://security.ubuntu.com/ubuntu/pool/main/f/freetype/li...
      Size/MD5:   695796 dbe73fa2bad376ccc0e228c9a1577911

http://security.ubuntu.com/ubuntu/pool/main/f/freetype/li...
      Size/MD5:   258720 43843ba09411ccbeb9f9e52287940b9d
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/li...
      Size/MD5:   394512 38b7730484c23cb372bbae3c290b6b45

http://security.ubuntu.com/ubuntu/pool/universe/f/freetyp...
      Size/MD5:   196648 bc11e00a3acb84a58d699ed9ff649b5a

  armel architecture (ARM Architecture):

    http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6...
      Size/MD5:   692646 4b147b0de7008bec41cce286e8f5ddf0
    http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6...
      Size/MD5:   240844 d4138aa1102ae12f2f19cc3b3b408217
    http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6...
      Size/MD5:   376142 9b4aa83e343ce52445aa352ca5067b51
    http://ports.ubuntu.com/pool/universe/f/freetype/freetype...
      Size/MD5:   196426 9650febbd49d92b88491c37b59807504

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6...
      Size/MD5:   699428 66b63f9b756fc6bcdbf4f0a0826c844c
    http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6...
      Size/MD5:   259314 e96740df212eeb4d2b70e0ae14791c45
    http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6...
      Size/MD5:   394186 cb676de6bab72eb62e12e056fe9fb3ec
    http://ports.ubuntu.com/pool/universe/f/freetype/freetype...
      Size/MD5:   198546 d10447a1a81d880c199aa01c4be36115

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6...
      Size/MD5:   719804 43a71ec977e3af8cd2ea239415408080
    http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6...
      Size/MD5:   264620 7e06c6b721b452c86f67901c32d97d4e
    http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6...
      Size/MD5:   399308 36bcb6821a36fd08ec8626f2171b7427
    http://ports.ubuntu.com/pool/universe/f/freetype/freetype...
      Size/MD5:   203814 e3f50055024c6888c87b10604b383cea

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6...
      Size/MD5:   691066 fa17775ebd1e2a8dcd3d5ef7c3c51b33
    http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6...
      Size/MD5:   240568 37f890946c38c4e400a87dee451e6a90
    http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6...
      Size/MD5:   375152 8a94d9f55ca0c70cf398c5aba284a1b1
    http://ports.ubuntu.com/pool/universe/f/freetype/freetype...
      Size/MD5:   195774 d5cd9d47f697e6787da14bd421565e06

Updated packages for Ubuntu 10.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/fr...
      Size/MD5:    42589 8aa1841bf3e29ef5aad1296d2f785982
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/fr...
      Size/MD5:     1953 c6f21a05c53ef3b2b4ebcb318421afb2
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/fr...
      Size/MD5:  1709600 5aa22c0bc6aa3815b40a309ead2b9d1b

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):


http://security.ubuntu.com/ubuntu/pool/main/f/freetype/li...
      Size/MD5:   739610 790d56c1ef67ab3438870b2e649e18f4

http://security.ubuntu.com/ubuntu/pool/main/f/freetype/li...
      Size/MD5:   277556 ad13bcac17ae5b3e045dbc7b81a259a3

http://security.ubuntu.com/ubuntu/pool/main/f/freetype/li...
      Size/MD5:   435078 9f5682d68d47affe9d06a61c5d68dd88

http://security.ubuntu.com/ubuntu/pool/universe/f/freetyp...
      Size/MD5:   221446 2e56e47e5f930aaf295e59628980ccf3

  i386 architecture (x86 compatible Intel/AMD):


http://security.ubuntu.com/ubuntu/pool/main/f/freetype/li...
      Size/MD5:   704740 99f15122229ecd350dc7114720d961e1

http://security.ubuntu.com/ubuntu/pool/main/f/freetype/li...
      Size/MD5:   260946 6f6a9a19f4d5d2a38010f870f92a3ac7
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/li...
      Size/MD5:   419126 6f4f30c89cd5a6aa9ae70e3c8fd3b4a7

http://security.ubuntu.com/ubuntu/pool/universe/f/freetyp...
      Size/MD5:   188710 80c5ffb5c6fafecf803d15a7548955bb

  armel architecture (ARM Architecture):

    http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6...
      Size/MD5:   680550 a8bf9b11ea4cc3fc3248330a421276da
    http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6...
      Size/MD5:   226664 c59d47b6fff355a63c21f7e2f84fc03c
    http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6...
      Size/MD5:   386430 b65cc13cb556751be1f5ae16209e24e8
    http://ports.ubuntu.com/pool/universe/f/freetype/freetype...
      Size/MD5:   181664 549971c42e61738d539043e0f0014589

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6...
      Size/MD5:   728122 c3e6aff177d23bcf89b66ff1dc89584a
    http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6...
      Size/MD5:   266712 c84be15349bf756628eacce1d999a5aa
    http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6...
      Size/MD5:   424760 8ab8ea3b38636dae74e494c71b137ee2
    http://ports.ubuntu.com/pool/universe/f/freetype/freetype...
      Size/MD5:   196678 b3be901eca1e700032bb1122e2d367e4

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6...
      Size/MD5:   707196 603aac21ca135aecf9b3d0004b3e475e
    http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6...
      Size/MD5:   250792 8263eabb07df9b3fb7fa25853b405ba6
    http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6...
      Size/MD5:   408244 540c50a20561ef70b87c495c2d002498
    http://ports.ubuntu.com/pool/universe/f/freetype/freetype...
      Size/MD5:   198290 a63494895caa01bdc2cb453cd4ce8edd

Updated packages for Ubuntu 10.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/fr...
      Size/MD5:    36601 a0ed6b010917740b4bd18b5ca44f9667
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/fr...
      Size/MD5:     1951 2b84d228577f372bf1464c64453d03f1
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/fr...
      Size/MD5:  1698742 291045832ef23f34acc8cca7bd0ab834

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):


http://security.ubuntu.com/ubuntu/pool/main/f/freetype/li...
      Size/MD5:   746498 e9872033efee7e7b1a57c9d32581714a

http://security.ubuntu.com/ubuntu/pool/main/f/freetype/li...
      Size/MD5:   280070 dbdf68d1a325881ea7a6deae1099115a
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/li...
      Size/MD5:   374776 3275bf30a9c4a407ab37d16786a04902

http://security.ubuntu.com/ubuntu/pool/universe/f/freetyp...
      Size/MD5:   219850 02932e914c743020acefb46b208e0ac6

  i386 architecture (x86 compatible Intel/AMD):


http://security.ubuntu.com/ubuntu/pool/main/f/freetype/li...
      Size/MD5:   710936 aa3c4f0c2cb533023864cabdcdc2ae8e

http://security.ubuntu.com/ubuntu/pool/main/f/freetype/li...
      Size/MD5:   263022 1dc54a922415e8781f1b2b32fbb95058
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/li...
      Size/MD5:   357254 fcf8acef6a9b0e9bb1c99d7e0a6116e2

http://security.ubuntu.com/ubuntu/pool/universe/f/freetyp...
      Size/MD5:   188162 666b179ebf4f7f91697ddd03e7b8893b

  armel architecture (ARM Architecture):

    http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6...
      Size/MD5:   720942 07cfe55096aa917c2bddd4ff1a0321fa
    http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6...
      Size/MD5:   261664 33fe05c10b48c3a148fd0ddacf2fd5db
    http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6...
      Size/MD5:   356342 d1b59ea2a3bd16477acb015eaf5702d2
    http://ports.ubuntu.com/pool/universe/f/freetype/freetype...
      Size/MD5:   257224 9029a6dbd6bc67d7b6883e38677dd3f7

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6...
      Size/MD5:   735022 967b8974c76af5c5070487e2583847a6
    http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6...
      Size/MD5:   268782 9507270b17d9c7c72b5a7d7096d7dde1
    http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6...
      Size/MD5:   363396 ebb7926873c303ae6193592c062f4e3d
    http://ports.ubuntu.com/pool/universe/f/freetype/freetype...
      Size/MD5:   195860 0d8712e5abf9656be18982f7ac1fda07



-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security...
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds