| |||||||||||||||||||
Fedora alert FEDORA-2012-0289 (t1lib)
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2012-0289 2012-01-11 05:14:16 -------------------------------------------------------------------------------- Name : t1lib Product : Fedora 16 Version : 5.1.2 Release : 9.fc16 URL : ftp://sunsite.unc.edu/pub/Linux/libs/graphics/t1lib-5.1.2... Summary : PostScript Type 1 font rasterizer Description : T1lib is a rasterizer library for Adobe Type 1 Fonts. It supports rotation and transformation, kerning underlining and antialiasing. It does not depend on X11, but does provides some special functions for X11. AFM-files can be generated from Type 1 font files and font subsetting is possible. -------------------------------------------------------------------------------- Update Information: This update fixes several security flaws in t1lib (flaws in AFM parser and when handling specially crafted Type1 fonts). -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 10 2012 Jaroslav Škarvada <jskarvad@redhat.com> - 5.1.2-9 - Add patch to fix CVE-2010-2642, CVE-2011-0433 (afm-fix patch) - New version of patch for CVE-2011-0764, also fixes CVE-2011-1552, CVE-2011-1553, CVE-2011-1554 (type1-inv-rw-fix patch) Resolves: rhbz#772899 - Add explicit NVR requires to apps subpackage (consumes libt1(x).so) - Fix rpmlint warning (mixed-use-of-spaces-and-tabs) * Tue Jan 3 2012 José Matos <jamatos@fedoraproject.org> - 5.1.2-8 - Add patch to fix CVE-2011-0764 -------------------------------------------------------------------------------- References: [ 1 ] Bug #666318 - CVE-2010-2642 evince, t1lib: Heap based buffer overflow in DVI file AFM font parser https://bugzilla.redhat.com/show_bug.cgi?id=666318 [ 2 ] Bug #679732 - CVE-2011-0433 evince, t1lib: Heap-based buffer overflow DVI file AFM font parser https://bugzilla.redhat.com/show_bug.cgi?id=679732 [ 3 ] Bug #692909 - CVE-2011-0764 t1lib: Invalid pointer dereference via crafted Type 1 font https://bugzilla.redhat.com/show_bug.cgi?id=692909 [ 4 ] Bug #692853 - CVE-2011-1552 t1lib: invalid read crash via crafted Type 1 font https://bugzilla.redhat.com/show_bug.cgi?id=692853 [ 5 ] Bug #692854 - CVE-2011-1553 t1lib: Use-after-free via crafted Type 1 font https://bugzilla.redhat.com/show_bug.cgi?id=692854 [ 6 ] Bug #692856 - CVE-2011-1554 t1lib: Off-by-one via crafted Type 1 font https://bugzilla.redhat.com/show_bug.cgi?id=692856 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update t1lib' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-... (Log in to post comments)
|
|||||||||||||||||||