User: Password:
|
|
Subscribe / Log in / New account

Pardus alert 2010-100 (freetype)

From:  Eren Turkay <eren@pardus.org.tr>
To:  pardus-security@pardus.org.tr
Subject:  [Pardus-security] [PLSA 2010-100] Freetype: Multiple Vulnerabilities
Date:  Mon, 2 Aug 2010 09:40:27 +0300 (EEST)
Message-ID:  <20100802064027.E9F18A7AB8E@lider.pardus.org.tr>
Archive-link:  Article, Thread

------------------------------------------------------------------------ Pardus Linux Security Advisory 2010-100 security@pardus.org.tr ------------------------------------------------------------------------ Date: 2010-08-02 Severity: 3 Type: Remote ------------------------------------------------------------------------ Summary ======= Multiple vulnerabilities have been fixed in freetype. Description =========== CVE-2010-2498: An invalid memory management flaw was found in the way the FreeType font engine processed font files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. CVE-2010-2500: An integer overflow flaw was found in the way the FreeType font engine processed font files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. CVE-2010-2499, CVE-2010-2519: Several buffer overflow flaws were found in the way the FreeType font engine processed font files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. CVE-2010-2527, CVE-2010-2541: Several buffer overflow flaws were found in the FreeType demo applications. If a user loaded a carefully-crafted font file with a demo application, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. Affected packages: Pardus 2009: freetype, all before 2.4.0-41-10 Resolution ========== There are update(s) for freetype. You can update them via Package Manager or with a single command from console: pisi up freetype References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=13700 ------------------------------------------------------------------------ _______________________________________________ Pardus-security mailing list Pardus-security@pardus.org.tr http://liste.pardus.org.tr/mailman/listinfo/pardus-security


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds