User: Password:
|
|
Subscribe / Log in / New account

Scientific Linux alert SL-t1li-20120125 (t1lib)

From:  riehecky@fnal.gov
To:  scientific-linux-errata@fnal.gov
Subject:  Security ERRATA Moderate: t1lib on SL6.x i386/x86_64
Date:  Wed, 25 Jan 2012 15:20:23 -0600
Message-ID:  <201201252120.q0PLKN4o026391@fefmon2.fnal.gov>
Archive-link:  Article, Thread

Synopsis: Moderate: t1lib security update Issue Date: 2012-01-24 CVE Numbers: CVE-2010-2642 CVE-2011-0433 CVE-2011-1552 CVE-2011-1553 CVE-2011-1554 CVE-2011-0764 The t1lib library allows you to rasterize bitmaps from PostScript Type 1 fonts. Two heap-based buffer overflow flaws were found in the way t1lib processed Adobe Font Metrics (AFM) files. If a specially-crafted font file was opened by an application linked against t1lib, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2642, CVE-2011-0433) An invalid pointer dereference flaw was found in t1lib. A specially-crafted font file could, when opened, cause an application linked against t1lib to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0764) A use-after-free flaw was found in t1lib. A specially-crafted font file could, when opened, cause an application linked against t1lib to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-1553) An off-by-one flaw was found in t1lib. A specially-crafted font file could, when opened, cause an application linked against t1lib to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-1554) An out-of-bounds memory read flaw was found in t1lib. A specially-crafted font file could, when opened, cause an application linked against t1lib to crash. (CVE-2011-1552) All users of t1lib are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All applications linked against t1lib must be restarted for this update to take effect. SL6: i386 t1lib-5.1.2-6.el6_2.1.i686.rpm t1lib-apps-5.1.2-6.el6_2.1.i686.rpm t1lib-debuginfo-5.1.2-6.el6_2.1.i686.rpm t1lib-devel-5.1.2-6.el6_2.1.i686.rpm t1lib-static-5.1.2-6.el6_2.1.i686.rpm x86_64 t1lib-5.1.2-6.el6_2.1.i686.rpm t1lib-5.1.2-6.el6_2.1.x86_64.rpm t1lib-apps-5.1.2-6.el6_2.1.x86_64.rpm t1lib-debuginfo-5.1.2-6.el6_2.1.i686.rpm t1lib-debuginfo-5.1.2-6.el6_2.1.x86_64.rpm t1lib-devel-5.1.2-6.el6_2.1.i686.rpm t1lib-devel-5.1.2-6.el6_2.1.x86_64.rpm t1lib-static-5.1.2-6.el6_2.1.x86_64.rpm - Scientific Linux Development Team


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds