Fedora alert FEDORA-2010-15785 (freetype)
| From: | updates@fedoraproject.org | |
| To: | package-announce@lists.fedoraproject.org | |
| Subject: | [SECURITY] Fedora 12 Update: freetype-2.3.11-6.fc12 | |
| Date: | Mon, 01 Nov 2010 20:53:44 +0000 | |
| Message-ID: | <20101101205344.33CDB110894@bastion02.phx2.fedoraproject.org> | |
| Archive‑link: | Article |
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2010-15785 2010-10-05 09:00:51 -------------------------------------------------------------------------------- Name : freetype Product : Fedora 12 Version : 2.3.11 Release : 6.fc12 URL : http://www.freetype.org Summary : A free and portable font rendering engine Description : The FreeType engine is a free and portable font rendering engine, developed to provide advanced font support for a variety of platforms and environments. FreeType is a library which can open and manages font files as well as efficiently load, hint and render individual glyphs. FreeType is not a font server or a complete text-rendering library. -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 4 2010 Marek Kasik <mkasik@redhat.com> 2.3.11-6 - Add freetype-2.3.11-CVE-2010-2805.patch (Fix comparison.) - Add freetype-2.3.11-CVE-2010-2806.patch (Protect against negative string_size. Fix comparison.) - Add freetype-2.3.11-CVE-2010-2808.patch (Check the total length of collected POST segments.) - Add freetype-2.3.11-CVE-2010-3311.patch (Don't seek behind end of stream.) - Resolves: #638522 * Mon Oct 4 2010 Marek Kasik <mkasik@redhat.com> 2.3.11-5 - Add freetype-2.3.11-CVE-2010-1797.patch (Check stack after execution of operations too. Skip the evaluations of the values in decoder, if cff_decoder_parse_charstrings() returns any error.) - Resolves: #621627 * Fri Oct 1 2010 Marek Kasik <mkasik@redhat.com> 2.3.11-4 - Add freetype-2.3.11-CVE-2010-2498.patch (Assure that `end_point' is not larger than `glyph->num_points') - Add freetype-2.3.11-CVE-2010-2499.patch (Check the buffer size during gathering PFB fragments) - Add freetype-2.3.11-CVE-2010-2500.patch (Use smaller threshold values for `width' and `height') - Add freetype-2.3.11-CVE-2010-2519.patch (Check `rlen' the length of fragment declared in the POST fragment header) - Add freetype-2.3.11-CVE-2010-2520.patch (Fix bounds check) - Add freetype-2.3.11-CVE-2010-2527.patch (Use precision for `%s' where appropriate to avoid buffer overflows) - Add freetype-2.3.11-CVE-2010-2541.patch (Avoid overflow when dealing with names of axes) - Resolves: #613299 * Thu Dec 3 2009 Behdad Esfahbod <behdad@redhat.com> 2.3.11-3 - Add freetype-2.3.11-more-demos.patch - New demo programs ftmemchk, ftpatchk, and fttimer * Thu Dec 3 2009 Behdad Esfahbod <behdad@redhat.com> 2.3.11-2 - Second try. Drop upstreamed patches. * Thu Dec 3 2009 Behdad Esfahbod <behdad@redhat.com> 2.3.11-1 - 2.3.11 -------------------------------------------------------------------------------- References: [ 1 ] Bug #613160 - CVE-2010-2498 freetype: invalid free vulnerability with possible heap corruption https://bugzilla.redhat.com/show_bug.cgi?id=613160 [ 2 ] Bug #613162 - CVE-2010-2499 freetype: buffer overflow vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=613162 [ 3 ] Bug #613167 - CVE-2010-2500 freetype: integer overflow vulnerability in smooth/ftgrays.c https://bugzilla.redhat.com/show_bug.cgi?id=613167 [ 4 ] Bug #613194 - CVE-2010-2519 freetype: heap buffer overflow vulnerability when processing certain font files https://bugzilla.redhat.com/show_bug.cgi?id=613194 [ 5 ] Bug #613198 - CVE-2010-2520 freetype: heap buffer overflow vulnerability in truetype bytecode support https://bugzilla.redhat.com/show_bug.cgi?id=613198 [ 6 ] Bug #614557 - CVE-2010-2527 Freetype demos multiple buffer overflows https://bugzilla.redhat.com/show_bug.cgi?id=614557 [ 7 ] Bug #617342 - CVE-2010-2541 Freetype ftmulti buffer overflow https://bugzilla.redhat.com/show_bug.cgi?id=617342 [ 8 ] Bug #621144 - CVE-2010-1797 FreeType: Multiple stack overflows by processing CFF opcodes https://bugzilla.redhat.com/show_bug.cgi?id=621144 [ 9 ] Bug #621907 - CVE-2010-2808 FreeType: Stack-based buffer overflow by processing certain LWFN fonts https://bugzilla.redhat.com/show_bug.cgi?id=621907 [ 10 ] Bug #621980 - CVE-2010-2806 FreeType: Heap-based buffer overflow by processing FontType42 fonts with negative length of SFNT strings (FT bug #30656) https://bugzilla.redhat.com/show_bug.cgi?id=621980 [ 11 ] Bug #623625 - CVE-2010-3311 freetype: Input stream position error by processing Compact Font Format (CFF) font files https://bugzilla.redhat.com/show_bug.cgi?id=623625 [ 12 ] Bug #625626 - CVE-2010-2805 freetype: FT_Stream_EnterFrame() does not properly validate certain position values https://bugzilla.redhat.com/show_bug.cgi?id=625626 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update freetype' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-...