Paketname
freetype2
Datum
2009-12-05
Advisory ID
MDVSA-2009:243-2
Betroffene Versionen
2008.0 i586 , 2008.0 x86_64

Problembeschreibung

Multiple integer overflows in FreeType 2.3.9 and earlier allow remote
attackers to execute arbitrary code via vectors related to large
values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c,
and (3) cff/cffload.c.

This update corrects the problem.

Update:

Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers

Aktualisierte Pakete

2008.0 i586

 ab2bab7fe8862cb5b34eb29d1da21ae5  2008.0/i586/libfreetype6-2.3.5-2.2mdv2008.0.i586.rpm
 db8544957e7dcc76329dc2912c579a78  2008.0/i586/libfreetype6-devel-2.3.5-2.2mdv2008.0.i586.rpm
 69b7be3a3db9012d32b447c15d8831a1  2008.0/i586/libfreetype6-static-devel-2.3.5-2.2mdv2008.0.i586.rpm 
 a41065d92d040af4b20af46eefb69451  2008.0/SRPMS/freetype2-2.3.5-2.2mdv2008.0.src.rpm

2008.0 x86_64

 d37a6e8aef8d356c70441b414b848121  2008.0/x86_64/lib64freetype6-2.3.5-2.2mdv2008.0.x86_64.rpm
 8401b1d160bf2e326c26a3d7602ff650  2008.0/x86_64/lib64freetype6-devel-2.3.5-2.2mdv2008.0.x86_64.rpm
 ee316bce2591abed02cbb594a01d17f1  2008.0/x86_64/lib64freetype6-static-devel-2.3.5-2.2mdv2008.0.x86_64.rpm 
 a41065d92d040af4b20af46eefb69451  2008.0/SRPMS/freetype2-2.3.5-2.2mdv2008.0.src.rpm

Referenzen