MDVSA-2009:243-2
- Package name
- freetype2
- Date
- 2009-12-05
- Advisory ID
- MDVSA-2009:243-2
- Affected versions
- 2008.0 i586 , 2008.0 x86_64
Problem description
Multiple integer overflows in FreeType 2.3.9 and earlier allow remote
attackers to execute arbitrary code via vectors related to large
values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c,
and (3) cff/cffload.c.
This update corrects the problem.
Update:
Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers
Updated packages
2008.0 i586
ab2bab7fe8862cb5b34eb29d1da21ae5 2008.0/i586/libfreetype6-2.3.5-2.2mdv2008.0.i586.rpm db8544957e7dcc76329dc2912c579a78 2008.0/i586/libfreetype6-devel-2.3.5-2.2mdv2008.0.i586.rpm 69b7be3a3db9012d32b447c15d8831a1 2008.0/i586/libfreetype6-static-devel-2.3.5-2.2mdv2008.0.i586.rpm a41065d92d040af4b20af46eefb69451 2008.0/SRPMS/freetype2-2.3.5-2.2mdv2008.0.src.rpm
2008.0 x86_64
d37a6e8aef8d356c70441b414b848121 2008.0/x86_64/lib64freetype6-2.3.5-2.2mdv2008.0.x86_64.rpm 8401b1d160bf2e326c26a3d7602ff650 2008.0/x86_64/lib64freetype6-devel-2.3.5-2.2mdv2008.0.x86_64.rpm ee316bce2591abed02cbb594a01d17f1 2008.0/x86_64/lib64freetype6-static-devel-2.3.5-2.2mdv2008.0.x86_64.rpm a41065d92d040af4b20af46eefb69451 2008.0/SRPMS/freetype2-2.3.5-2.2mdv2008.0.src.rpm