Package name
freetype2
Date
2010-10-13
Advisory ID
MDVSA-2010:201
Affected versions
2009.0 x86_64 , MES5 i586 , 2010.1 i586 , 2010.0 x86_64 , 2010.0 i586 , 2009.1 i586 , 2009.0 i586 , CS4.0 i586 , CS4.0 x86_64 , 2009.1 x86_64 , MES5 x86_64 , 2010.1 x86_64

Problem description

A vulnerability was discovered and corrected in freetype2:

Marc Schoenefeld found an input stream position error in the way
FreeType font rendering engine processed input file streams. If
a user loaded a specially-crafted font file with an application
linked against FreeType and relevant font glyphs were subsequently
rendered with the X FreeType library (libXft), it could cause the
application to crash or, possibly execute arbitrary code (integer
overflow leading to heap-based buffer overflow in the libXft library)
with the privileges of the user running the application. Different
vulnerability than CVE-2010-1797 (CVE-2010-3311).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct this issue.

Updated packages

2009.0 x86_64

 30127aa3b8f70207269911dc74d5d1f6  2009.0/x86_64/lib64freetype6-2.3.7-1.5mdv2009.0.x86_64.rpm
 3b6020558fbaf3651ff7c3ca13f1b7dc  2009.0/x86_64/lib64freetype6-devel-2.3.7-1.5mdv2009.0.x86_64.rpm
 0f572c7db1071b843ef103226f058bf8  2009.0/x86_64/lib64freetype6-static-devel-2.3.7-1.5mdv2009.0.x86_64.rpm 
 9a95af00a0336bbd89965d410ecf7dbf  2009.0/SRPMS/freetype2-2.3.7-1.5mdv2009.0.src.rpm

MES5 i586

 f990681b978c21632695ce8026e00e7f  mes5/i586/libfreetype6-2.3.7-1.5mdvmes5.1.i586.rpm
 4b46a043a230f88dbd8df174ce52bf61  mes5/i586/libfreetype6-devel-2.3.7-1.5mdvmes5.1.i586.rpm
 4520f9874288317c70d769b22f36cb72  mes5/i586/libfreetype6-static-devel-2.3.7-1.5mdvmes5.1.i586.rpm 
 e9b104e41904bf0e23fd551ad7537696  mes5/SRPMS/freetype2-2.3.7-1.5mdvmes5.1.src.rpm

2010.1 i586

 be9c8f1b5cd2f417f0ae646bc8cbc0f2  2010.1/i586/libfreetype6-2.3.12-1.4mdv2010.1.i586.rpm
 87165bb194725472642623489e13c3d2  2010.1/i586/libfreetype6-devel-2.3.12-1.4mdv2010.1.i586.rpm
 f6b9da29780ed1c3d4192a2de2df965a  2010.1/i586/libfreetype6-static-devel-2.3.12-1.4mdv2010.1.i586.rpm 
 8f9e6f8272bdd85b655f77c3bc0f1186  2010.1/SRPMS/freetype2-2.3.12-1.4mdv2010.1.src.rpm

2010.0 x86_64

 8bb4d116a20020735920acdef6edb36c  2010.0/x86_64/lib64freetype6-2.3.11-1.4mdv2010.0.x86_64.rpm
 3e71bd23288d28261e6494389a945c8d  2010.0/x86_64/lib64freetype6-devel-2.3.11-1.4mdv2010.0.x86_64.rpm
 7c720ab93b651535c31fa51ff7a4062d  2010.0/x86_64/lib64freetype6-static-devel-2.3.11-1.4mdv2010.0.x86_64.rpm 
 a1cb1cc205c73df55e5576c3d53dfe5b  2010.0/SRPMS/freetype2-2.3.11-1.4mdv2010.0.src.rpm

2010.0 i586

 81e94386ee8cd6641a46dce9df0efcae  2010.0/i586/libfreetype6-2.3.11-1.4mdv2010.0.i586.rpm
 e585d63da11b17c74f456ea97368ae97  2010.0/i586/libfreetype6-devel-2.3.11-1.4mdv2010.0.i586.rpm
 6f08eacbc92f4b8ea2e2880c97890f9e  2010.0/i586/libfreetype6-static-devel-2.3.11-1.4mdv2010.0.i586.rpm 
 a1cb1cc205c73df55e5576c3d53dfe5b  2010.0/SRPMS/freetype2-2.3.11-1.4mdv2010.0.src.rpm

2009.1 i586

 06b12f4db64361f3d7b749ea97b23573  2009.1/i586/libfreetype6-2.3.9-1.6mdv2009.1.i586.rpm
 bfe315852b8d3e9595796f9c9933694f  2009.1/i586/libfreetype6-devel-2.3.9-1.6mdv2009.1.i586.rpm
 2b493d1661300189e5551acf31822088  2009.1/i586/libfreetype6-static-devel-2.3.9-1.6mdv2009.1.i586.rpm 
 2a72ac2132ed6513dd1b2f93e06364fe  2009.1/SRPMS/freetype2-2.3.9-1.6mdv2009.1.src.rpm

2009.0 i586

 248523a7d7a2c3d6a85cb88513f3a830  2009.0/i586/libfreetype6-2.3.7-1.5mdv2009.0.i586.rpm
 d732b628d679e6c1f1825fc8651dbba4  2009.0/i586/libfreetype6-devel-2.3.7-1.5mdv2009.0.i586.rpm
 eba4f60c32555f0cccee21bd1604ecdd  2009.0/i586/libfreetype6-static-devel-2.3.7-1.5mdv2009.0.i586.rpm 
 9a95af00a0336bbd89965d410ecf7dbf  2009.0/SRPMS/freetype2-2.3.7-1.5mdv2009.0.src.rpm

CS4.0 i586

 c86147b513f4c157f6790a2e4ada0fd2  corporate/4.0/i586/libfreetype6-2.1.10-9.13.20060mlcs4.i586.rpm
 a9fa44acaef91683cad125612df13c92  corporate/4.0/i586/libfreetype6-devel-2.1.10-9.13.20060mlcs4.i586.rpm
 a4aae0884a8a56d305a15b3d46f42cee  corporate/4.0/i586/libfreetype6-static-devel-2.1.10-9.13.20060mlcs4.i586.rpm 
 0a1de080fd2d95e2bfd3a89f3e941742  corporate/4.0/SRPMS/freetype2-2.1.10-9.13.20060mlcs4.src.rpm

CS4.0 x86_64

 f38670ff2950f26aca44a5aae5668487  corporate/4.0/x86_64/lib64freetype6-2.1.10-9.13.20060mlcs4.x86_64.rpm
 23de0669bb0c18c43ca3f4c4143a2a45  corporate/4.0/x86_64/lib64freetype6-devel-2.1.10-9.13.20060mlcs4.x86_64.rpm
 487f9047aa914a9ff87fe4642e1dea9f  corporate/4.0/x86_64/lib64freetype6-static-devel-2.1.10-9.13.20060mlcs4.x86_64.rpm 
 0a1de080fd2d95e2bfd3a89f3e941742  corporate/4.0/SRPMS/freetype2-2.1.10-9.13.20060mlcs4.src.rpm

2009.1 x86_64

 9b0158596861029412f697767cfce475  2009.1/x86_64/lib64freetype6-2.3.9-1.6mdv2009.1.x86_64.rpm
 9389f0616c2633adec3ee5dc0788d0d3  2009.1/x86_64/lib64freetype6-devel-2.3.9-1.6mdv2009.1.x86_64.rpm
 da638cb0fc6f198e195fefc94ae4d052  2009.1/x86_64/lib64freetype6-static-devel-2.3.9-1.6mdv2009.1.x86_64.rpm 
 2a72ac2132ed6513dd1b2f93e06364fe  2009.1/SRPMS/freetype2-2.3.9-1.6mdv2009.1.src.rpm

MES5 x86_64

 d6c2911551cc1cc010b0b64e8e0b842b  mes5/x86_64/lib64freetype6-2.3.7-1.5mdvmes5.1.x86_64.rpm
 d772a09bece742077abae2a96a2f7ebd  mes5/x86_64/lib64freetype6-devel-2.3.7-1.5mdvmes5.1.x86_64.rpm
 d0ecc6df23b6aa94fdaf945756d47ccd  mes5/x86_64/lib64freetype6-static-devel-2.3.7-1.5mdvmes5.1.x86_64.rpm 
 e9b104e41904bf0e23fd551ad7537696  mes5/SRPMS/freetype2-2.3.7-1.5mdvmes5.1.src.rpm

2010.1 x86_64

 426a77c1681ccb983b4421025a705622  2010.1/x86_64/lib64freetype6-2.3.12-1.4mdv2010.1.x86_64.rpm
 8847d5d1a4aa7a007e97e60dc638fcb1  2010.1/x86_64/lib64freetype6-devel-2.3.12-1.4mdv2010.1.x86_64.rpm
 1d61007c529ec3775d30fd417829590a  2010.1/x86_64/lib64freetype6-static-devel-2.3.12-1.4mdv2010.1.x86_64.rpm 
 8f9e6f8272bdd85b655f77c3bc0f1186  2010.1/SRPMS/freetype2-2.3.12-1.4mdv2010.1.src.rpm

References