Support / Security / Advisories / Mandriva Enterprise Server 5 / MDVSA-2011:157

Package name: freetype2
Date: 2011-10-21
Advisory ID: MDVSA-2011:157
Affected versions: MES5 i586 , 2010.1 i586 , 2011 x86_64 , 2011 i586 , MES5 x86_64 , 2010.1 x86_64

Problem description

A vulnerability has been discovered and corrected in freetype2:

FreeType allows remote attackers to execute arbitrary code or
cause a denial of service (memory corruption) via a crafted font
(CVE-2011-3256).

A regression was found in freetype2 in Mandriva Enterprise Server 5
that caused ugly font rendering with firefox (#63892).

Additionally, improvements conserning the LZW handling (as noted in
the freetype-2.4.7 version) was added.

The updated packages have been patched to correct these issues.

Updated packages

MES5 i586

 097b5a0bc581233000e5e4612101d500  mes5/i586/libfreetype6-2.3.7-1.8mdvmes5.2.i586.rpm
 17c6796fb526c1c3e53074e0834db5c3  mes5/i586/libfreetype6-devel-2.3.7-1.8mdvmes5.2.i586.rpm
 c3e708211d845e14ad63bfe14e108d6c  mes5/i586/libfreetype6-static-devel-2.3.7-1.8mdvmes5.2.i586.rpm 
 13576b846900d36ed12b74f7ef612850  mes5/SRPMS/freetype2-2.3.7-1.8mdvmes5.2.src.rpm

2010.1 i586

 5cb7a45af29372a1b91c23088a3be78f  2010.1/i586/libfreetype6-2.3.12-1.7mdv2010.2.i586.rpm
 18b8a3231fab96584207b6e8a4a8e81d  2010.1/i586/libfreetype6-devel-2.3.12-1.7mdv2010.2.i586.rpm
 7d6147c1638bcb6d16cee6e2a9939f27  2010.1/i586/libfreetype6-static-devel-2.3.12-1.7mdv2010.2.i586.rpm 
 77690084036cd92f1f19333d383897ad  2010.1/SRPMS/freetype2-2.3.12-1.7mdv2010.2.src.rpm

2011 x86_64

 35eaf601f67489ea952087e2f6339c1f  2011/x86_64/freetype2-demos-2.4.5-2.1-mdv2011.0.x86_64.rpm
 7ccc207101ce7840e5e0abd0f4642067  2011/x86_64/lib64freetype6-2.4.5-2.1-mdv2011.0.x86_64.rpm
 91aec2804157d8817fcab99ede4da4f0  2011/x86_64/lib64freetype6-devel-2.4.5-2.1-mdv2011.0.x86_64.rpm
 92fb10c2f9a1847db4423f1c6c67c0fa  2011/x86_64/lib64freetype6-static-devel-2.4.5-2.1-mdv2011.0.x86_64.rpm 
 86535a7b5e2ccef2e1ba0d037f18e000  2011/SRPMS/freetype2-2.4.5-2.1.src.rpm

2011 i586

 e9fab15c8a7e45a3b59f81ce166cc85d  2011/i586/freetype2-demos-2.4.5-2.1-mdv2011.0.i586.rpm
 3c9cb8ee3857996cc5dc5829dcf8e41e  2011/i586/libfreetype6-2.4.5-2.1-mdv2011.0.i586.rpm
 592bdc4c63e31b7692da26a8ba001528  2011/i586/libfreetype6-devel-2.4.5-2.1-mdv2011.0.i586.rpm
 edc8653f7609c869c0ec20a0fcd012fa  2011/i586/libfreetype6-static-devel-2.4.5-2.1-mdv2011.0.i586.rpm 
 86535a7b5e2ccef2e1ba0d037f18e000  2011/SRPMS/freetype2-2.4.5-2.1.src.rpm

MES5 x86_64

 aa08ec531c3b663dec9fe150316b69f8  mes5/x86_64/lib64freetype6-2.3.7-1.8mdvmes5.2.x86_64.rpm
 c1a715c5816d9db37159000ce71fc4fb  mes5/x86_64/lib64freetype6-devel-2.3.7-1.8mdvmes5.2.x86_64.rpm
 6f59f92a9e60158c4cd53bc7fb34d54d  mes5/x86_64/lib64freetype6-static-devel-2.3.7-1.8mdvmes5.2.x86_64.rpm 
 13576b846900d36ed12b74f7ef612850  mes5/SRPMS/freetype2-2.3.7-1.8mdvmes5.2.src.rpm

2010.1 x86_64

 7ae7f8215e3542d2fb8f6377c7cf4469  2010.1/x86_64/lib64freetype6-2.3.12-1.7mdv2010.2.x86_64.rpm
 6b97bbef06367d203527cfb65bcd899f  2010.1/x86_64/lib64freetype6-devel-2.3.12-1.7mdv2010.2.x86_64.rpm
 2864878ad4d4294790f4e5a00cbe4390  2010.1/x86_64/lib64freetype6-static-devel-2.3.12-1.7mdv2010.2.x86_64.rpm 
 77690084036cd92f1f19333d383897ad  2010.1/SRPMS/freetype2-2.3.12-1.7mdv2010.2.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3256