MDVSA-2008:121-1

Package name

freetype2

Date

2008-10-31

Advisory ID

MDVSA-2008:121-1

Affected versions

CS3.0 i586 , CS4.0 x86_64 , MNF2.0 i586 , CS3.0 x86_64 , CS4.0 i586

Problem description

Multiple vulnerabilities were discovered in FreeType's Printer
Font Binary (PFB) font-file format parser. If a user were to load a
carefully crafted font file with a program linked against FreeType, it
could cause the application to crash or potentially execute arbitrary
code (CVE-2008-1806, CVE-2008-1807, CVE-2008-1808).

The updated packages have been patched to prevent this issue.

Update:

The patches used to correct the problem on Corporate Server 4.0 and
Corporate 3.0 contained a problem where certain fonts would not be
displayed and would cause applications, such as drakfont, to crash.
This update corrects the regression.

Updated packages

CS3.0 i586

 10bc65d19c7ffb41cc0a942743f2024f  corporate/3.0/i586/libfreetype6-2.1.7-4.7.C30mdk.i586.rpm
 9f001f0e2f90e8ce736f1c9394c880dc  corporate/3.0/i586/libfreetype6-devel-2.1.7-4.7.C30mdk.i586.rpm
 547f573b07d7c440523d3e0b9b80862f  corporate/3.0/i586/libfreetype6-static-devel-2.1.7-4.7.C30mdk.i586.rpm 
 6145881addf92048de2d974499dfa744  corporate/3.0/SRPMS/freetype2-2.1.7-4.7.C30mdk.src.rpm

CS4.0 x86_64

 73f26c9a34918a8bf0f401a2cc10b791  corporate/4.0/x86_64/lib64freetype6-2.1.10-9.8.20060mlcs4.x86_64.rpm
 147185a6093063ec016bd7415c24c68c  corporate/4.0/x86_64/lib64freetype6-devel-2.1.10-9.8.20060mlcs4.x86_64.rpm
 8d4565b5c527bc168e7261845d707b38  corporate/4.0/x86_64/lib64freetype6-static-devel-2.1.10-9.8.20060mlcs4.x86_64.rpm 
 6bf2a907f843cf288527fc9119e9278c  corporate/4.0/SRPMS/freetype2-2.1.10-9.8.20060mlcs4.src.rpm

MNF2.0 i586

 10bc65d19c7ffb41cc0a942743f2024f  mnf/2.0/i586/libfreetype6-2.1.7-4.7.C30mdk.i586.rpm 
 6145881addf92048de2d974499dfa744  mnf/2.0/SRPMS/freetype2-2.1.7-4.7.C30mdk.src.rpm

CS3.0 x86_64

 1fd7ce0fc7ecaae5372d0c48d571c4c3  corporate/3.0/x86_64/lib64freetype6-2.1.7-4.7.C30mdk.x86_64.rpm
 536cf56aa4d1cda0ba57efc20f1d6d82  corporate/3.0/x86_64/lib64freetype6-devel-2.1.7-4.7.C30mdk.x86_64.rpm
 3ae4115db4b418291a4847efa2981225  corporate/3.0/x86_64/lib64freetype6-static-devel-2.1.7-4.7.C30mdk.x86_64.rpm 
 6145881addf92048de2d974499dfa744  corporate/3.0/SRPMS/freetype2-2.1.7-4.7.C30mdk.src.rpm

CS4.0 i586

 31c49be01e2eea8244eae4713af3e655  corporate/4.0/i586/libfreetype6-2.1.10-9.8.20060mlcs4.i586.rpm
 b173159062c74e26ba2ad9c1e4c61cd9  corporate/4.0/i586/libfreetype6-devel-2.1.10-9.8.20060mlcs4.i586.rpm
 e5a90208d2a5643f3884d1b3f0fa15ec  corporate/4.0/i586/libfreetype6-static-devel-2.1.10-9.8.20060mlcs4.i586.rpm 
 6bf2a907f843cf288527fc9119e9278c  corporate/4.0/SRPMS/freetype2-2.1.10-9.8.20060mlcs4.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1808
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1807
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1806