MDVSA-2009:243-1

Nom du paquet

freetype2

Date

2009-09-22

Advisory ID

MDVSA-2009:243-1

Affected versions

2009.1 i586 , 2009.1 x86_64

Problem description

Multiple integer overflows in FreeType 2.3.9 and earlier allow remote
attackers to execute arbitrary code via vectors related to large
values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c,
and (3) cff/cffload.c.

This update corrects the problem.

Update:

Correct a problem in the 2009.1 update of the lzw handling code.

Updated packages

2009.1 i586

 f108254fbde4df7a0b36ca1985a9fb33  2009.1/i586/libfreetype6-2.3.9-1.2mdv2009.1.i586.rpm
 035e670c22b49b87695c9f05acb8934a  2009.1/i586/libfreetype6-devel-2.3.9-1.2mdv2009.1.i586.rpm
 71c14147686855d6bfd784b13620253f  2009.1/i586/libfreetype6-static-devel-2.3.9-1.2mdv2009.1.i586.rpm 
 222b4d88df142524f60b5bbb91854f8d  2009.1/SRPMS/freetype2-2.3.9-1.2mdv2009.1.src.rpm

2009.1 x86_64

 01af6de5f9ea9efe4791468762b17177  2009.1/x86_64/lib64freetype6-2.3.9-1.2mdv2009.1.x86_64.rpm
 2612b961ba878228925cc79b40134f95  2009.1/x86_64/lib64freetype6-devel-2.3.9-1.2mdv2009.1.x86_64.rpm
 1fe30e15897c5e6a3004a29106ac3f8c  2009.1/x86_64/lib64freetype6-static-devel-2.3.9-1.2mdv2009.1.x86_64.rpm 
 222b4d88df142524f60b5bbb91854f8d  2009.1/SRPMS/freetype2-2.3.9-1.2mdv2009.1.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0946