Nom du paquet
freetype2
Date
2010-11-16
Advisory ID
MDVSA-2010:236
Affected versions
2009.0 x86_64 , MES5 i586 , 2010.0 x86_64 , 2010.1 i586 , 2010.0 i586 , 2009.0 i586 , MES5 x86_64 , 2010.1 x86_64

Problem description

Multiple vulnerabilities were discovered and corrected in freetype2:

An error within the "Ins_SHZ()" function in src/truetype/ttinterp.c
when handling the "SHZ" bytecode instruction can be exploited to
cause a crash and potentially execute arbitrary code via a specially
crafted font (CVE-2010-3814).

An error exists in the "ft_var_readpackedpoints()" function in
src/truetype/ttgxvar.c when processing TrueType GX fonts and can
be exploited to cause a heap-based buffer overflow via a specially
crafted font (CVE-2010-3855).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct these issues.

Updated packages

2009.0 x86_64

 13c5119d8dfc4083d04721db113c63ea  2009.0/x86_64/lib64freetype6-2.3.7-1.6mdv2009.0.x86_64.rpm
 4f7ae5925648e4075f86ff92b585f79b  2009.0/x86_64/lib64freetype6-devel-2.3.7-1.6mdv2009.0.x86_64.rpm
 9fb5c35fcf406d9c67cf33761afba2c6  2009.0/x86_64/lib64freetype6-static-devel-2.3.7-1.6mdv2009.0.x86_64.rpm 
 d3d00802f5a9f8d55ff93d4a52dd688c  2009.0/SRPMS/freetype2-2.3.7-1.6mdv2009.0.src.rpm

MES5 i586

 25b4a3057e313046cc9d2e26f5ba362b  mes5/i586/libfreetype6-2.3.7-1.6mdvmes5.1.i586.rpm
 5efa3b889126e463458ced59bbf8af5c  mes5/i586/libfreetype6-devel-2.3.7-1.6mdvmes5.1.i586.rpm
 f00793f1397da865668b4d1492256c26  mes5/i586/libfreetype6-static-devel-2.3.7-1.6mdvmes5.1.i586.rpm 
 98f415cf6b6882d33c5ba10cc0187ad7  mes5/SRPMS/freetype2-2.3.7-1.6mdvmes5.1.src.rpm

2010.0 x86_64

 990e0f8f9c48ecc8742627e332d10b1d  2010.0/x86_64/lib64freetype6-2.3.11-1.5mdv2010.0.x86_64.rpm
 de925c563f99b740e92da35731391ef5  2010.0/x86_64/lib64freetype6-devel-2.3.11-1.5mdv2010.0.x86_64.rpm
 e0366af7b4cff9c34401327a75995cf1  2010.0/x86_64/lib64freetype6-static-devel-2.3.11-1.5mdv2010.0.x86_64.rpm 
 2437d79143005ecefd9a2dc68eead49e  2010.0/SRPMS/freetype2-2.3.11-1.5mdv2010.0.src.rpm

2010.1 i586

 01f6fbfe44fc14e3d722cfcb71c586df  2010.1/i586/libfreetype6-2.3.12-1.5mdv2010.1.i586.rpm
 d31b39ca425c3e0d8451846f72a7c689  2010.1/i586/libfreetype6-devel-2.3.12-1.5mdv2010.1.i586.rpm
 f23ba4780eb8a76db9bc150ef483908f  2010.1/i586/libfreetype6-static-devel-2.3.12-1.5mdv2010.1.i586.rpm 
 25686c4566e01ee72bdd430c1f1f8cf4  2010.1/SRPMS/freetype2-2.3.12-1.5mdv2010.1.src.rpm

2010.0 i586

 e58fd78a9c1a360d9835c1fa7523348a  2010.0/i586/libfreetype6-2.3.11-1.5mdv2010.0.i586.rpm
 90d269a594a134659ee5484a624ceec9  2010.0/i586/libfreetype6-devel-2.3.11-1.5mdv2010.0.i586.rpm
 464fdcfbaa4692ff68ef046387ca812e  2010.0/i586/libfreetype6-static-devel-2.3.11-1.5mdv2010.0.i586.rpm 
 2437d79143005ecefd9a2dc68eead49e  2010.0/SRPMS/freetype2-2.3.11-1.5mdv2010.0.src.rpm

2009.0 i586

 0f513dab45a0f16a10ccb262c591a29b  2009.0/i586/libfreetype6-2.3.7-1.6mdv2009.0.i586.rpm
 3e68fe984797044db4662aaea7043e5d  2009.0/i586/libfreetype6-devel-2.3.7-1.6mdv2009.0.i586.rpm
 eddda257a00f7c7ad8546d2a366a4cf6  2009.0/i586/libfreetype6-static-devel-2.3.7-1.6mdv2009.0.i586.rpm 
 d3d00802f5a9f8d55ff93d4a52dd688c  2009.0/SRPMS/freetype2-2.3.7-1.6mdv2009.0.src.rpm

MES5 x86_64

 d0d498a0b58b69bbd08f589c63bbd6ab  mes5/x86_64/lib64freetype6-2.3.7-1.6mdvmes5.1.x86_64.rpm
 7818f1757da1c3c9aab94d0d8ff6d96a  mes5/x86_64/lib64freetype6-devel-2.3.7-1.6mdvmes5.1.x86_64.rpm
 bfd7ba00ded60ba19982eeea50300d73  mes5/x86_64/lib64freetype6-static-devel-2.3.7-1.6mdvmes5.1.x86_64.rpm 
 98f415cf6b6882d33c5ba10cc0187ad7  mes5/SRPMS/freetype2-2.3.7-1.6mdvmes5.1.src.rpm

2010.1 x86_64

 718089405b4c06c26ca35b943003f20f  2010.1/x86_64/lib64freetype6-2.3.12-1.5mdv2010.1.x86_64.rpm
 c5c9aa34d66e26f966038102a784e0ef  2010.1/x86_64/lib64freetype6-devel-2.3.12-1.5mdv2010.1.x86_64.rpm
 ce2da681b1b8b741c4c095fde5a86588  2010.1/x86_64/lib64freetype6-static-devel-2.3.12-1.5mdv2010.1.x86_64.rpm 
 25686c4566e01ee72bdd430c1f1f8cf4  2010.1/SRPMS/freetype2-2.3.12-1.5mdv2010.1.src.rpm

References