MDVSA-2010:236
- Nom du paquet
- freetype2
- Date
- 2010-11-16
- Advisory ID
- MDVSA-2010:236
- Affected versions
- 2009.0 x86_64 , MES5 i586 , 2010.0 x86_64 , 2010.1 i586 , 2010.0 i586 , 2009.0 i586 , MES5 x86_64 , 2010.1 x86_64
Problem description
Multiple vulnerabilities were discovered and corrected in freetype2:
An error within the "Ins_SHZ()" function in src/truetype/ttinterp.c
when handling the "SHZ" bytecode instruction can be exploited to
cause a crash and potentially execute arbitrary code via a specially
crafted font (CVE-2010-3814).
An error exists in the "ft_var_readpackedpoints()" function in
src/truetype/ttgxvar.c when processing TrueType GX fonts and can
be exploited to cause a heap-based buffer overflow via a specially
crafted font (CVE-2010-3855).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct these issues.
Updated packages
2009.0 x86_64
13c5119d8dfc4083d04721db113c63ea 2009.0/x86_64/lib64freetype6-2.3.7-1.6mdv2009.0.x86_64.rpm 4f7ae5925648e4075f86ff92b585f79b 2009.0/x86_64/lib64freetype6-devel-2.3.7-1.6mdv2009.0.x86_64.rpm 9fb5c35fcf406d9c67cf33761afba2c6 2009.0/x86_64/lib64freetype6-static-devel-2.3.7-1.6mdv2009.0.x86_64.rpm d3d00802f5a9f8d55ff93d4a52dd688c 2009.0/SRPMS/freetype2-2.3.7-1.6mdv2009.0.src.rpm
MES5 i586
25b4a3057e313046cc9d2e26f5ba362b mes5/i586/libfreetype6-2.3.7-1.6mdvmes5.1.i586.rpm 5efa3b889126e463458ced59bbf8af5c mes5/i586/libfreetype6-devel-2.3.7-1.6mdvmes5.1.i586.rpm f00793f1397da865668b4d1492256c26 mes5/i586/libfreetype6-static-devel-2.3.7-1.6mdvmes5.1.i586.rpm 98f415cf6b6882d33c5ba10cc0187ad7 mes5/SRPMS/freetype2-2.3.7-1.6mdvmes5.1.src.rpm
2010.0 x86_64
990e0f8f9c48ecc8742627e332d10b1d 2010.0/x86_64/lib64freetype6-2.3.11-1.5mdv2010.0.x86_64.rpm de925c563f99b740e92da35731391ef5 2010.0/x86_64/lib64freetype6-devel-2.3.11-1.5mdv2010.0.x86_64.rpm e0366af7b4cff9c34401327a75995cf1 2010.0/x86_64/lib64freetype6-static-devel-2.3.11-1.5mdv2010.0.x86_64.rpm 2437d79143005ecefd9a2dc68eead49e 2010.0/SRPMS/freetype2-2.3.11-1.5mdv2010.0.src.rpm
2010.1 i586
01f6fbfe44fc14e3d722cfcb71c586df 2010.1/i586/libfreetype6-2.3.12-1.5mdv2010.1.i586.rpm d31b39ca425c3e0d8451846f72a7c689 2010.1/i586/libfreetype6-devel-2.3.12-1.5mdv2010.1.i586.rpm f23ba4780eb8a76db9bc150ef483908f 2010.1/i586/libfreetype6-static-devel-2.3.12-1.5mdv2010.1.i586.rpm 25686c4566e01ee72bdd430c1f1f8cf4 2010.1/SRPMS/freetype2-2.3.12-1.5mdv2010.1.src.rpm
2010.0 i586
e58fd78a9c1a360d9835c1fa7523348a 2010.0/i586/libfreetype6-2.3.11-1.5mdv2010.0.i586.rpm 90d269a594a134659ee5484a624ceec9 2010.0/i586/libfreetype6-devel-2.3.11-1.5mdv2010.0.i586.rpm 464fdcfbaa4692ff68ef046387ca812e 2010.0/i586/libfreetype6-static-devel-2.3.11-1.5mdv2010.0.i586.rpm 2437d79143005ecefd9a2dc68eead49e 2010.0/SRPMS/freetype2-2.3.11-1.5mdv2010.0.src.rpm
2009.0 i586
0f513dab45a0f16a10ccb262c591a29b 2009.0/i586/libfreetype6-2.3.7-1.6mdv2009.0.i586.rpm 3e68fe984797044db4662aaea7043e5d 2009.0/i586/libfreetype6-devel-2.3.7-1.6mdv2009.0.i586.rpm eddda257a00f7c7ad8546d2a366a4cf6 2009.0/i586/libfreetype6-static-devel-2.3.7-1.6mdv2009.0.i586.rpm d3d00802f5a9f8d55ff93d4a52dd688c 2009.0/SRPMS/freetype2-2.3.7-1.6mdv2009.0.src.rpm
MES5 x86_64
d0d498a0b58b69bbd08f589c63bbd6ab mes5/x86_64/lib64freetype6-2.3.7-1.6mdvmes5.1.x86_64.rpm 7818f1757da1c3c9aab94d0d8ff6d96a mes5/x86_64/lib64freetype6-devel-2.3.7-1.6mdvmes5.1.x86_64.rpm bfd7ba00ded60ba19982eeea50300d73 mes5/x86_64/lib64freetype6-static-devel-2.3.7-1.6mdvmes5.1.x86_64.rpm 98f415cf6b6882d33c5ba10cc0187ad7 mes5/SRPMS/freetype2-2.3.7-1.6mdvmes5.1.src.rpm
2010.1 x86_64
718089405b4c06c26ca35b943003f20f 2010.1/x86_64/lib64freetype6-2.3.12-1.5mdv2010.1.x86_64.rpm c5c9aa34d66e26f966038102a784e0ef 2010.1/x86_64/lib64freetype6-devel-2.3.12-1.5mdv2010.1.x86_64.rpm ce2da681b1b8b741c4c095fde5a86588 2010.1/x86_64/lib64freetype6-static-devel-2.3.12-1.5mdv2010.1.x86_64.rpm 25686c4566e01ee72bdd430c1f1f8cf4 2010.1/SRPMS/freetype2-2.3.12-1.5mdv2010.1.src.rpm