|
|
| Problem Description |
An additional overflow, similar to those corrected by patches for
CVE-2006-1861 was found in libfreetype. If a user loads a carefully
crafted font file with a program linked against FreeType, it could cause
the application to crash or execute arbitrary code as the user.
Updated packages have been patched to correct this issue.
| Updated Packages |
Corporate Server 3.0
a178787bfed2fb14fa946da97a617cc3 corporate/3.0/RPMS/libfreetype6-2.1.7-4.3.C30mdk.i586.rpm 1635f5556cadc0cac6d069face4456a2 corporate/3.0/RPMS/libfreetype6-devel-2.1.7-4.3.C30mdk.i586.rpm 445a95dba634a31197305bc82a87879d corporate/3.0/RPMS/libfreetype6-static-devel-2.1.7-4.3.C30mdk.i586.rpm aae2d49840b8ceed17dd373ecaf1edc3 corporate/3.0/SRPMS/freetype2-2.1.7-4.3.C30mdk.src.rpm
Corporate Server 3.0/X86_64
8a7688a1f8ab362b8994cf15babb6a26 x86_64/corporate/3.0/RPMS/lib64freetype6-2.1.7-4.3.C30mdk.x86_64.rpm 0590279a78710bf68de62333f594ec83 x86_64/corporate/3.0/RPMS/lib64freetype6-devel-2.1.7-4.3.C30mdk.x86_64.rpm 42fedd6e54d1f483e5f8655b7e1607b2 x86_64/corporate/3.0/RPMS/lib64freetype6-static-devel-2.1.7-4.3.C30mdk.x86_64.rpm a178787bfed2fb14fa946da97a617cc3 x86_64/corporate/3.0/RPMS/libfreetype6-2.1.7-4.3.C30mdk.i586.rpm aae2d49840b8ceed17dd373ecaf1edc3 x86_64/corporate/3.0/SRPMS/freetype2-2.1.7-4.3.C30mdk.src.rpm
Multi Network Firewall 2.0
1a19681d0cbdcf910097685bd6ea4f49 mnf/2.0/RPMS/libfreetype6-2.1.7-4.3.M20mdk.i586.rpm e8d868b0dfc94e945d096896b8b9e0ec mnf/2.0/SRPMS/freetype2-2.1.7-4.3.M20mdk.src.rpm
Mandriva Linux 2006
58610d57ba81e18fd281de0723377d15 2006.0/RPMS/libfreetype6-2.1.10-9.4.20060mdk.i586.rpm acc57dee23d472c2dd67a7dfd4f31178 2006.0/RPMS/libfreetype6-devel-2.1.10-9.4.20060mdk.i586.rpm 0cb439096b7c68f7b087494f460733ef 2006.0/RPMS/libfreetype6-static-devel-2.1.10-9.4.20060mdk.i586.rpm 21644362815c06ab64672919b74d4482 2006.0/SRPMS/freetype2-2.1.10-9.4.20060mdk.src.rpm
Mandriva Linux 2006/X86_64
bc9d61266c643afb4c621b69fe773d1f x86_64/2006.0/RPMS/lib64freetype6-2.1.10-9.4.20060mdk.x86_64.rpm 7b2e091d9d451c0ca78bc1a30ca65abe x86_64/2006.0/RPMS/lib64freetype6-devel-2.1.10-9.4.20060mdk.x86_64.rpm 98930009ac9bc59a90045801db3e9884 x86_64/2006.0/RPMS/lib64freetype6-static-devel-2.1.10-9.4.20060mdk.x86_64.rpm 58610d57ba81e18fd281de0723377d15 x86_64/2006.0/RPMS/libfreetype6-2.1.10-9.4.20060mdk.i586.rpm acc57dee23d472c2dd67a7dfd4f31178 x86_64/2006.0/RPMS/libfreetype6-devel-2.1.10-9.4.20060mdk.i586.rpm 0cb439096b7c68f7b087494f460733ef x86_64/2006.0/RPMS/libfreetype6-static-devel-2.1.10-9.4.20060mdk.i586.rpm 21644362815c06ab64672919b74d4482 x86_64/2006.0/SRPMS/freetype2-2.1.10-9.4.20060mdk.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3467
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.