Package name
freetype2
Date
2013-04-05
Advisory ID
MDVSA-2013:039
Affected versions
MBS1 x86_64

Problem description

Updated freetype2 packages fixes security vulnerabilities:

A null pointer de-reference flaw was found in the way Freetype font
rendering engine handled Glyph bitmap distribution format (BDF)
fonts. A remote attacker could provide a specially-crafted BDF font
file, which once processed in an application linked against FreeType
would lead to that application crash (CVE-2012-5668).

An out-of heap-based buffer read flaw was found in the way FreeType
font rendering engine performed parsing of glyph information and
relevant bitmaps for glyph bitmap distribution format (BDF). A remote
attacker could provide a specially-crafted BDF font file, which once
opened in an application linked against FreeType would lead to that
application crash (CVE-2012-5669).

An out-of heap-based buffer write flaw was found in the way FreeType
font rendering engine performed parsing of glyph information and
relevant bitmaps for glyph bitmap distribution format (BDF). A remote
attacker could provide a specially-crafted font file, which once
opened in an application linked against FreeType would lead to that
application crash, or, potentially, arbitrary code execution with
the privileges of the user running the application (CVE-2012-5670).

Updated packages

MBS1 x86_64

 653f48b259460703e658611db8e328cc  mbs1/x86_64/freetype2-demos-2.4.9-2.1.mbs1.x86_64.rpm
 3666cbc822d52b1f15e52472b7a772f5  mbs1/x86_64/lib64freetype6-2.4.9-2.1.mbs1.x86_64.rpm
 d289482a04b80742b1e54c1f60635a3e  mbs1/x86_64/lib64freetype6-devel-2.4.9-2.1.mbs1.x86_64.rpm
 9780e211766b665158a3ccbffa7b9913  mbs1/x86_64/lib64freetype6-static-devel-2.4.9-2.1.mbs1.x86_64.rpm 
 d2953d7bc757ae70dbdf6b1ee25bb783  mbs1/SRPMS/freetype2-2.4.9-2.1.mbs1.src.rpm

References