-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2013:039
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : freetype2
Date : April 5, 2013
Affected: Business Server 1.0
_______________________________________________________________________
Problem Description:
Updated freetype2 packages fixes security vulnerabilities:
A null pointer de-reference flaw was found in the way Freetype font
rendering engine handled Glyph bitmap distribution format (BDF)
fonts. A remote attacker could provide a specially-crafted BDF font
file, which once processed in an application linked against FreeType
would lead to that application crash (CVE-2012-5668).
An out-of heap-based buffer read flaw was found in the way FreeType
font rendering engine performed parsing of glyph information and
relevant bitmaps for glyph bitmap distribution format (BDF). A remote
attacker could provide a specially-crafted BDF font file, which once
opened in an application linked against FreeType would lead to that
application crash (CVE-2012-5669).
An out-of heap-based buffer write flaw was found in the way FreeType
font rendering engine performed parsing of glyph information and
relevant bitmaps for glyph bitmap distribution format (BDF). A remote
attacker could provide a specially-crafted font file, which once
opened in an application linked against FreeType would lead to that
application crash, or, potentially, arbitrary code execution with
the privileges of the user running the application (CVE-2012-5670).
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5668
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5669
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5670
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0369
_______________________________________________________________________
Updated Packages:
Mandriva Business Server 1/X86_64:
653f48b259460703e658611db8e328cc mbs1/x86_64/freetype2-demos-2.4.9-2.1.mbs1.x86_64.rpm
3666cbc822d52b1f15e52472b7a772f5 mbs1/x86_64/lib64freetype6-2.4.9-2.1.mbs1.x86_64.rpm
d289482a04b80742b1e54c1f60635a3e mbs1/x86_64/lib64freetype6-devel-2.4.9-2.1.mbs1.x86_64.rpm
9780e211766b665158a3ccbffa7b9913 mbs1/x86_64/lib64freetype6-static-devel-2.4.9-2.1.mbs1.x86_64.rpm
d2953d7bc757ae70dbdf6b1ee25bb783 mbs1/SRPMS/freetype2-2.4.9-2.1.mbs1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFRXqmqmqjQ0CJFipgRAiIHAJsHLm35MfYMY58e4GVdyvgx559EiACgnpO/
YP8RnRSRCZG+PLfARNZB25s=
=1hoR
-----END PGP SIGNATURE-----
↧
[ MDVSA-2013:039 ] freetype2
↧