U radu programskog paketa FreeType uočen je sigurnosni propust kojeg je moguće iskoristiti za udaljeno izvođenje DoS napada ili pokretanje proizvoljnog programskog koda.
Paket:
FreeType 2.x
Operacijski sustavi:
Mandriva Linux 2009.0, Mandriva Linux 2010.1, Mandriva Linux Corporate 4.0, Mandriva Linux Enterprise Server 5.0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2011:120
http://www.mandriva.com/security/
_______________________________________________________________________
Package : freetype2
Date : July 26, 2011
Affected: 2009.0, 2010.1, Corporate 4.0, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
A vulnerability was discovered and corrected in freetype2:
Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
Type 1 font in a PDF document, as exploited in the wild in July 2011
(CVE-2011-0226).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0226
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2009.0:
654e1ee51b4cf3ce803cb76d82c00de1
2009.0/i586/libfreetype6-2.3.7-1.7mdv2009.0.i586.rpm
2b8396aa1b98c80f729557388f436dd1
2009.0/i586/libfreetype6-devel-2.3.7-1.7mdv2009.0.i586.rpm
d64795aca4f5e5f71b2dd4fadceca802
2009.0/i586/libfreetype6-static-devel-2.3.7-1.7mdv2009.0.i586.rpm
a5d5543fc77acafb129be6471f99d3ef
2009.0/SRPMS/freetype2-2.3.7-1.7mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
94a0c919640a7f3596562e6d50a670c4
2009.0/x86_64/lib64freetype6-2.3.7-1.7mdv2009.0.x86_64.rpm
bbc155ec9d5fff53707bccf0a193d8a1
2009.0/x86_64/lib64freetype6-devel-2.3.7-1.7mdv2009.0.x86_64.rpm
e86323068b350a8d2dbedc7f0c57be3c
2009.0/x86_64/lib64freetype6-static-devel-2.3.7-1.7mdv2009.0.x86_64.rpm
a5d5543fc77acafb129be6471f99d3ef
2009.0/SRPMS/freetype2-2.3.7-1.7mdv2009.0.src.rpm
Mandriva Linux 2010.1:
dac6da5b5d8ef3fd19075b2d01792076
2010.1/i586/libfreetype6-2.3.12-1.6mdv2010.2.i586.rpm
126c1476e7276cc24637af2187a0e3c5
2010.1/i586/libfreetype6-devel-2.3.12-1.6mdv2010.2.i586.rpm
ade7ba5bacaec0b7210a551e0ba59acf
2010.1/i586/libfreetype6-static-devel-2.3.12-1.6mdv2010.2.i586.rpm
b5ecd21280fcbb3d2a51916191a9bc5a
2010.1/SRPMS/freetype2-2.3.12-1.6mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64:
e72e2bde4313a068a4ca3737f7864912
2010.1/x86_64/lib64freetype6-2.3.12-1.6mdv2010.2.x86_64.rpm
8df3ffd25d1472ff33db92e6a632cfab
2010.1/x86_64/lib64freetype6-devel-2.3.12-1.6mdv2010.2.x86_64.rpm
8366679651112b9aa478d0804366b09e
2010.1/x86_64/lib64freetype6-static-devel-2.3.12-1.6mdv2010.2.x86_64.rpm
b5ecd21280fcbb3d2a51916191a9bc5a
2010.1/SRPMS/freetype2-2.3.12-1.6mdv2010.2.src.rpm
Corporate 4.0:
af596115027fcb710ca1195a62225901
corporate/4.0/i586/libfreetype6-2.1.10-9.15.20060mlcs4.i586.rpm
10eff208220245753af10d1d80fa2cb8
corporate/4.0/i586/libfreetype6-devel-2.1.10-9.15.20060mlcs4.i586.rpm
865656cb01577b054895bc4542a495eb
corporate/4.0/i586/libfreetype6-static-devel-2.1.10-9.15.20060mlcs4.i586.rpm
22318e9e96669c98132986458778d3bc
corporate/4.0/SRPMS/freetype2-2.1.10-9.15.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
3e8aa6b93eefa16f03b5fbde0a67b719
corporate/4.0/x86_64/lib64freetype6-2.1.10-9.15.20060mlcs4.x86_64.rpm
edec00255fe1ad370c9f9e2f70368180
corporate/4.0/x86_64/lib64freetype6-devel-2.1.10-9.15.20060mlcs4.x86_64.rpm
b0ebac32d771c80ff30c6e8f06221126
corporate/4.0/x86_64/lib64freetype6-static-devel-2.1.10-9.15.20060mlcs4.x86_64.rpm
22318e9e96669c98132986458778d3bc
corporate/4.0/SRPMS/freetype2-2.1.10-9.15.20060mlcs4.src.rpm
Mandriva Enterprise Server 5:
02b47687da918f6cc824c1dcba7fe038
mes5/i586/libfreetype6-2.3.7-1.7mdvmes5.2.i586.rpm
4fdf12af5de34bf1b7fbb8fc346a4e78
mes5/i586/libfreetype6-devel-2.3.7-1.7mdvmes5.2.i586.rpm
815fc7bbac060d668379988165f634af
mes5/i586/libfreetype6-static-devel-2.3.7-1.7mdvmes5.2.i586.rpm
9aa96b74efacc75c68e826d6e770eb89
mes5/SRPMS/freetype2-2.3.7-1.7mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64:
3cc6638a94ced9ef5cf1464356f42fec
mes5/x86_64/lib64freetype6-2.3.7-1.7mdvmes5.2.x86_64.rpm
80f4a2dbda54a036b4ec7cb94ea9bc93
mes5/x86_64/lib64freetype6-devel-2.3.7-1.7mdvmes5.2.x86_64.rpm
f93be214c7a6c95b27daf96759336675
mes5/x86_64/lib64freetype6-static-devel-2.3.7-1.7mdvmes5.2.x86_64.rpm
9aa96b74efacc75c68e826d6e770eb89
mes5/SRPMS/freetype2-2.3.7-1.7mdvmes5.2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFOLqXvmqjQ0CJFipgRAmCmAJkBTmcXeNHhIpj8+/KRcDdWIA42qQCcCvpx
rQTpLJCJG0AKuJJtVo/I5ms=
=jxso
-----END PGP SIGNATURE-----
Posljednje sigurnosne preporuke