DSA 1302-1: New freetype packages fix integer overflow
Posted on: 06/10/2007 04:50 PM

The Debian Security Team published a new security update for Debian GNU/Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


- ------------------------------------------------------------------------
Debian Security Advisory DSA-1302-1 security@debian.org
http://www.debian.org/security/ Steve Kemp
June 10, 2007
- ------------------------------------------------------------------------

Package : freetype (2.2.1-5+etch1)
Vulnerability : integer overflow
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2007-2754
Debian Bug : 425625


A problem was discovered with freetype, a FreeTyp2 font engine, which
could allow the execution of arbitary code via an integer overflow in
specially crafted TTF files.

For the stable distribution (etch), this problem has been fixed in
version 2.2.1-5+etch1.

For the unstable distribution (sid), this problem has been fixed in
version 2.2.1-6.

We recommend that you upgrade your freetype (2.2.1-5+etch1) package.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian (stable)
- ---------------

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/f/freetype/freetype_2.2.1-5+etch1.dsc
Size/MD5 checksum: 798 187a09fa137f44644a826cc561851023
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.2.1.orig.tar.gz
Size/MD5 checksum: 1451392 a584e84d617c6e7919b4aef9b5106cf4
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.2.1-5+etch1.diff.gz
Size/MD5 checksum: 30963 83f454db44bdb8929e0f0381143dc5db

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch1_alpha.deb
Size/MD5 checksum: 385008 7d52ba8722e4b357f68abb578b60a52a
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch1_alpha.deb
Size/MD5 checksum: 170448 7f2728c29efd7ca024531d8ebf88addc
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch1_alpha.deb
Size/MD5 checksum: 732032 116feac33169db3e45c3dc53e4f3157b
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch1_alpha.udeb
Size/MD5 checksum: 279204 e62e7644d9d1e22b23e81c6fda87b6d1

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch1_amd64.deb
Size/MD5 checksum: 353436 afa12b9f6f0e6bda42de60aa1e019b50
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch1_amd64.deb
Size/MD5 checksum: 150526 825c996331a2c0cd274e2b15a8fee7d4
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch1_amd64.udeb
Size/MD5 checksum: 248150 f8b87164256e2c6670ab72c07700dbd8
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch1_amd64.deb
Size/MD5 checksum: 668724 77394a0182401d64247d41e5877cbe9b

arm architecture (ARM)

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch1_arm.deb
Size/MD5 checksum: 333364 0d7346c0579975150072ce120d99c304
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch1_arm.deb
Size/MD5 checksum: 641304 4bb19236147b7dcc902d12ca757d6473
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch1_arm.deb
Size/MD5 checksum: 134424 6ea68e623f447fddc5f8cb70a24d6859
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch1_arm.udeb
Size/MD5 checksum: 227222 ecc5609d412cf0c093ff11ad678bd5b8

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch1_hppa.deb
Size/MD5 checksum: 680184 7e3cb9e8883b4d1f867ca4a540ce809f
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch1_hppa.deb
Size/MD5 checksum: 150926 461bcc2b91d791e5f53d0ad9e7f9dbec
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch1_hppa.udeb
Size/MD5 checksum: 260406 058fbb02c754707bd01a37bbb0de5a35
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch1_hppa.deb
Size/MD5 checksum: 366546 5a6c3b19844f9b1d0275ffae21c87871

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch1_i386.deb
Size/MD5 checksum: 341778 f800ba2ee94137591a764136ec71cbd9
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch1_i386.deb
Size/MD5 checksum: 641566 d15f9a17fe9b5756026779a9e6639305
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch1_i386.udeb
Size/MD5 checksum: 235858 9c5125cd256d1e645470d08d7c73bba5
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch1_i386.deb
Size/MD5 checksum: 135254 7fb03ee21e372b7a4602debe961f764a

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch1_ia64.udeb
Size/MD5 checksum: 383460 4dcbb0bed034da7c74017e1c730eaae2
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch1_ia64.deb
Size/MD5 checksum: 222228 866793358e59a55e71f695b69c4aef1c
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch1_ia64.deb
Size/MD5 checksum: 816932 cb592b3c7237b4839c9e540d835a8274
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch1_ia64.deb
Size/MD5 checksum: 488868 24c1e3da83b09e14defe70685d7d7545

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch1_mips.udeb
Size/MD5 checksum: 241570 e9b99262edabeb26811cd4f9ca17e525
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch1_mips.deb
Size/MD5 checksum: 151484 28b16a6cf6eeee76ceec5938ac8a7cda
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch1_mips.deb
Size/MD5 checksum: 680518 d7184dbbb1bdc6ad293eef5dc4d98605
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch1_mips.deb
Size/MD5 checksum: 346636 36abaf52ed32b64c8cd06c2439da8966

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch1_mipsel.deb
Size/MD5 checksum: 680624 5b7516edcd0b4921beb2ee0c02290102
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch1_mipsel.deb
Size/MD5 checksum: 150970 c40f00fb7346ceb5029b77d55a62ac28
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch1_mipsel.udeb
Size/MD5 checksum: 241106 8dbbab1f29502133535bcdbd6a8cf388
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch1_mipsel.deb
Size/MD5 checksum: 346540 7bfcd60a4ea3f5d5580c2da350358276

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch1_powerpc.deb
Size/MD5 checksum: 146690 6c928f9d35183e6e6873a52b620aa0b1
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch1_powerpc.udeb
Size/MD5 checksum: 240630 5315a8e1b86e7a93ebbcb30f984305fc
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch1_powerpc.deb
Size/MD5 checksum: 661790 283a5c1adff5dc1404bf08c7a6126390
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch1_powerpc.deb
Size/MD5 checksum: 345788 4948fad03c1ad9d8fea1a825aa1b605a

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch1_s390.deb
Size/MD5 checksum: 355626 5825341b2d4a6cb694ead2c287210934
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch1_s390.deb
Size/MD5 checksum: 657010 4169a5f32365bb6c19b31812c82a0bf6
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch1_s390.deb
Size/MD5 checksum: 151344 f52143c9d070f6351313358931dc3a98
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch1_s390.udeb
Size/MD5 checksum: 249874 65ab48d5fd81670dfd2915db2a2e00c6

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch1_sparc.udeb
Size/MD5 checksum: 219654 d1b7c3045b9d86955813bd79398bafdf
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch1_sparc.deb
Size/MD5 checksum: 635506 3620350015da5a2b3f99c57c2cdb6b67
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch1_sparc.deb
Size/MD5 checksum: 131006 c46976177e1dc1b6b5ef803eb78d8b12
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch1_sparc.deb
Size/MD5 checksum: 324968 5a8a7eb0d05cd4c26c1fe26075117c05


These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show lt;pkggt;' and http://packages.debian.org/lt;pkggt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGbADywM/Gs81MDZ0RAuIyAKCB2roP5a2lBoFf49k+j+JR0gy3dQCdGVND
QHLP4ncU5oPtshz4RzKA80Y=
=gcoI
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/dsa_1302_1_new_freetype_packages_fix_integer_overflow.html)