freetype (SSA:2007-109-01)
Posted on: 04/20/2007 09:25 AM

New x11 and/or freetype and fontconfig packages are available for Slackware 10.1, 10.2, 11.0, and -current to fix security issues in freetype. Freetype was packaged with X11 prior to Slackware version 11.0.

More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1351

Here are the details from the Slackware 11.0 ChangeLog:
+--------------------------+
patches/packages/freetype-2.3.4-i486-1_slack11.0.tgz:
Fixed an overflow parsing BDF fonts.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1351
(* Security fix *)
+--------------------------+

Where to find the new packages:
+-----------------------------+

HINT: Getting slow download speeds from ftp.slackware.com? Give slackware.osuosl.org a try. This is another primary FTP site for Slackware that can be considerably faster than downloading from ftp.slackware.com.

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating additional FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated packages for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/x11-6.8.1-i486-6_slack10.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/x11-devel-6.8.1-i486-6_slack10.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/x11-xdmx-6.8.1-i486-6_slack10.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/x11-xnest-6.8.1-i486-6_slack10.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/x11-xvfb-6.8.1-i486-6_slack10.1.tgz

Updated packages for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/x11-6.8.2-i486-9_slack10.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/x11-devel-6.8.2-i486-9_slack10.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/x11-xdmx-6.8.2-i486-9_slack10.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/x11-xnest-6.8.2-i486-9_slack10.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/x11-xvfb-6.8.2-i486-9_slack10.2.tgz

Updated packages for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/fontconfig-2.4.2-i486-1_slack11.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/freetype-2.3.4-i486-1_slack11.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/x11-6.9.0-i486-13_slack11.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/x11-devel-6.9.0-i486-13_slack11.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/x11-xdmx-6.9.0-i486-13_slack11.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/x11-xnest-6.9.0-i486-13_slack11.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/x11-xvfb-6.9.0-i486-13_slack11.0.tgz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/freetype-2.3.4-i486-1.tgz


MD5 signatures:
+-------------+

Slackware 10.1 packages:
f43963a12395187f84a5a893a9b49b08 x11-6.8.1-i486-6_slack10.1.tgz
d50e827c4b6662dcad766a7bd7a21a65 x11-devel-6.8.1-i486-6_slack10.1.tgz
cef7148c39d423ecab3e2ccccd3adb84 x11-xdmx-6.8.1-i486-6_slack10.1.tgz
f14c00ed7581968f0b1f48090ff3b88e x11-xnest-6.8.1-i486-6_slack10.1.tgz
578877ff6ce1d31ac4260ef6aeee9782 x11-xvfb-6.8.1-i486-6_slack10.1.tgz

Slackware 10.2 packages:
391c07940d6953297bf5c8f34d3e9d08 x11-6.8.2-i486-9_slack10.2.tgz
964ad494c2b38a2b6691d4146edf38f0 x11-devel-6.8.2-i486-9_slack10.2.tgz
e0abb822a02da4189999ed3ec728cc7f x11-xdmx-6.8.2-i486-9_slack10.2.tgz
355e7d7b950271c9113c041be6987574 x11-xnest-6.8.2-i486-9_slack10.2.tgz
a19ad4440384fe676fb5ba39d781a0ed x11-xvfb-6.8.2-i486-9_slack10.2.tgz

Slackware 11.0 packages:
54347dc1526ece8d23c43b4b9fb19ece fontconfig-2.4.2-i486-1_slack11.0.tgz
db824c40a99a28faa622ffa1dd6c147c freetype-2.3.4-i486-1_slack11.0.tgz
2364ff264047eb9a7055a7d3ed82ffdc x11-6.9.0-i486-13_slack11.0.tgz
9e177d82b3d9e48ccfca95ac556771ef x11-devel-6.9.0-i486-13_slack11.0.tgz
0b42fd71db86207b08987316ed567210 x11-xdmx-6.9.0-i486-13_slack11.0.tgz
3bac6d7d422dc015f7d99db93b61a9ca x11-xnest-6.9.0-i486-13_slack11.0.tgz
a523bce573612986a59aa39214dffc9d x11-xvfb-6.9.0-i486-13_slack11.0.tgz

Slackware -current package:
e37bde7696812341354b94fef81e4b91 freetype-2.3.4-i486-1.tgz


Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg fontconfig-2.4.2-i486-1_slack11.0.tgz \\
freetype-2.3.4-i486-1_slack11.0.tgz x11-6.9.0-i486-13_slack11.0.tgz \\
x11-devel-6.9.0-i486-13_slack11.0.tgz \\
x11-xdmx-6.9.0-i486-13_slack11.0.tgz \\
x11-xnest-6.9.0-i486-13_slack11.0.tgz \\
x11-xvfb-6.9.0-i486-13_slack11.tgz


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com


Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/freetype_ssa2007_109_01.html)