[Security Announce] [ MDKSA-2007:081-1 ] - Updated freetype2 packages fix vulnerability
Posted on: 04/11/2007 01:10 AM

The Mandriva Security Team published a new security update for Mandriva Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2007:081-1
http://www.mandriva.com/security/
_______________________________________________________________________

Package : freetype2
Date : April 10, 2007
Affected: 2007.1
_______________________________________________________________________

Problem Description:

iDefense integer overflows in the way freetype handled various font
files. A malicious local user could exploit these issues to potentially
execute arbitrary code.

Updated packages have been patched to correct this issue.

Update:

Packages for Mandriva Linux 2007.1 are now available.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1351
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.1:
b6d65fcc62754bd1400e90efa49e6679 2007.1/i586/libfreetype6-2.3.1-3.1mdv2007.1.i586.rpm
142d11543d5db9880c9db97b99595559 2007.1/i586/libfreetype6-devel-2.3.1-3.1mdv2007.1.i586.rpm
bfc535d187f868751ed2460f3de01e53 2007.1/i586/libfreetype6-static-devel-2.3.1-3.1mdv2007.1.i586.rpm
81a51e662770f7d91ff92b6ae53211af 2007.1/SRPMS/freetype2-2.3.1-3.1mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
3323e12c0ac539c7bc6b7f6ead647f7e 2007.1/x86_64/lib64freetype6-2.3.1-3.1mdv2007.1.x86_64.rpm
c9c6db8da9895b96eb074ffb09f2383e 2007.1/x86_64/lib64freetype6-devel-2.3.1-3.1mdv2007.1.x86_64.rpm
87f48e86ee449bbba06fd0159c6c34af 2007.1/x86_64/lib64freetype6-static-devel-2.3.1-3.1mdv2007.1.x86_64.rpm
81a51e662770f7d91ff92b6ae53211af 2007.1/SRPMS/freetype2-2.3.1-3.1mdv2007.1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
lt;security*mandriva.comgt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGG9yumqjQ0CJFipgRAj2LAKDxahKXOhYOpS6JZ1he0FMxfbuQJgCgif5j
Hfcfrg4ZKpE/LPNAxnuUE0E=
=hw7N
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/security_announce_mdksa_2007081_1__updated_freetype2_packages_fix_vulnerability.html)