freetype-2.2.1-25.0.1.AXS3

エラータID: AXSA:2010-399:01

Release date: 
Friday, August 6, 2010 - 20:33
Subject: 
freetype-2.2.1-25.0.1.AXS3
Affected Channels: 
Asianux Server 3 for x86_64
Asianux Server 3 for x86
Severity: 
High
Description: 

The FreeType engine is a free and portable TrueType font rendering engine, developed to provide TrueType support for a variety of platforms and environments. FreeType is a library which can open and manages font files as well as efficiently load, hint and render individual glyphs. FreeType is not a font server or a complete text-rendering library.
Security issues fixed with this release:
CVE-2010-2498
CVE-2010-2499
CVE-2010-2500
CVE-2010-2519
CVE-2010-2527
CVE-2010-2541
No descriptions available at the time of writing, see the links below.

Solution: 

Update packages.

CVEs: 
CVE-2010-2498
The psh_glyph_find_strong_points function in pshinter/pshalgo.c in FreeType before 2.4.0 does not properly implement hinting masks, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted font file that triggers an invalid free operation.
CVE-2010-2499
Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted LaserWriter PS font file with an embedded PFB fragment.
CVE-2010-2500
Integer overflow in the gray_render_span function in smooth/ftgrays.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.
CVE-2010-2519
Heap-based buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted length value in a POST fragment header in a font file.
CVE-2010-2527
Multiple buffer overflows in demo programs in FreeType before 2.4.0 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.
CVE-2010-2541
Buffer overflow in ftmulti.c in the ftmulti demo program in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.




Additional Info: 

N/A

Download: 

SRPMS
  1. freetype-2.2.1-25.0.1.AXS3.src.rpm
    MD5: 967b413da10e315eaacc575da3eb80c8
    SHA-256: fedf2484dc8c4a1a2cc45b2aa99e5a4419a2043fd269ae3c11b1bdf894777b92
    Size: 1.42 MB

Asianux Server 3 for x86
  1. freetype-2.2.1-25.0.1.AXS3.i386.rpm
    MD5: 36de278ed88016c9fe9d303c892ab26b
    SHA-256: 094dab49a6d31621b2323507595aced29d55eafb7b00d131ed7e51b6c050d607
    Size: 603.34 kB
  2. freetype-demos-2.2.1-25.0.1.AXS3.i386.rpm
    MD5: da8922c868a68fbc7eef34625aa7970b
    SHA-256: 62e9466ff2030cc7f8a462e276bf210a19bd4b1bc5b5e9f179bd8f4e03d92820
    Size: 154.07 kB
  3. freetype-devel-2.2.1-25.0.1.AXS3.i386.rpm
    MD5: 83478a0bedab724c2560187cb9db0da1
    SHA-256: bec0be31d6791b48fbe0fa5c459ca37356493a20ab397b7d728f0cc023b8a263
    Size: 148.92 kB

Asianux Server 3 for x86_64
  1. freetype-2.2.1-25.0.1.AXS3.x86_64.rpm
    MD5: 7d5e153b0251cb1dc50c769fc2ef2872
    SHA-256: b5fec45a57d4a5789fc738c7703b98eee9572692d5ca4aa667bbe501f3e9e92b
    Size: 601.12 kB
  2. freetype-demos-2.2.1-25.0.1.AXS3.x86_64.rpm
    MD5: c574ef6129dbb72865fbdb509c82c2ab
    SHA-256: f9115f61b9876d4767408f5c3675355bbe0feeeaacf454117e2af83b01c40f4f
    Size: 162.10 kB
  3. freetype-devel-2.2.1-25.0.1.AXS3.x86_64.rpm
    MD5: c8d480553c7549c3c47437d34dd8eafa
    SHA-256: 3285f8f25c4419a419f6abf1a1ad5887cf7737366279b64b4572ef9b68ddd467
    Size: 148.88 kB