freetype-2.2.1-26.0.1.AXS3
エラータID: AXSA:2010-423:02
リリース日:
2010/08/24 Tuesday - 21:58
題名:
freetype-2.2.1-26.0.1.AXS3
影響のあるチャネル:
Asianux Server 3 for x86_64
Asianux Server 3 for x86
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- FreeType にはスタックベースのバッファオーバーフローが存在し, PDF ドキュメントに埋め込まれたフォントの中の巧妙に細工された CFF opcodes によって, リモートの攻撃者が任意のコードを実行する脆弱性があります。(CVE-2010-1797)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2010-1797
Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 on the iPad, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted CFF opcodes in embedded fonts in a PDF document, as demonstrated by JailbreakMe. NOTE: some of these details are obtained from third party information.
Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 on the iPad, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted CFF opcodes in embedded fonts in a PDF document, as demonstrated by JailbreakMe. NOTE: some of these details are obtained from third party information.
追加情報:
N/A
ダウンロード:
SRPMS
- freetype-2.2.1-26.0.1.AXS3.src.rpm
MD5: ab1a7cd1f326af28b7b1ccd73707e1d7
SHA-256: 8ffa62f9cf6bb80f79876bdeef48202e2b39a8af548decd2fe0267c8c7b920b4
Size: 1.42 MB
Asianux Server 3 for x86
- freetype-2.2.1-26.0.1.AXS3.i386.rpm
MD5: a114dc1be96c7ae0b0a4967501930df2
SHA-256: 2a566ffe5641337eaea9aecee6b93b4465fe640447ab5a49d83af2690b47eed1
Size: 603.42 kB - freetype-demos-2.2.1-26.0.1.AXS3.i386.rpm
MD5: 0ac5cde13567042670ac8228576ca91b
SHA-256: a7bc7674dfdbee4935ec0f25b1288ab1073bbcc433494ce0fab209501e7c64de
Size: 154.18 kB - freetype-devel-2.2.1-26.0.1.AXS3.i386.rpm
MD5: f859ae646dd9a373fd6a28935229c822
SHA-256: ecbbf892f906c1dd362804b6efa5267c7d83064272be66e6727a393763f21338
Size: 149.05 kB
Asianux Server 3 for x86_64
- freetype-2.2.1-26.0.1.AXS3.x86_64.rpm
MD5: e66c409dea23ca962a070d01918ee374
SHA-256: c3c17a75c0c2d65ba00e61c3feeb4ede6992af4dd6182ee7023986e7cd7871b5
Size: 601.35 kB - freetype-demos-2.2.1-26.0.1.AXS3.x86_64.rpm
MD5: 413e7793c7d6a2b4f0f1eb892a5d2dc9
SHA-256: aa275037097b98b02d25a3efbf182ba3b54396653703ab9eb1571c85055ee2d1
Size: 162.21 kB - freetype-devel-2.2.1-26.0.1.AXS3.x86_64.rpm
MD5: b1d14159738a2ce4b8706cf05faac4b3
SHA-256: f1b2d752a8cfe5052bb21ffa1bf7fac5ebc27f9fa42007e84bab51ba036af78b
Size: 149.04 kB