Описание
ELSA-2010-0578: freetype security update (IMPORTANT)
[2.2.1-25]
- Add freetype-2.2.1-axis-name-overflow.patch (Avoid overflow when dealing with names of axes)
- Resolves: #614012
[2.2.1-24]
- Modify freetype-2.2.1-CVE-2010-2519.patch (additional fix) (If the type of the POST fragment is 0, the segment is completely ignored)
- Resolves: #614012
[2.2.1-23]
- Add freetype-2.2.1-CVE-2010-2527.patch (Use precision for '%s' where appropriate to avoid buffer overflows)
- Resolves: #614012
[2.2.1-22]
- Add freetype-2.2.1-CVE-2010-2498.patch (Assure that 'end_point' is not larger than 'glyph->num_points')
- Add freetype-2.2.1-CVE-2010-2499.patch (Check the buffer size during gathering PFB fragments)
- Add freetype-2.2.1-CVE-2010-2500.patch (Use smaller threshold values for 'width' and 'height')
- Add freetype-2.2.1-CVE-2010-2519.patch (Check 'rlen' the length of fragment declared in the POST fragment header)
- Resolves: #614012
Обновленные пакеты
Oracle Linux 5
Oracle Linux ia64
freetype
2.2.1-25.el5_5
freetype-demos
2.2.1-25.el5_5
freetype-devel
2.2.1-25.el5_5
Oracle Linux x86_64
freetype
2.2.1-25.el5_5
freetype-demos
2.2.1-25.el5_5
freetype-devel
2.2.1-25.el5_5
Oracle Linux i386
freetype
2.2.1-25.el5_5
freetype-demos
2.2.1-25.el5_5
freetype-devel
2.2.1-25.el5_5
Ссылки на источники
Связанные уязвимости
Уязвимости операционной системы Gentoo Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
The psh_glyph_find_strong_points function in pshinter/pshalgo.c in FreeType before 2.4.0 does not properly implement hinting masks, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted font file that triggers an invalid free operation.
The psh_glyph_find_strong_points function in pshinter/pshalgo.c in FreeType before 2.4.0 does not properly implement hinting masks, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted font file that triggers an invalid free operation.
The psh_glyph_find_strong_points function in pshinter/pshalgo.c in FreeType before 2.4.0 does not properly implement hinting masks, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted font file that triggers an invalid free operation.
The psh_glyph_find_strong_points function in pshinter/pshalgo.c in Fre ...