Описание
ELSA-2010-0889: freetype security update (IMPORTANT)
[2.3.11-6.el6_0.2]
- Add freetype-2.3.11-CVE-2010-3855.patch (Protect against invalid runcnt values.)
- Resolves: #651761
[2.3.11-6.el6_0.1]
- Add freetype-2.3.11-CVE-2010-2805.patch (Fix comparison.)
- Add freetype-2.3.11-CVE-2010-2806.patch (Protect against negative string_size. Fix comparison.)
- Add freetype-2.3.11-CVE-2010-2808.patch (Check the total length of collected POST segments.)
- Add freetype-2.3.11-CVE-2010-3311.patch (Dont seek behind end of stream.)
- Resolves: #638838
Обновленные пакеты
Oracle Linux 5
Oracle Linux ia64
freetype
2.2.1-28.el5_5.1
freetype-demos
2.2.1-28.el5_5.1
freetype-devel
2.2.1-28.el5_5.1
Oracle Linux x86_64
freetype
2.2.1-28.el5_5.1
freetype-demos
2.2.1-28.el5_5.1
freetype-devel
2.2.1-28.el5_5.1
Oracle Linux i386
freetype
2.2.1-28.el5_5.1
freetype-demos
2.2.1-28.el5_5.1
freetype-devel
2.2.1-28.el5_5.1
Oracle Linux 6
Oracle Linux x86_64
freetype
2.3.11-6.el6_0.2
freetype-demos
2.3.11-6.el6_0.2
freetype-devel
2.3.11-6.el6_0.2
Oracle Linux i686
freetype
2.3.11-6.el6_0.2
freetype-demos
2.3.11-6.el6_0.2
freetype-devel
2.3.11-6.el6_0.2
Ссылки на источники
Связанные уязвимости
Уязвимости операционной системы Gentoo Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.
The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.
The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.
The FT_Stream_EnterFrame function in base/ftstream.c in FreeType befor ...