Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2013-0216

Опубликовано: 31 янв. 2013
Источник: oracle-oval
Платформа: Oracle Linux 5
Платформа: Oracle Linux 6

Описание

ELSA-2013-0216: freetype security update (IMPORTANT)

[2.3.11-14.el6_3.1]

  • Fix CVE-2012-5669 (Use correct array size for checking 'glyph_enc')
  • Resolves: #903542

[2.3.11-14]

  • A little change in configure part
  • Related: #723468

[2.3.11-13]

  • Fix CVE-2012-{1126, 1127, 1130, 1131, 1132, 1134, 1136, 1137, 1139, 1140, 1141, 1142, 1143, 1144}
  • Properly initialize array 'result' in FT_Outline_Get_Orientation()
  • Check bytes per row for overflow in _bdf_parse_glyphs()
  • Resolves: #806269

[2.3.11-12]

  • Add freetype-2.3.11-CVE-2011-3439.patch (Various loading fixes.)
  • Resolves: #754012

[2.3.11-11]

  • Add freetype-2.3.11-CVE-2011-3256.patch (Handle some border cases.)
  • Resolves: #747084

[2.3.11-10]

  • Use -fno-strict-aliasing instead of attribute((may_alias))
  • Resolves: #723468

[2.3.11-9]

  • Allow FT_Glyph to alias (to pass Rpmdiff)
  • Resolves: #723468

[2.3.11-8]

  • Add freetype-2.3.11-CVE-2011-0226.patch (Add better argument check for 'callothersubr'.)
    • based on patches by Werner Lemberg, Alexei Podtelezhnikov and Matthias Drochner
  • Resolves: #723468

[2.3.11-7]

  • Add freetype-2.3.11-CVE-2010-3855.patch (Protect against invalid 'runcnt' values.)
  • Resolves: #651762

Обновленные пакеты

Oracle Linux 5

Oracle Linux ia64

freetype

2.2.1-32.el5_9.1

freetype-demos

2.2.1-32.el5_9.1

freetype-devel

2.2.1-32.el5_9.1

Oracle Linux x86_64

freetype

2.2.1-32.el5_9.1

freetype-demos

2.2.1-32.el5_9.1

freetype-devel

2.2.1-32.el5_9.1

Oracle Linux i386

freetype

2.2.1-32.el5_9.1

freetype-demos

2.2.1-32.el5_9.1

freetype-devel

2.2.1-32.el5_9.1

Oracle Linux 6

Oracle Linux x86_64

freetype

2.3.11-14.el6_3.1

freetype-demos

2.3.11-14.el6_3.1

freetype-devel

2.3.11-14.el6_3.1

Oracle Linux i686

freetype

2.3.11-14.el6_3.1

freetype-demos

2.3.11-14.el6_3.1

freetype-devel

2.3.11-14.el6_3.1

Связанные CVE

CVE-2012-5669

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2012-5669

ubuntu
больше 12 лет назад

The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to BDF fonts and an incorrect calculation that triggers an out-of-bounds read.

redhat логотип

CVE-2012-5669

redhat
больше 12 лет назад

The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to BDF fonts and an incorrect calculation that triggers an out-of-bounds read.

nvd логотип

CVE-2012-5669

nvd
больше 12 лет назад

The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to BDF fonts and an incorrect calculation that triggers an out-of-bounds read.

debian логотип

CVE-2012-5669

debian
больше 12 лет назад

The _bdf_parse_glyphs function in FreeType before 2.4.11 allows contex ...

github логотип

GHSA-p2x3-xp3h-v29x

github
больше 3 лет назад

The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to BDF fonts and an incorrect calculation that triggers an out-of-bounds read.