Login
Newsletter
Werbung
Sicherheit: Zahlenüberlauf in freetype
Aktuelle Meldungen Distributionen
Name: Zahlenüberlauf in freetype
ID: SSA:2007-109-01
Distribution: Slackware
Plattformen: Slackware -current, Slackware 10.1, Slackware 10.2, Slackware 11.0
Datum: Fr, 20. April 2007, 05:10
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1351
Applikationen: Freetype

Originalnachricht

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  freetype (SSA:2007-109-01)

New x11 and/or freetype and fontconfig packages are available for Slackware
10.1, 10.2, 11.0, and -current to fix security issues in freetype.  Freetype
was packaged with X11 prior to Slackware version 11.0.

More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1351


Here are the details from the Slackware 11.0 ChangeLog:
+--------------------------+
patches/packages/freetype-2.3.4-i486-1_slack11.0.tgz:
  Fixed an overflow parsing BDF fonts.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1351
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

HINT:  Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try.  This is another primary FTP site
for Slackware that can be considerably faster than downloading
from ftp.slackware.com.

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated packages for Slackware 10.1:
x11-6.8.1-i486-6_slack10.1.tgz
x11-devel-6.8.1-i486-6_slack10.1.tgz
x11-xdmx-6.8.1-i486-6_slack10.1.tgz
x11-xnest-6.8.1-i486-6_slack10.1.tgz
x11-xvfb-6.8.1-i486-6_slack10.1.tgz

Updated packages for Slackware 10.2:
x11-6.8.2-i486-9_slack10.2.tgz
x11-devel-6.8.2-i486-9_slack10.2.tgz
x11-xdmx-6.8.2-i486-9_slack10.2.tgz
x11-xnest-6.8.2-i486-9_slack10.2.tgz
x11-xvfb-6.8.2-i486-9_slack10.2.tgz

Updated packages for Slackware 11.0:
fontconfig-2.4.2-i486-1_slack11.0.tgz
freetype-2.3.4-i486-1_slack11.0.tgz
x11-6.9.0-i486-13_slack11.0.tgz
x11-devel-6.9.0-i486-13_slack11.0.tgz
x11-xdmx-6.9.0-i486-13_slack11.0.tgz
x11-xnest-6.9.0-i486-13_slack11.0.tgz
x11-xvfb-6.9.0-i486-13_slack11.0.tgz

Updated package for Slackware -current:
freetype-2.3.4-i486-1.tgz


MD5 signatures:
+-------------+

Slackware 10.1 packages:
f43963a12395187f84a5a893a9b49b08  x11-6.8.1-i486-6_slack10.1.tgz
d50e827c4b6662dcad766a7bd7a21a65  x11-devel-6.8.1-i486-6_slack10.1.tgz
cef7148c39d423ecab3e2ccccd3adb84  x11-xdmx-6.8.1-i486-6_slack10.1.tgz
f14c00ed7581968f0b1f48090ff3b88e  x11-xnest-6.8.1-i486-6_slack10.1.tgz
578877ff6ce1d31ac4260ef6aeee9782  x11-xvfb-6.8.1-i486-6_slack10.1.tgz

Slackware 10.2 packages:
391c07940d6953297bf5c8f34d3e9d08  x11-6.8.2-i486-9_slack10.2.tgz
964ad494c2b38a2b6691d4146edf38f0  x11-devel-6.8.2-i486-9_slack10.2.tgz
e0abb822a02da4189999ed3ec728cc7f  x11-xdmx-6.8.2-i486-9_slack10.2.tgz
355e7d7b950271c9113c041be6987574  x11-xnest-6.8.2-i486-9_slack10.2.tgz
a19ad4440384fe676fb5ba39d781a0ed  x11-xvfb-6.8.2-i486-9_slack10.2.tgz

Slackware 11.0 packages:
54347dc1526ece8d23c43b4b9fb19ece  fontconfig-2.4.2-i486-1_slack11.0.tgz
db824c40a99a28faa622ffa1dd6c147c  freetype-2.3.4-i486-1_slack11.0.tgz
2364ff264047eb9a7055a7d3ed82ffdc  x11-6.9.0-i486-13_slack11.0.tgz
9e177d82b3d9e48ccfca95ac556771ef  x11-devel-6.9.0-i486-13_slack11.0.tgz
0b42fd71db86207b08987316ed567210  x11-xdmx-6.9.0-i486-13_slack11.0.tgz
3bac6d7d422dc015f7d99db93b61a9ca  x11-xnest-6.9.0-i486-13_slack11.0.tgz
a523bce573612986a59aa39214dffc9d  x11-xvfb-6.9.0-i486-13_slack11.0.tgz

Slackware -current package:
e37bde7696812341354b94fef81e4b91  freetype-2.3.4-i486-1.tgz


Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg fontconfig-2.4.2-i486-1_slack11.0.tgz \
  freetype-2.3.4-i486-1_slack11.0.tgz x11-6.9.0-i486-13_slack11.0.tgz \
  x11-devel-6.9.0-i486-13_slack11.0.tgz \
  x11-xdmx-6.9.0-i486-13_slack11.0.tgz \
  x11-xnest-6.9.0-i486-13_slack11.0.tgz \
  x11-xvfb-6.9.0-i486-13_slack11.tgz


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+------------------------------------------------------------------------+
| To leave the slackware-security mailing list:                          |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message:                                                     |
|                                                                        |
|   unsubscribe slackware-security                                       |
|                                                                        |
| You will get a confirmation message back containing instructions to    |
| complete the process.  Please do not reply to this email address.      |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGKApDakRjwEAQIjMRAmhcAKCRrxpsy2WJCyLrKSvDpJMEhm2GBgCfWUZh
5Eapvq6lMB4wEoECwwIb22c=
=lxDx
-----END PGP SIGNATURE-----
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung