Login
Newsletter
Werbung
Sicherheit: Ausführen beliebiger Kommandos in freetype2
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in freetype2
ID: MDVSA-2011:120
Distribution: Mandriva
Plattformen: Mandriva Corporate 4.0, Mandriva 2009.0, Mandriva Enterprise Server 5.0, Mandriva 2010.1
Datum: Mi, 27. Juli 2011, 12:43
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0226
Applikationen: Freetype

Originalnachricht

 
This is a multi-part message in MIME format...

------------=_1311756490-2472-48

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2011:120
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : freetype2
 Date    : July 26, 2011
 Affected: 2009.0, 2010.1, Corporate 4.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability was discovered and corrected in freetype2:
 
 Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6,
 allows remote attackers to execute arbitrary code or cause a denial
 of service (memory corruption and application crash) via a crafted
 Type 1 font in a PDF document, as exploited in the wild in July 2011
 (CVE-2011-0226).
 
 Packages for 2009.0 are provided as of the Extended Maintenance
 Program. Please visit this link to learn more:
 http://store.mandriva.com/product_info.php?cPath=149&products_id=490
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0226
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.0:
 654e1ee51b4cf3ce803cb76d82c00de1 
 2009.0/i586/libfreetype6-2.3.7-1.7mdv2009.0.i586.rpm
 2b8396aa1b98c80f729557388f436dd1 
 2009.0/i586/libfreetype6-devel-2.3.7-1.7mdv2009.0.i586.rpm
 d64795aca4f5e5f71b2dd4fadceca802 
 2009.0/i586/libfreetype6-static-devel-2.3.7-1.7mdv2009.0.i586.rpm 
 a5d5543fc77acafb129be6471f99d3ef 
 2009.0/SRPMS/freetype2-2.3.7-1.7mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 94a0c919640a7f3596562e6d50a670c4 
 2009.0/x86_64/lib64freetype6-2.3.7-1.7mdv2009.0.x86_64.rpm
 bbc155ec9d5fff53707bccf0a193d8a1 
 2009.0/x86_64/lib64freetype6-devel-2.3.7-1.7mdv2009.0.x86_64.rpm
 e86323068b350a8d2dbedc7f0c57be3c 
 2009.0/x86_64/lib64freetype6-static-devel-2.3.7-1.7mdv2009.0.x86_64.rpm 
 a5d5543fc77acafb129be6471f99d3ef 
 2009.0/SRPMS/freetype2-2.3.7-1.7mdv2009.0.src.rpm

 Mandriva Linux 2010.1:
 dac6da5b5d8ef3fd19075b2d01792076 
 2010.1/i586/libfreetype6-2.3.12-1.6mdv2010.2.i586.rpm
 126c1476e7276cc24637af2187a0e3c5 
 2010.1/i586/libfreetype6-devel-2.3.12-1.6mdv2010.2.i586.rpm
 ade7ba5bacaec0b7210a551e0ba59acf 
 2010.1/i586/libfreetype6-static-devel-2.3.12-1.6mdv2010.2.i586.rpm 
 b5ecd21280fcbb3d2a51916191a9bc5a 
 2010.1/SRPMS/freetype2-2.3.12-1.6mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 e72e2bde4313a068a4ca3737f7864912 
 2010.1/x86_64/lib64freetype6-2.3.12-1.6mdv2010.2.x86_64.rpm
 8df3ffd25d1472ff33db92e6a632cfab 
 2010.1/x86_64/lib64freetype6-devel-2.3.12-1.6mdv2010.2.x86_64.rpm
 8366679651112b9aa478d0804366b09e 
 2010.1/x86_64/lib64freetype6-static-devel-2.3.12-1.6mdv2010.2.x86_64.rpm 
 b5ecd21280fcbb3d2a51916191a9bc5a 
 2010.1/SRPMS/freetype2-2.3.12-1.6mdv2010.2.src.rpm

 Corporate 4.0:
 af596115027fcb710ca1195a62225901 
 corporate/4.0/i586/libfreetype6-2.1.10-9.15.20060mlcs4.i586.rpm
 10eff208220245753af10d1d80fa2cb8 
 corporate/4.0/i586/libfreetype6-devel-2.1.10-9.15.20060mlcs4.i586.rpm
 865656cb01577b054895bc4542a495eb 
 corporate/4.0/i586/libfreetype6-static-devel-2.1.10-9.15.20060mlcs4.i586.rpm 
 22318e9e96669c98132986458778d3bc 
 corporate/4.0/SRPMS/freetype2-2.1.10-9.15.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 3e8aa6b93eefa16f03b5fbde0a67b719 
 corporate/4.0/x86_64/lib64freetype6-2.1.10-9.15.20060mlcs4.x86_64.rpm
 edec00255fe1ad370c9f9e2f70368180 
 corporate/4.0/x86_64/lib64freetype6-devel-2.1.10-9.15.20060mlcs4.x86_64.rpm
 b0ebac32d771c80ff30c6e8f06221126 
 corporate/4.0/x86_64/lib64freetype6-static-devel-2.1.10-9.15.20060mlcs4.x86_64.rpm 
 22318e9e96669c98132986458778d3bc 
 corporate/4.0/SRPMS/freetype2-2.1.10-9.15.20060mlcs4.src.rpm

 Mandriva Enterprise Server 5:
 02b47687da918f6cc824c1dcba7fe038 
 mes5/i586/libfreetype6-2.3.7-1.7mdvmes5.2.i586.rpm
 4fdf12af5de34bf1b7fbb8fc346a4e78 
 mes5/i586/libfreetype6-devel-2.3.7-1.7mdvmes5.2.i586.rpm
 815fc7bbac060d668379988165f634af 
 mes5/i586/libfreetype6-static-devel-2.3.7-1.7mdvmes5.2.i586.rpm 
 9aa96b74efacc75c68e826d6e770eb89 
 mes5/SRPMS/freetype2-2.3.7-1.7mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 3cc6638a94ced9ef5cf1464356f42fec 
 mes5/x86_64/lib64freetype6-2.3.7-1.7mdvmes5.2.x86_64.rpm
 80f4a2dbda54a036b4ec7cb94ea9bc93 
 mes5/x86_64/lib64freetype6-devel-2.3.7-1.7mdvmes5.2.x86_64.rpm
 f93be214c7a6c95b27daf96759336675 
 mes5/x86_64/lib64freetype6-static-devel-2.3.7-1.7mdvmes5.2.x86_64.rpm 
 9aa96b74efacc75c68e826d6e770eb89 
 mes5/SRPMS/freetype2-2.3.7-1.7mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFOLqXvmqjQ0CJFipgRAmCmAJkBTmcXeNHhIpj8+/KRcDdWIA42qQCcCvpx
rQTpLJCJG0AKuJJtVo/I5ms=
=jxso
-----END PGP SIGNATURE-----


------------=_1311756490-2472-48
Content-Type: text/plain; charset="UTF-8";
 name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva? 
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1311756490-2472-48--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung