Login
Newsletter
Werbung

Sicherheit: Pufferüberlauf in freetype2
Aktuelle Meldungen Distributionen
Name: Pufferüberlauf in freetype2
ID: MDKSA-2006:129
Distribution: Mandriva
Plattformen: Mandriva Corporate 3.0, Mandriva Multi Network Firewall 2.0, Mandriva 2006.0
Datum: Do, 20. Juli 2006, 16:50
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3467
Applikationen: Freetype

Originalnachricht

This is a multi-part message in MIME format...

------------=_1153407030-9299-242


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:129
http://www.mandriva.com/security/
_______________________________________________________________________

Package : freetype2
Date : July 20, 2006
Affected: 2006.0, Corporate 3.0, Multi Network Firewall 2.0
_______________________________________________________________________

Problem Description:

An additional overflow, similar to those corrected by patches for
CVE-2006-1861 was found in libfreetype. If a user loads a carefully
crafted font file with a program linked against FreeType, it could cause
the application to crash or execute arbitrary code as the user.

Updated packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3467
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2006.0:
58610d57ba81e18fd281de0723377d15
2006.0/RPMS/libfreetype6-2.1.10-9.4.20060mdk.i586.rpm
acc57dee23d472c2dd67a7dfd4f31178
2006.0/RPMS/libfreetype6-devel-2.1.10-9.4.20060mdk.i586.rpm
0cb439096b7c68f7b087494f460733ef
2006.0/RPMS/libfreetype6-static-devel-2.1.10-9.4.20060mdk.i586.rpm
21644362815c06ab64672919b74d4482
2006.0/SRPMS/freetype2-2.1.10-9.4.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
bc9d61266c643afb4c621b69fe773d1f
x86_64/2006.0/RPMS/lib64freetype6-2.1.10-9.4.20060mdk.x86_64.rpm
7b2e091d9d451c0ca78bc1a30ca65abe
x86_64/2006.0/RPMS/lib64freetype6-devel-2.1.10-9.4.20060mdk.x86_64.rpm
98930009ac9bc59a90045801db3e9884
x86_64/2006.0/RPMS/lib64freetype6-static-devel-2.1.10-9.4.20060mdk.x86_64.rpm
58610d57ba81e18fd281de0723377d15
x86_64/2006.0/RPMS/libfreetype6-2.1.10-9.4.20060mdk.i586.rpm
acc57dee23d472c2dd67a7dfd4f31178
x86_64/2006.0/RPMS/libfreetype6-devel-2.1.10-9.4.20060mdk.i586.rpm
0cb439096b7c68f7b087494f460733ef
x86_64/2006.0/RPMS/libfreetype6-static-devel-2.1.10-9.4.20060mdk.i586.rpm
21644362815c06ab64672919b74d4482
x86_64/2006.0/SRPMS/freetype2-2.1.10-9.4.20060mdk.src.rpm

Corporate 3.0:
a178787bfed2fb14fa946da97a617cc3
corporate/3.0/RPMS/libfreetype6-2.1.7-4.3.C30mdk.i586.rpm
1635f5556cadc0cac6d069face4456a2
corporate/3.0/RPMS/libfreetype6-devel-2.1.7-4.3.C30mdk.i586.rpm
445a95dba634a31197305bc82a87879d
corporate/3.0/RPMS/libfreetype6-static-devel-2.1.7-4.3.C30mdk.i586.rpm
aae2d49840b8ceed17dd373ecaf1edc3
corporate/3.0/SRPMS/freetype2-2.1.7-4.3.C30mdk.src.rpm

Corporate 3.0/X86_64:
8a7688a1f8ab362b8994cf15babb6a26
x86_64/corporate/3.0/RPMS/lib64freetype6-2.1.7-4.3.C30mdk.x86_64.rpm
0590279a78710bf68de62333f594ec83
x86_64/corporate/3.0/RPMS/lib64freetype6-devel-2.1.7-4.3.C30mdk.x86_64.rpm
42fedd6e54d1f483e5f8655b7e1607b2
x86_64/corporate/3.0/RPMS/lib64freetype6-static-devel-2.1.7-4.3.C30mdk.x86_64.rpm
a178787bfed2fb14fa946da97a617cc3
x86_64/corporate/3.0/RPMS/libfreetype6-2.1.7-4.3.C30mdk.i586.rpm
aae2d49840b8ceed17dd373ecaf1edc3
x86_64/corporate/3.0/SRPMS/freetype2-2.1.7-4.3.C30mdk.src.rpm

Multi Network Firewall 2.0:
1a19681d0cbdcf910097685bd6ea4f49
mnf/2.0/RPMS/libfreetype6-2.1.7-4.3.M20mdk.i586.rpm
e8d868b0dfc94e945d096896b8b9e0ec
mnf/2.0/SRPMS/freetype2-2.1.7-4.3.M20mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEv2f7mqjQ0CJFipgRAh4KAJ9Zh4S5ATdPwUBE4P8eTH4qvIoA4wCfWT5p
1068arET28g/esaIHIzlrP4=
=Zo9b
-----END PGP SIGNATURE-----


------------=_1153407030-9299-242
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1153407030-9299-242--
Pro-Linux
Frohe Ostern
Neue Nachrichten
Werbung