--===============8100407764447662423== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="3V7upXqbjpZ4EhLz" Content-Disposition: inline
--3V7upXqbjpZ4EhLz Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
========================================================================== Ubuntu Security Notice USN-1403-1 March 23, 2012
freetype vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS
Summary:
FreeType could be made to crash or run programs as your login if it opened a specially crafted font file.
Software Description: - freetype: FreeType 2 is a font engine library
Details:
Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed BDF font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. (CVE-2012-1126)
Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed BDF font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. (CVE-2012-1127)
Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed TrueType font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. (CVE-2012-1128)
Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed Type42 font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. (CVE-2012-1129)
Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed PCF font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. (CVE-2012-1130)
Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed TrueType font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. (CVE-2012-1131)
Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed Type1 font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. (CVE-2012-1132)
Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed BDF font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. (CVE-2012-1133)
Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed Type1 font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. (CVE-2012-1134)
Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed TrueType font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. (CVE-2012-1135)
Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed BDF font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. (CVE-2012-1136)
Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed BDF font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. (CVE-2012-1137)
Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed TrueType font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. (CVE-2012-1138)
Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed BDF font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. (CVE-2012-1139)
Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed PostScript font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. (CVE-2012-1140)
Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed BDF font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. (CVE-2012-1141)
Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed Windows FNT/FON font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. (CVE-2012-1142)
Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. (CVE-2012-1143)
Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed TrueType font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. (CVE-2012-1144)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 11.10: libfreetype6 2.4.4-2ubuntu1.2
Ubuntu 11.04: libfreetype6 2.4.4-1ubuntu2.3
Ubuntu 10.10: libfreetype6 2.4.2-2ubuntu0.4
Ubuntu 10.04 LTS: libfreetype6 2.3.11-1ubuntu2.6
Ubuntu 8.04 LTS: libfreetype6 2.3.5-1ubuntu4.8.04.9
After a standard system update you need to restart your session to make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-1403-1 CVE-2012-1126, CVE-2012-1127, CVE-2012-1128, CVE-2012-1129, CVE-2012-1130, CVE-2012-1131, CVE-2012-1132, CVE-2012-1133, CVE-2012-1134, CVE-2012-1135, CVE-2012-1136, CVE-2012-1137, CVE-2012-1138, CVE-2012-1139, CVE-2012-1140, CVE-2012-1141, CVE-2012-1142, CVE-2012-1143, CVE-2012-1144
Package Information: https://launchpad.net/ubuntu/+source/freetype/2.4.4-2ubuntu1.2 https://launchpad.net/ubuntu/+source/freetype/2.4.4-1ubuntu2.3 https://launchpad.net/ubuntu/+source/freetype/2.4.2-2ubuntu0.4 https://launchpad.net/ubuntu/+source/freetype/2.3.11-1ubuntu2.6 https://launchpad.net/ubuntu/+source/freetype/2.3.5-1ubuntu4.8.04.9
--3V7upXqbjpZ4EhLz Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBCgAGBQJPa/RPAAoJENaSAD2qAscK3V0QAJdxoxVlDtEjsIjc0hXL1HNV HZDAaittSao3Hd0R6vkKy1O77ConaKQetrnKgBZ2L87EoC+g5hqegR30wNwwJlq7 5JFUgKRjFllPXTWWTxKQc/3fYJaq1QXSTizilOPtWxTi64VylwGNqFh8Wts9Ytv2 S36Om4P0IVEFB3aH/P3am7KTsXaZY9AFNyRw2AbVb3yJXvznf5MfMvS9krHxrtTQ G/t4iFTvc1ZOcgBrVO+c7N7Jt8si5R/O/yeW/kv+k/1ed7ZE4XQawrdMdD1GVrWj FNHTJaA+YfMshKjyoMXI9W3M2aBz/sMpFa2zMBpTXkh7jg1i5tbZYlcH6aq3i+3X XJySjQUoL8Z7s0tVVrFj7zEkTmjNeAoyvD6vuaSwhR55jAp3TBRpRXd1BsLRxrXV /GxFUQwUdBw6H+NGDF2FPpS+xlI47ELz9tfPwNuyM+uzDJHVTc8TuBb2epQ/lic3 ozjeYO1qJT/KGrecxrZ/uUdCsHDZDJasw7dJY1+b2Uvcpn6dnl7Qv39di9evCJhz hBR06Yizh1bgAbDiKKnHBLrTGSVfG9vp9BOx7aYWlNOCCUa1Dy3einfgm6fyGWAY /qRV4FxH27cGf7QIHSLUZzU0aVij3j0y17OE8juTdj9Z1PaLNLKrJJuc5LpDg5GM L+OGFmz0fcLFkesOsnTm =fPyE -----END PGP SIGNATURE-----
--3V7upXqbjpZ4EhLz--
--===============8100407764447662423== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============8100407764447662423==--
|