Subject: | |
From: | |
Reply To: | |
Date: | Mon, 23 Jun 2008 14:18:34 -0500 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Synopsis: Important: freetype security update
Issue date: 2008-06-20
CVE Names: CVE-2008-1806 CVE-2008-1807 CVE-2008-1808
Multiple flaws were discovered in FreeType's Printer Font Binary (PFB) and
TrueType Font (TTF) font-file format parsers. If a user loaded a carefully
crafted font-file with a program linked against FreeType, it could cause
the application to crash, or possibly execute arbitrary code.
(CVE-2008-1806, CVE-2008-1807, CVE-2008-1808)
Note: the flaw in FreeType's TrueType Font (TTF) font-file format parser,
covered by CVE-2008-1808, did not affect the freetype packages as shipped
in Scientific Linux 3, 4, and 5, as they are not compiled with TTF
Byte Code Interpreter (BCI) support.
SL 3.0.x
SRPMS:
freetype-2.1.4-8.el3.src.rpm
i386:
freetype-2.1.4-8.el3.i386.rpm
freetype-demos-2.1.4-8.el3.i386.rpm
freetype-devel-2.1.4-8.el3.i386.rpm
freetype-utils-2.1.4-8.el3.i386.rpm
x86_64:
freetype-2.1.4-8.el3.i386.rpm
freetype-2.1.4-8.el3.x86_64.rpm
freetype-demos-2.1.4-8.el3.x86_64.rpm
freetype-devel-2.1.4-8.el3.x86_64.rpm
freetype-utils-2.1.4-8.el3.x86_64.rpm
SL 4.x
SRPMS:
freetype-2.1.9-7.el4.6.src.rpm
i386:
freetype-2.1.9-7.el4.6.i386.rpm
freetype-demos-2.1.9-7.el4.6.i386.rpm
freetype-devel-2.1.9-7.el4.6.i386.rpm
freetype-utils-2.1.9-7.el4.6.i386.rpm
x86_64:
freetype-2.1.9-7.el4.6.i386.rpm
freetype-2.1.9-7.el4.6.x86_64.rpm
freetype-demos-2.1.9-7.el4.6.x86_64.rpm
freetype-devel-2.1.9-7.el4.6.x86_64.rpm
freetype-utils-2.1.9-7.el4.6.x86_64.rpm
SL 5.x
SRPMS:
freetype-2.2.1-20.el5_2.src.rpm
i386:
freetype-2.2.1-20.el5_2.i386.rpm
freetype-demos-2.2.1-20.el5_2.i386.rpm
freetype-devel-2.2.1-20.el5_2.i386.rpm
x86_64:
freetype-2.2.1-20.el5_2.i386.rpm
freetype-2.2.1-20.el5_2.x86_64.rpm
freetype-demos-2.2.1-20.el5_2.x86_64.rpm
freetype-devel-2.2.1-20.el5_2.i386.rpm
freetype-devel-2.2.1-20.el5_2.x86_64.rpm
-Connie Sieh
-Troy Dawson
|
|
|