[Updated 25th June 2008] The original packages for Scientific Linux 3 and 4 distributed with this errata had a bug which prevented freetype library from loading certain font files correctly. We have updated the packages to correct this bug. SL 3.0.x SRPMS: freetype-2.1.4-10.el3.src.rpm i386: freetype-2.1.4-10.el3.i386.rpm freetype-demos-2.1.4-10.el3.i386.rpm freetype-devel-2.1.4-10.el3.i386.rpm freetype-utils-2.1.4-10.el3.i386.rpm x86_64: freetype-2.1.4-10.el3.i386.rpm freetype-2.1.4-10.el3.x86_64.rpm freetype-demos-2.1.4-10.el3.x86_64.rpm freetype-devel-2.1.4-10.el3.x86_64.rpm freetype-utils-2.1.4-10.el3.x86_64.rpm SL 4.x SRPMS: freetype-2.1.9-8.el4.6.src.rpm i386: freetype-2.1.9-8.el4.6.i386.rpm freetype-demos-2.1.9-8.el4.6.i386.rpm freetype-devel-2.1.9-8.el4.6.i386.rpm freetype-utils-2.1.9-8.el4.6.i386.rpm x86_64: freetype-2.1.9-8.el4.6.i386.rpm freetype-2.1.9-8.el4.6.x86_64.rpm freetype-demos-2.1.9-8.el4.6.x86_64.rpm freetype-devel-2.1.9-8.el4.6.x86_64.rpm freetype-utils-2.1.9-8.el4.6.x86_64.rpm Troy Troy Dawson wrote: > Synopsis: Important: freetype security update > Issue date: 2008-06-20 > CVE Names: CVE-2008-1806 CVE-2008-1807 CVE-2008-1808 > > Multiple flaws were discovered in FreeType's Printer Font Binary (PFB) and > TrueType Font (TTF) font-file format parsers. If a user loaded a carefully > crafted font-file with a program linked against FreeType, it could cause > the application to crash, or possibly execute arbitrary code. > (CVE-2008-1806, CVE-2008-1807, CVE-2008-1808) > > Note: the flaw in FreeType's TrueType Font (TTF) font-file format parser, > covered by CVE-2008-1808, did not affect the freetype packages as shipped > in Scientific Linux 3, 4, and 5, as they are not compiled with TTF > Byte Code Interpreter (BCI) support. > > > SL 3.0.x > > SRPMS: > freetype-2.1.4-8.el3.src.rpm > i386: > freetype-2.1.4-8.el3.i386.rpm > freetype-demos-2.1.4-8.el3.i386.rpm > freetype-devel-2.1.4-8.el3.i386.rpm > freetype-utils-2.1.4-8.el3.i386.rpm > x86_64: > freetype-2.1.4-8.el3.i386.rpm > freetype-2.1.4-8.el3.x86_64.rpm > freetype-demos-2.1.4-8.el3.x86_64.rpm > freetype-devel-2.1.4-8.el3.x86_64.rpm > freetype-utils-2.1.4-8.el3.x86_64.rpm > > SL 4.x > > SRPMS: > freetype-2.1.9-7.el4.6.src.rpm > i386: > freetype-2.1.9-7.el4.6.i386.rpm > freetype-demos-2.1.9-7.el4.6.i386.rpm > freetype-devel-2.1.9-7.el4.6.i386.rpm > freetype-utils-2.1.9-7.el4.6.i386.rpm > x86_64: > freetype-2.1.9-7.el4.6.i386.rpm > freetype-2.1.9-7.el4.6.x86_64.rpm > freetype-demos-2.1.9-7.el4.6.x86_64.rpm > freetype-devel-2.1.9-7.el4.6.x86_64.rpm > freetype-utils-2.1.9-7.el4.6.x86_64.rpm > > SL 5.x > > SRPMS: > freetype-2.2.1-20.el5_2.src.rpm > i386: > freetype-2.2.1-20.el5_2.i386.rpm > freetype-demos-2.2.1-20.el5_2.i386.rpm > freetype-devel-2.2.1-20.el5_2.i386.rpm > x86_64: > freetype-2.2.1-20.el5_2.i386.rpm > freetype-2.2.1-20.el5_2.x86_64.rpm > freetype-demos-2.2.1-20.el5_2.x86_64.rpm > freetype-devel-2.2.1-20.el5_2.i386.rpm > freetype-devel-2.2.1-20.el5_2.x86_64.rpm > > -Connie Sieh > -Troy Dawson > > > -- __________________________________________________ Troy Dawson [log in to unmask] (630)840-6468 Fermilab ComputingDivision/LCSI/CSI DSS Group __________________________________________________