Synopsis: Important: freetype security update Issue date: 2009-05-22 CVE Names: CVE-2006-1861 CVE-2007-2754 CVE-2008-1808 CVE-2009-0946 Tavis Ormandy of the Google Security Team discovered several integer overflow flaws in the FreeType 2 font engine. If a user loaded a carefully-crafted font file with an application linked against FreeType 2, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2009-0946) Chris Evans discovered multiple integer overflow flaws in the FreeType font engine. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2006-1861) An integer overflow flaw was found in the way the FreeType font engine processed TrueTypeŽ Font (TTF) files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2007-2754) A flaw was discovered in the FreeType TTF font-file format parser when the TrueType virtual machine Byte Code Interpreter (BCI) is enabled. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2008-1808) The X server must be restarted (log out, then log back in) for this update to take effect. SL 3.0.x SRPMS: freetype-2.1.4-12.el3.src.rpm i386: freetype-2.1.4-12.el3.i386.rpm freetype-demos-2.1.4-12.el3.i386.rpm freetype-devel-2.1.4-12.el3.i386.rpm freetype-utils-2.1.4-12.el3.i386.rpm x86_64: freetype-2.1.4-12.el3.i386.rpm freetype-2.1.4-12.el3.x86_64.rpm freetype-demos-2.1.4-12.el3.x86_64.rpm freetype-devel-2.1.4-12.el3.x86_64.rpm freetype-utils-2.1.4-12.el3.x86_64.rpm SL 4.x SRPMS: freetype-2.1.9-10.el4.7.src.rpm i386: freetype-2.1.9-10.el4.7.i386.rpm freetype-demos-2.1.9-10.el4.7.i386.rpm freetype-devel-2.1.9-10.el4.7.i386.rpm freetype-utils-2.1.9-10.el4.7.i386.rpm x86_64: freetype-2.1.9-10.el4.7.i386.rpm freetype-demos-2.1.9-10.el4.7.i386.rpm freetype-devel-2.1.9-10.el4.7.i386.rpm freetype-utils-2.1.9-10.el4.7.i386.rpm SL 5.x SRPMS: freetype-2.2.1-21.el5_3.src.rpm i386: freetype-2.2.1-21.el5_3.i386.rpm freetype-demos-2.2.1-21.el5_3.i386.rpm freetype-devel-2.2.1-21.el5_3.i386.rpm x86_64: freetype-2.2.1-21.el5_3.i386.rpm freetype-2.2.1-21.el5_3.x86_64.rpm freetype-demos-2.2.1-21.el5_3.x86_64.rpm freetype-devel-2.2.1-21.el5_3.i386.rpm freetype-devel-2.2.1-21.el5_3.x86_64.rpm -Connie Sieh -Troy Dawson