Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecurityNotifies] [SECURITY] [DSA-2116-1] New freetype packages integer overflow

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecurityNotifies] [SECURITY] [DSA-2116-1] New freetype packages integer overflow


Chronologisch Thread 
  • From: Stefan Fritsch <sf AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecurityNotifies] [SECURITY] [DSA-2116-1] New freetype packages integer overflow
  • Date: Mon, 04 Oct 2010 21:03:33 +0000
  • List-archive: <https://service.piratenpartei.de/pipermail/it-securitynotifies>
  • List-id: Sicherheitsankündigungen <it-securitynotifies.lists.piratenpartei.de>
  • Old-return-path: <sf AT chopin.debian.org>
  • Priority: urgent
  • Resent-date: Mon, 4 Oct 2010 21:03:44 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <9mlyp5KkSEJ.A.y9B.wEkqMB@liszt>
  • Resent-sender: debian-security-announce-request AT lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-2116-1 security AT debian.org
http://www.debian.org/security/ Stefan Fritsch
October 4, 2010 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : freetype
Vulnerability : integer overflow
Problem type : local (remote)
Debian-specific: no
CVE Id(s) : CVE-2010-3311

Marc Schoenefeld has found an input stream position error in the
way the FreeType font rendering engine processed input file streams.
If a user loaded a specially-crafted font file with an application
linked against FreeType and relevant font glyphs were subsequently
rendered with the X FreeType library (libXft), it could cause the
application to crash or, possibly execute arbitrary code.

After the upgrade, all running applications and services that use
libfreetype6 should be restarted. In most cases, logging out and
in again should be enough. The script checkrestart from the
debian-goodies package or lsof may help to find out which
processes are still using the old version of libfreetype6.

For the stable distribution (lenny), these problems have been fixed in
version 2.3.7-2+lenny4.

The testing distribution (squeeze) and the unstable distribution (sid)
are not affected by this problem.

We recommend that you upgrade your freetype packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 5.0 alias lenny (stable)
- -----------------------------------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64,
mips, mipsel, powerpc, s390 and sparc.

Source archives:


http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny4.dsc
Size/MD5 checksum: 1211 e8eb7bb3966d14fc5b66857a7300e6b2

http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7.orig.tar.gz
Size/MD5 checksum: 1567540 c1a9f44fde316470176fd6d66af3a0e8

http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny4.diff.gz
Size/MD5 checksum: 39401 d1d5bb90167dec40ba9c7d994ccefeef

alpha architecture (DEC Alpha)


http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny4_alpha.deb
Size/MD5 checksum: 253790 be62a4d4ef74375620fd1ba0e4748ca2

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny4_alpha.udeb
Size/MD5 checksum: 296640 3fc9c9db1b1f31fea8c072f1600a0cc3

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny4_alpha.deb
Size/MD5 checksum: 412358 cec01c79c128cd15812695a0b0874506

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny4_alpha.deb
Size/MD5 checksum: 775326 410bc831483dccfc0a6c18de7e71cba9

amd64 architecture (AMD x86_64 (AMD64))


http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny4_amd64.deb
Size/MD5 checksum: 223156 d92fce04f6d6eb160f3a69a6170094fe

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny4_amd64.deb
Size/MD5 checksum: 713268 1328888db2fe01093eb46b1d136b393e

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny4_amd64.deb
Size/MD5 checksum: 385884 3b31b35c1268c5fe9e7d9c2f88721c4c

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny4_amd64.udeb
Size/MD5 checksum: 269788 8c8b189b990973dea4dc649a3ee1f375

arm architecture (ARM)


http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny4_arm.deb
Size/MD5 checksum: 357226 e30d0721701c76d97d834f972cb6e6f4

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny4_arm.deb
Size/MD5 checksum: 686184 002d550193037299794065785dbbe415

http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny4_arm.deb
Size/MD5 checksum: 205108 871c6d806eca839ffae94a99bcfb57ae

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny4_arm.udeb
Size/MD5 checksum: 242208 4d86dc1a4ab0c534a16e99deebc1fc74

armel architecture (ARM EABI)


http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny4_armel.udeb
Size/MD5 checksum: 236558 e01e2ed47b976afb2f2cf076d774dc22

http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny4_armel.deb
Size/MD5 checksum: 212146 b91df649946fd0fec0ec5e2af160605e

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny4_armel.deb
Size/MD5 checksum: 683786 7f107b637d992d5985b119509d9e22dd

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny4_armel.deb
Size/MD5 checksum: 353416 6cf178afdf3a4834811e9e468dbf4c5f

hppa architecture (HP PA RISC)


http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny4_hppa.udeb
Size/MD5 checksum: 273970 c7b3ba59505abbbc513b05aa6344d2f8

http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny4_hppa.deb
Size/MD5 checksum: 226860 4f784b27a1bdc448ef773e745ae57c8a

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny4_hppa.deb
Size/MD5 checksum: 725000 b2be1195d0d730de3b0212882beb5ab8

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny4_hppa.deb
Size/MD5 checksum: 390482 9bedead1c79c9ab100235a35cb8292fd

i386 architecture (Intel ia32)


http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny4_i386.udeb
Size/MD5 checksum: 254446 0711a5a4840a60609eab1600f30059cc

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny4_i386.deb
Size/MD5 checksum: 371210 0c0ec7ed3c5431522854a63a2472c086

http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny4_i386.deb
Size/MD5 checksum: 198090 45eebe4364c5e521ac11a81930adb4ac

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny4_i386.deb
Size/MD5 checksum: 685642 61507372e1025b8541a8c40df5d79223

ia64 architecture (Intel ia64)


http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny4_ia64.deb
Size/MD5 checksum: 332158 07f8c38bd1b9f9f0978e979c9dc41f58

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny4_ia64.deb
Size/MD5 checksum: 531594 1ba8db18cff071df85cdd6395041803b

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny4_ia64.deb
Size/MD5 checksum: 876664 edfe5969841a9ac149880160e4721bc4

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny4_ia64.udeb
Size/MD5 checksum: 415940 a97a09ae4359e987a1f307ccd75011a1

mips architecture (MIPS (Big Endian))


http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny4_mips.deb
Size/MD5 checksum: 713372 060d1f519ca44e9f2929c6cc497f5f32

http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny4_mips.deb
Size/MD5 checksum: 215354 9422bf4b37031064897f240e6a16e4bd

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny4_mips.udeb
Size/MD5 checksum: 253938 240a257d6ab5e675a8d7df4ca73d741c

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny4_mips.deb
Size/MD5 checksum: 371116 f2f555ec73c128068561881dba4180ac

mipsel architecture (MIPS (Little Endian))


http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny4_mipsel.deb
Size/MD5 checksum: 712500 50aaf715f150fc91713a48c8b56fc050

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny4_mipsel.deb
Size/MD5 checksum: 369826 34836bde5ab656b14aab11ac2ba377d8

http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny4_mipsel.deb
Size/MD5 checksum: 214786 47342e0e3cf8557cf03957bc3f38ccf1

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny4_mipsel.udeb
Size/MD5 checksum: 254202 9a9268e23a621915d184707265333d86

powerpc architecture (PowerPC)


http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny4_powerpc.udeb
Size/MD5 checksum: 262836 1d44f167d8f5ab27294a52ffebe6b24a

http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny4_powerpc.deb
Size/MD5 checksum: 233042 36bc26f025938280a60c057eee8b4d93

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny4_powerpc.deb
Size/MD5 checksum: 708572 c4f579af34066f88cf439d7b1afb06b5

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny4_powerpc.deb
Size/MD5 checksum: 380014 4309a48f707cfc5a441ba51057ac9ce2

s390 architecture (IBM S/390)


http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny4_s390.udeb
Size/MD5 checksum: 268250 fbd854913af557572f94b970c1ee2987

http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny4_s390.deb
Size/MD5 checksum: 225934 7805a7ead0b6d2f9d7d5fd5fab380c62

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny4_s390.deb
Size/MD5 checksum: 701510 a06b2eb1f6394beb9d914e3f3a4d54e4

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny4_s390.deb
Size/MD5 checksum: 384504 0daf1dc1ae9b76b788d14f9ef3190071

sparc architecture (Sun SPARC/UltraSPARC)


http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny4_sparc.deb
Size/MD5 checksum: 200090 e60c90c32352f007aa5b7802bbb80fef

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny4_sparc.deb
Size/MD5 checksum: 676516 98868c5cef925d1fbd114c15de7496e8

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny4_sparc.udeb
Size/MD5 checksum: 235422 c5fe1c8052ea0b30e73ace12b69116d0

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny4_sparc.deb
Size/MD5 checksum: 352580 295ebded2e16cfd43dad6a1fb91b31a8


These files will probably be moved into the stable distribution on
its next update.

-
---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: debian-security-announce AT lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iD8DBQFMqkDMbxelr8HyTqQRApVJAKCDYKJ4tC1LyqB8DkEQljZR6m04ZwCfdRCo
GLkEe4NAF79Hx3b0dh6FOcA=
=4lhT
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-security-announce-REQUEST AT lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster AT lists.debian.org
Archive: E1P2sC5-0002W4-7h AT chopin.debian.org">http://lists.debian.org/E1P2sC5-0002W4-7h AT chopin.debian.org




  • [IT-SecurityNotifies] [SECURITY] [DSA-2116-1] New freetype packages integer overflow, Stefan Fritsch, 04.10.2010

Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang