ID

VAR-201008-0315

CVE

CVE-2010-2500

TITLE

FreeType of gray_render_span Integer overflow vulnerability in functions

DESCRIPTION

Integer overflow in the gray_render_span function in smooth/ftgrays.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. FreeType is prone to multiple remote vulnerabilities, including: Multiple buffer-overflow vulnerabilities A remote code-execution vulnerability Multiple integer-overflow vulnerabilities An attacker can exploit these issues by enticing an unsuspecting victim to open a specially crafted font file. Successful exploits may allow attackers to execute arbitrary code in the context of applications that use the affected library. Failed exploit attempts will likely result in denial-of-service conditions. Versions prior to FreeType 2.4.0 are vulnerable. It can be used to rasterize and map characters into bitmaps and provide support for other font-related businesses. Background ========== FreeType is a high-quality and portable font engine. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-libs/freetype < 2.4.8 >= 2.4.8 Description =========== Multiple vulnerabilities have been discovered in FreeType. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All FreeType users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/freetype-2.4.8" References ========== [ 1 ] CVE-2010-1797 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1797 [ 2 ] CVE-2010-2497 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2497 [ 3 ] CVE-2010-2498 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2498 [ 4 ] CVE-2010-2499 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2499 [ 5 ] CVE-2010-2500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2500 [ 6 ] CVE-2010-2519 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2519 [ 7 ] CVE-2010-2520 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2520 [ 8 ] CVE-2010-2527 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2527 [ 9 ] CVE-2010-2541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2541 [ 10 ] CVE-2010-2805 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2805 [ 11 ] CVE-2010-2806 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2806 [ 12 ] CVE-2010-2807 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2807 [ 13 ] CVE-2010-2808 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2808 [ 14 ] CVE-2010-3053 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3053 [ 15 ] CVE-2010-3054 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3054 [ 16 ] CVE-2010-3311 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3311 [ 17 ] CVE-2010-3814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3814 [ 18 ] CVE-2010-3855 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3855 [ 19 ] CVE-2011-0226 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0226 [ 20 ] CVE-2011-3256 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3256 [ 21 ] CVE-2011-3439 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3439 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201201-09.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . ---------------------------------------------------------------------- Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise an application using the library. For more information: SA40586 SA40816 SA45628 SA46575 SA46839 SA48268 SOLUTION: Apply updated packages via the zypper package manager. A heap buffer overflow was discovered in the bytecode support. The bytecode support is NOT enabled per default in Mandriva due to previous patent claims, but packages by PLF is affected (CVE-2010-2520). Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2497 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2498 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2499 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2500 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2519 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2520 http://savannah.nongnu.org/bugs/index.php?30082 http://savannah.nongnu.org/bugs/index.php?30083 http://savannah.nongnu.org/bugs/index.php?30106 http://savannah.nongnu.org/bugs/index.php?30248 http://savannah.nongnu.org/bugs/index.php?30249 http://savannah.nongnu.org/bugs/index.php?30263 http://savannah.nongnu.org/bugs/index.php?30306 http://savannah.nongnu.org/bugs/index.php?30361 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: a350e339a4fe6a22f36657cabbe6141a 2008.0/i586/libfreetype6-2.3.5-2.3mdv2008.0.i586.rpm bc9f891fe8d8a8c714d2534e06ad43d4 2008.0/i586/libfreetype6-devel-2.3.5-2.3mdv2008.0.i586.rpm a50784f5664168dc977a3ddcd493086a 2008.0/i586/libfreetype6-static-devel-2.3.5-2.3mdv2008.0.i586.rpm 1d1dbb9f37f74602796924f7ca63dce8 2008.0/SRPMS/freetype2-2.3.5-2.3mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 5ab49d2b55215d52399a254cf50a1956 2008.0/x86_64/lib64freetype6-2.3.5-2.3mdv2008.0.x86_64.rpm f820a98378b967322135bb10b75327c5 2008.0/x86_64/lib64freetype6-devel-2.3.5-2.3mdv2008.0.x86_64.rpm 61ff08937d8ae39f41a1851b2b042ff3 2008.0/x86_64/lib64freetype6-static-devel-2.3.5-2.3mdv2008.0.x86_64.rpm 1d1dbb9f37f74602796924f7ca63dce8 2008.0/SRPMS/freetype2-2.3.5-2.3mdv2008.0.src.rpm Mandriva Linux 2009.0: f017f08c4b65d81140aa847e61c234a4 2009.0/i586/libfreetype6-2.3.7-1.2mdv2009.0.i586.rpm e2a712f6d532fa7cede07ff456b1f659 2009.0/i586/libfreetype6-devel-2.3.7-1.2mdv2009.0.i586.rpm b7b0c9acd3e79d7df842a0b8708386d2 2009.0/i586/libfreetype6-static-devel-2.3.7-1.2mdv2009.0.i586.rpm 2a9fe20c41938453790e8554dd7a38b2 2009.0/SRPMS/freetype2-2.3.7-1.2mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 06e1c0b0330ea7485f0a1058e3ea410c 2009.0/x86_64/lib64freetype6-2.3.7-1.2mdv2009.0.x86_64.rpm 2e8d45b79ca52ec58b701b058d5042e5 2009.0/x86_64/lib64freetype6-devel-2.3.7-1.2mdv2009.0.x86_64.rpm 73758504e74f747a577ba14f91d1fff6 2009.0/x86_64/lib64freetype6-static-devel-2.3.7-1.2mdv2009.0.x86_64.rpm 2a9fe20c41938453790e8554dd7a38b2 2009.0/SRPMS/freetype2-2.3.7-1.2mdv2009.0.src.rpm Mandriva Linux 2009.1: df9d47720ebf2d9dcc3574a3b28f1f41 2009.1/i586/libfreetype6-2.3.9-1.3mdv2009.1.i586.rpm 32517c3e3680189ababc2bfb316dcbca 2009.1/i586/libfreetype6-devel-2.3.9-1.3mdv2009.1.i586.rpm 35577f7a2056c88f572f6bd646332b9a 2009.1/i586/libfreetype6-static-devel-2.3.9-1.3mdv2009.1.i586.rpm 2bd93e051bc87216b866f2e342868cda 2009.1/SRPMS/freetype2-2.3.9-1.3mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: 93d370c19ed7db70983a379745fd26c0 2009.1/x86_64/lib64freetype6-2.3.9-1.3mdv2009.1.x86_64.rpm 7f10623f49b55097ac9eafab3b47b0f4 2009.1/x86_64/lib64freetype6-devel-2.3.9-1.3mdv2009.1.x86_64.rpm 739ba87a09510c56db2efddcf7b025a6 2009.1/x86_64/lib64freetype6-static-devel-2.3.9-1.3mdv2009.1.x86_64.rpm 2bd93e051bc87216b866f2e342868cda 2009.1/SRPMS/freetype2-2.3.9-1.3mdv2009.1.src.rpm Mandriva Linux 2010.0: 6d902cc9de35aa3be96aedc53e42fbc8 2010.0/i586/libfreetype6-2.3.11-1.1mdv2010.0.i586.rpm 15499b1ad5daf5e8eef7bd02081b2b9a 2010.0/i586/libfreetype6-devel-2.3.11-1.1mdv2010.0.i586.rpm ed079e1c8bba12831544e89f41f61902 2010.0/i586/libfreetype6-static-devel-2.3.11-1.1mdv2010.0.i586.rpm 26c3d66563a661b2d5dd4320006608e8 2010.0/SRPMS/freetype2-2.3.11-1.1mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: a74b2d177174752d43977810e821c6c7 2010.0/x86_64/lib64freetype6-2.3.11-1.1mdv2010.0.x86_64.rpm 9c50ecf9f507944ee152f5984a79db8c 2010.0/x86_64/lib64freetype6-devel-2.3.11-1.1mdv2010.0.x86_64.rpm 3522e4b48ea9970bdd6aabfb22aa0edd 2010.0/x86_64/lib64freetype6-static-devel-2.3.11-1.1mdv2010.0.x86_64.rpm 26c3d66563a661b2d5dd4320006608e8 2010.0/SRPMS/freetype2-2.3.11-1.1mdv2010.0.src.rpm Mandriva Linux 2010.1: 0f19f70a4e6d8c02beab6648c23b8285 2010.1/i586/libfreetype6-2.3.12-1.1mdv2010.1.i586.rpm 5a934ad9a2f448f9329ec6af80333111 2010.1/i586/libfreetype6-devel-2.3.12-1.1mdv2010.1.i586.rpm 241e874e820a0970f98b707b8291c340 2010.1/i586/libfreetype6-static-devel-2.3.12-1.1mdv2010.1.i586.rpm 592e74e5a310612d4e1b8660e94a712b 2010.1/SRPMS/freetype2-2.3.12-1.1mdv2010.1.src.rpm Mandriva Linux 2010.1/X86_64: 0771262b102961d7edc94575528d5948 2010.1/x86_64/lib64freetype6-2.3.12-1.1mdv2010.1.x86_64.rpm 01f630dde7c5896f9152e2a1d1ad141d 2010.1/x86_64/lib64freetype6-devel-2.3.12-1.1mdv2010.1.x86_64.rpm 9c8e3745e78491cdfb2a039181de7e86 2010.1/x86_64/lib64freetype6-static-devel-2.3.12-1.1mdv2010.1.x86_64.rpm 592e74e5a310612d4e1b8660e94a712b 2010.1/SRPMS/freetype2-2.3.12-1.1mdv2010.1.src.rpm Corporate 4.0: b47474a48a5374b118a03dedb32675df corporate/4.0/i586/libfreetype6-2.1.10-9.10.20060mlcs4.i586.rpm ddd413cc050cc9bb5b36339b749f784a corporate/4.0/i586/libfreetype6-devel-2.1.10-9.10.20060mlcs4.i586.rpm 96eccead61eb74c0ca706349f27fd318 corporate/4.0/i586/libfreetype6-static-devel-2.1.10-9.10.20060mlcs4.i586.rpm 3d08f8107cc7abab6570adb06b985ea2 corporate/4.0/SRPMS/freetype2-2.1.10-9.10.20060mlcs4.src.rpm Corporate 4.0/X86_64: 6b01ebbb7476d3cc2d2a469d4250df63 corporate/4.0/x86_64/lib64freetype6-2.1.10-9.10.20060mlcs4.x86_64.rpm 9ace9cf4dee54ad6a78b126f3ff1cdd6 corporate/4.0/x86_64/lib64freetype6-devel-2.1.10-9.10.20060mlcs4.x86_64.rpm 7a17d135bb1d36852c271fa353e50da0 corporate/4.0/x86_64/lib64freetype6-static-devel-2.1.10-9.10.20060mlcs4.x86_64.rpm 3d08f8107cc7abab6570adb06b985ea2 corporate/4.0/SRPMS/freetype2-2.1.10-9.10.20060mlcs4.src.rpm Mandriva Enterprise Server 5: ab6b886c00b3956805885f42bb480d19 mes5/i586/libfreetype6-2.3.7-1.2mdvmes5.1.i586.rpm 184fc3238d6f761a727a51582d0ff2ff mes5/i586/libfreetype6-devel-2.3.7-1.2mdvmes5.1.i586.rpm b414bb7c2e78d7606a096bcda6ea2730 mes5/i586/libfreetype6-static-devel-2.3.7-1.2mdvmes5.1.i586.rpm d9fefde1ace3f7127c95fffb678b56bc mes5/SRPMS/freetype2-2.3.7-1.2mdvmes5.1.src.rpm Mandriva Enterprise Server 5/X86_64: 011bff1c7507d1c5b9039f9c48865f5e mes5/x86_64/lib64freetype6-2.3.7-1.2mdvmes5.1.x86_64.rpm 9a0b94b603f3765dc61590af87016b46 mes5/x86_64/lib64freetype6-devel-2.3.7-1.2mdvmes5.1.x86_64.rpm ef94a826eb1218e9f6d027f50c1abad5 mes5/x86_64/lib64freetype6-static-devel-2.3.7-1.2mdvmes5.1.x86_64.rpm d9fefde1ace3f7127c95fffb678b56bc mes5/SRPMS/freetype2-2.3.7-1.2mdvmes5.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFMQy2YmqjQ0CJFipgRAltfAJ4x+MQOm7pdWHXtx2uj6129UFUHWwCfcRSu ff6oX1VrH4m/hTnNaqDy5Nw= =XCr9 -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: FreeType Multiple Vulnerabilities SECUNIA ADVISORY ID: SA40586 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40586/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40586 RELEASE DATE: 2010-07-14 DISCUSS ADVISORY: http://secunia.com/advisories/40586/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40586/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40586 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in FreeType, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. The vulnerabilities are caused due to various errors when processing specially crafted font files, which can be exploited to e.g. cause memory corruptions and heap-based buffer overflows by e.g. tricking a user into opening specially crafted fonts in an application using the library. SOLUTION: Update to version 2.4.0. PROVIDED AND/OR DISCOVERED BY: Robert Swiecki ORIGINAL ADVISORY: Robert Swiecki: http://www.swiecki.net/security.html FreeType: http://savannah.nongnu.org/bugs/index.php?30082 http://savannah.nongnu.org/bugs/index.php?30083 http://savannah.nongnu.org/bugs/index.php?30106 http://savannah.nongnu.org/bugs/index.php?30248 http://savannah.nongnu.org/bugs/index.php?30249 http://savannah.nongnu.org/bugs/index.php?30263 http://savannah.nongnu.org/bugs/index.php?30306 http://savannah.nongnu.org/bugs/index.php?30361 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-2070-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff July 14, 2010 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : freetype Vulnerability : several Problem type : local(remote) Debian-specific: no CVE Id(s) : CVE-2010-2497 CVE-2010-2498 CVE-2010-2499 CVE-2010-2500 CVE-2010-2519 CVE-2010-2520 CVE-2010-2527 Robert Swiecki discovered several vulnerabilities in the FreeType font library, which could lead to the execution of arbitrary code if a malformed font file is processed. Also, several buffer overflows were found in the included demo programs. For the stable distribution (lenny), these problems have been fixed in version 2.3.7-2+lenny2. For the unstable distribution (sid), these problems have been fixed in version 2.4.0-1. We recommend that you upgrade your freetype packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny - -------------------------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny2.dsc Size/MD5 checksum: 1219 a5930e5dfa3757bed045a67b7ef0e3e2 http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7.orig.tar.gz Size/MD5 checksum: 1567540 c1a9f44fde316470176fd6d66af3a0e8 http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny2.diff.gz Size/MD5 checksum: 36156 f1cb13247588b40f8f6c9d232df7efde alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_alpha.deb Size/MD5 checksum: 775180 d9d1a2680550113aab5a5aa23998458e http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_alpha.deb Size/MD5 checksum: 411954 63d800f83bd77f18b9307cd77b5cfd1d http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_alpha.deb Size/MD5 checksum: 253784 b95be0af80d58e4e0818dd9b66447d9e http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_alpha.udeb Size/MD5 checksum: 296564 6e080492ee03692588c5953b36bade6d amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_amd64.udeb Size/MD5 checksum: 269680 4c9e6efc6c36f0867c74dde033b97ac8 http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_amd64.deb Size/MD5 checksum: 223010 5b9c55fc8ef35251ccdc3c1d22b13edd http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_amd64.deb Size/MD5 checksum: 713084 b5933f78399f7d690f786fb7f04d1eca http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_amd64.deb Size/MD5 checksum: 385600 741877f101eef1dd6f77aead47ddbba1 arm architecture (ARM) http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_arm.deb Size/MD5 checksum: 205134 624b8b38b6cea2d569c70a18a5f78934 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_arm.udeb Size/MD5 checksum: 242180 d7c5020f9cb5417378b80571bc2eccd4 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_arm.deb Size/MD5 checksum: 686080 a12f9cb0b5f76071ed204cfdcc571cd5 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_arm.deb Size/MD5 checksum: 356996 ff79207089cce445fa6d0514156f12cf armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_armel.deb Size/MD5 checksum: 684278 7654ae1ba45138f11c53da2acce6055c http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_armel.deb Size/MD5 checksum: 210040 2d05fa53273572a89c81c9085a291fee http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_armel.udeb Size/MD5 checksum: 236524 727d731977efad369b51fdc28d42bade http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_armel.deb Size/MD5 checksum: 353412 0bd84857e81e20c777cfaa5cf75532f2 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_hppa.deb Size/MD5 checksum: 390130 633e25d7f8c8c618d9bae093ccb82ce3 http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_hppa.deb Size/MD5 checksum: 226818 cddac3930a33e08d60652f33c9a74951 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_hppa.deb Size/MD5 checksum: 724826 9b77d359086e5379ded04c10e2acd20e http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_hppa.udeb Size/MD5 checksum: 273756 4e144120db5dcbf29368b95a783e55ca i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_i386.deb Size/MD5 checksum: 198154 db88552ea82caf3939e7b0cf50aaacd6 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_i386.deb Size/MD5 checksum: 369100 303fa098f2a6ae9b96dda6911f0bd7fb http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_i386.deb Size/MD5 checksum: 681856 df21b1a3835e262d844f60f9da27b279 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_i386.udeb Size/MD5 checksum: 254120 bfb155340e5d588d06f09901b508661b ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_ia64.deb Size/MD5 checksum: 530172 3eb3af7df07000f3f77046c21476d336 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_ia64.udeb Size/MD5 checksum: 415500 a7790020bc8e89e29d22ba21de275386 http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_ia64.deb Size/MD5 checksum: 331586 c0c579a4f47c6239c33cf1b139850d1c http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_ia64.deb Size/MD5 checksum: 876158 52006540c63793635d2dcac9f8179dbf mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_mips.deb Size/MD5 checksum: 716244 e62cde7460caa83b189326abbe6a5347 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_mips.deb Size/MD5 checksum: 370118 606f0b24f3694f40eb5331e8d74c4f3b http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_mips.deb Size/MD5 checksum: 215180 33b08b6b36a20501276e657c3613701e http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_mips.udeb Size/MD5 checksum: 253874 fe4977d926f17b3cbc338ea9926fec40 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_mipsel.udeb Size/MD5 checksum: 254212 58be71c203785b01889176e8b028afac http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_mipsel.deb Size/MD5 checksum: 215322 f376b04c5b8450a03b7299a86cc4a586 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_mipsel.deb Size/MD5 checksum: 369756 412a79e35817f664f76dcaab0df63a59 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_mipsel.deb Size/MD5 checksum: 716552 3bc89b0f776eaaf3fcd5ec8f6373b599 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_powerpc.deb Size/MD5 checksum: 379634 a6f5c6e8ff755639559e55973ec1074d http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_powerpc.deb Size/MD5 checksum: 708420 6596bcb33887463503ad0507b216e4ed http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_powerpc.deb Size/MD5 checksum: 233050 40ee5ec08547be283b808d3afd5f97ba http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_powerpc.udeb Size/MD5 checksum: 262690 ed1fff07f9e2f763ca481b2f8599e4af s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_s390.deb Size/MD5 checksum: 383824 3fbd3dc038b0ac35b961a964cb1147e6 http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_s390.deb Size/MD5 checksum: 225144 04291aff7589607427d175721aafe8c3 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_s390.udeb Size/MD5 checksum: 268070 d565627ddbf45d36920a27b8f42c1f55 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_s390.deb Size/MD5 checksum: 698596 f161a20932cbdbb2ccf4d3a30a555231 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_sparc.deb Size/MD5 checksum: 351162 9f308ff70921739fffbbfe9fca486a87 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_sparc.deb Size/MD5 checksum: 679330 4bee549927cdfc3b52fc62a5f16b3d49 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_sparc.udeb Size/MD5 checksum: 235344 ed806b039d7d8868ae9f7c89fe794629 http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_sparc.deb Size/MD5 checksum: 200794 49a26fa64c57498279481a4786919055 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAkw+GCUACgkQXm3vHE4uylrkywCgy9GpS2XDmy5Y+pj3JOVAwpFs mWwAn1lQsDqPntOyBssbJ901IHmL8FW/ =Y+AX -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . =========================================================== Ubuntu Security Notice USN-963-1 July 20, 2010 freetype vulnerabilities CVE-2010-2498, CVE-2010-2499, CVE-2010-2500, CVE-2010-2519, CVE-2010-2520, CVE-2010-2527 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 9.04 Ubuntu 9.10 Ubuntu 10.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libfreetype6 2.1.10-1ubuntu2.7 Ubuntu 8.04 LTS: libfreetype6 2.3.5-1ubuntu4.8.04.3 Ubuntu 9.04: libfreetype6 2.3.9-4ubuntu0.2 Ubuntu 9.10: libfreetype6 2.3.9-5ubuntu0.1 Ubuntu 10.04 LTS: libfreetype6 2.3.11-1ubuntu2.1 After a standard system update you need to restart your session to make all the necessary changes. Details follow: Robert Święcki discovered that FreeType did not correctly handle certain malformed font files. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.10-1ubuntu2.7.diff.gz Size/MD5: 66378 53a1e74f47f7370e6cedfd49ef33f82a http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.10-1ubuntu2.7.dsc Size/MD5: 719 4f1ab392b150b45f00d7084a2fda2e3f http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.10.orig.tar.gz Size/MD5: 1323617 adf145ce51196ad1b3054d5fb032efe6 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.7_amd64.deb Size/MD5: 717700 ef25a872834db5b57de8cba1b9d198bb http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.7_amd64.deb Size/MD5: 440434 6f785a8660ca70a43e36157b9d5db23a http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.7_amd64.deb Size/MD5: 133890 558c68a334e4bb3ebbf9bb2058234d17 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.7_amd64.udeb Size/MD5: 251848 1cf31177a65df3bb23712a9620937724 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.7_i386.deb Size/MD5: 677528 9551dffd9a301d368c799a38f7161bb4 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.7_i386.deb Size/MD5: 415952 5605ecc4398f4e1c5fa8822233b36e9b http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.7_i386.deb Size/MD5: 117280 bb7fd6d1f7eb762cf355d8c34c3da705 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.7_i386.udeb Size/MD5: 227420 27670bac197089a9588b7167679e7f05 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.7_powerpc.deb Size/MD5: 708556 09c6d8c9859b29f777e017d4532d7d6b http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.7_powerpc.deb Size/MD5: 430594 56625ca1fa70f5859a8e293a98421547 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.7_powerpc.deb Size/MD5: 134270 ef77dec93e203f782865a3142d88c180 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.7_powerpc.udeb Size/MD5: 241644 b140c31ea68f78e54096ad60e1b214d0 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.7_sparc.deb Size/MD5: 683840 184e946cc8d89d1d169b4047e27c92b0 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.7_sparc.deb Size/MD5: 411518 a420b09b4f205bf6e55e7aa4782c88fc http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.7_sparc.deb Size/MD5: 120116 9c8db36770be6466ef897314ea4abc4b http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.7_sparc.udeb Size/MD5: 222590 905398b9656ebc72cc70b7bdca894ab2 Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.5-1ubuntu4.8.04.3.diff.gz Size/MD5: 37126 04fe68272c3a06e116a13e89f1ea4f13 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.5-1ubuntu4.8.04.3.dsc Size/MD5: 907 b46efc68ee637cb27c2a76d4594b5615 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.5.orig.tar.gz Size/MD5: 1536077 4a5bdbe1ab92f3fe4c4816f9934a5ec2 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.3_amd64.deb Size/MD5: 694110 b35305e27ad2531fd774c19748efde7b http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.3_amd64.deb Size/MD5: 361814 cec5f15ce8a397d8212f764ff7e25f0b http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.3_amd64.deb Size/MD5: 221334 56fd8a5204e014256105d1e7d833f275 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.3_amd64.udeb Size/MD5: 258230 21b232b84b12f335843504b49d9ff284 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.3_i386.deb Size/MD5: 663244 3f15ca19cbe6fc05840409958cea65b1 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.3_i386.deb Size/MD5: 346772 99afdc331b475c43beda28d4459ff4e5 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.3_i386.deb Size/MD5: 201222 d8487d4840b48cc60370daddc3fc61ab http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.3_i386.udeb Size/MD5: 243290 a9a85de7d9467d99e5fec169bfaa9908 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.3_lpia.deb Size/MD5: 665008 d19873caab8d82d40d046cf98350fb98 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.3_lpia.deb Size/MD5: 346972 580b60a5a20371df70d770e5b45d3d67 http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.3_lpia.deb Size/MD5: 205460 dadb0d5ffc952504953c15d41d0a2356 http://ports.ubuntu.com/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.3_lpia.udeb Size/MD5: 244160 d60ef9b4abdb4d345c382c3950075544 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.3_powerpc.deb Size/MD5: 687172 978bb494ab76f8a150dc9f1886df2873 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.3_powerpc.deb Size/MD5: 357724 f6c2693b012c775e7f85bea30e7d6ac7 http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.3_powerpc.deb Size/MD5: 235556 7c13b39c41718a3e7e594a08a9c42fd9 http://ports.ubuntu.com/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.3_powerpc.udeb Size/MD5: 254440 80ad8bcba1a39760e217dc91f447aacd sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.3_sparc.deb Size/MD5: 657974 d1d6d8ab63f4e6624b1c7b69756d02f9 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.3_sparc.deb Size/MD5: 331648 8b2df436ad35d4c71c90ebfe1ed86c5d http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.3_sparc.deb Size/MD5: 199746 4da2f86265e6a7714fbe0bde32f22154 http://ports.ubuntu.com/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.3_sparc.udeb Size/MD5: 227682 dcf258655d624daa833a315fa68af6ae Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9-4ubuntu0.2.diff.gz Size/MD5: 39290 799e4e568b9806952f927c4b3a896f87 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9-4ubuntu0.2.dsc Size/MD5: 1311 ea7ece62a87ca6a90244d4a419ac6259 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9.orig.tar.gz Size/MD5: 1624314 7b2ab681f1a436876ed888041204e478 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.9-4ubuntu0.2_amd64.deb Size/MD5: 729182 0db366c000c726419ef46d0d2047adcd http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.9-4ubuntu0.2_amd64.udeb Size/MD5: 272744 96613f4e2ed3cc1217c9ac9ad2e8f8fa http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.9-4ubuntu0.2_amd64.deb Size/MD5: 406484 9580234639381beaf1e1e0ba1707b7e5 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.9-4ubuntu0.2_amd64.deb Size/MD5: 226422 89ab56c75fbe22efb8140ca82960ddfd i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.9-4ubuntu0.2_i386.deb Size/MD5: 697534 1cf3d4991a00804ea20d7898cfddd6ca http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.9-4ubuntu0.2_i386.udeb Size/MD5: 257702 f96e5175f5ebfb858718498a5ac62971 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.9-4ubuntu0.2_i386.deb Size/MD5: 391938 509d532cba962f210ee2223d51f7f001 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.9-4ubuntu0.2_i386.deb Size/MD5: 198728 7930d58edf1ab1c3380e102b82ac5170 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-4ubuntu0.2_lpia.deb Size/MD5: 698598 a88f33a3010d4b7f8d331dd0346b22d4 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-4ubuntu0.2_lpia.udeb Size/MD5: 257644 6aed18309e225f9b1413f5c85696d725 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-4ubuntu0.2_lpia.deb Size/MD5: 392384 40c1a93c1b72421ca40f0a7b80f91882 http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-4ubuntu0.2_lpia.deb Size/MD5: 201552 a9d7be5b254bead82386687714cf778e powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-4ubuntu0.2_powerpc.deb Size/MD5: 719872 60ff1a115a7254f82b8d80b6c6ef6b74 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-4ubuntu0.2_powerpc.udeb Size/MD5: 265648 72e68838b98843ff0515af3b854065f0 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-4ubuntu0.2_powerpc.deb Size/MD5: 399740 ce2b8574754fb9a6c08bfdff0f3b8aa4 http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-4ubuntu0.2_powerpc.deb Size/MD5: 227856 fa508302d46bb73c1b2a13aa11871239 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-4ubuntu0.2_sparc.deb Size/MD5: 689132 c3d269891e090d405b2cf7da96e77341 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-4ubuntu0.2_sparc.udeb Size/MD5: 238116 7487d5f6c08361212430bca6261ef016 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-4ubuntu0.2_sparc.deb Size/MD5: 371970 95d02ed537411018ac66a3a91bc82093 http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-4ubuntu0.2_sparc.deb Size/MD5: 201374 5c0f80146fd1366e88c75fd427b04f56 Updated packages for Ubuntu 9.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9-5ubuntu0.1.diff.gz Size/MD5: 38847 6694e4319b4b87a7366381ff0f4066ca http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9-5ubuntu0.1.dsc Size/MD5: 1311 4aacd927d22517066aa795b0b4637c57 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9.orig.tar.gz Size/MD5: 1624314 7b2ab681f1a436876ed888041204e478 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.9-5ubuntu0.1_amd64.deb Size/MD5: 730814 04cbd59abf8eb133c93b5052881758c5 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.9-5ubuntu0.1_amd64.udeb Size/MD5: 274918 10491ab571ad8cc4314b53ae3a905809 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.9-5ubuntu0.1_amd64.deb Size/MD5: 408744 d9ed733aef1661ebe41bbc7cbf2c4f82 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.9-5ubuntu0.1_amd64.deb Size/MD5: 230716 be893e6cffe7985b67d8cfa4a52ed99d i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.9-5ubuntu0.1_i386.deb Size/MD5: 696776 9d749fe8de579cb210a0da29681ef8f0 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.9-5ubuntu0.1_i386.udeb Size/MD5: 258496 1fdd1a45327b4289e58fae36a93a6de7 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.9-5ubuntu0.1_i386.deb Size/MD5: 393238 5a0daf57499a91de25f76ccea6274279 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.9-5ubuntu0.1_i386.deb Size/MD5: 195654 d7f4aafc59c8d61608ff6469356945d3 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-5ubuntu0.1_lpia.deb Size/MD5: 699162 446907e7a2853e3e27ad182fc87dd763 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-5ubuntu0.1_lpia.udeb Size/MD5: 259118 7d849cb8ef0ecafcacd8805aa5704f21 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-5ubuntu0.1_lpia.deb Size/MD5: 393668 9d9b9fcffa4bf4551b7f82a8a817b967 http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-5ubuntu0.1_lpia.deb Size/MD5: 198448 5a680f80d2ae1815a4ab891cfeab51c9 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-5ubuntu0.1_powerpc.deb Size/MD5: 719470 dc2557d025bf350eca70fb9b12e77a72 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-5ubuntu0.1_powerpc.udeb Size/MD5: 264240 017ed182ca776de01b1f4a31c28807f3 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-5ubuntu0.1_powerpc.deb Size/MD5: 398432 673f831700bd5078dab940620328d16d http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-5ubuntu0.1_powerpc.deb Size/MD5: 203786 ad1d3625e2712b5290c1abdcf46c556f sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-5ubuntu0.1_sparc.deb Size/MD5: 690882 474956a99bd530921143a5deaedb922a http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-5ubuntu0.1_sparc.udeb Size/MD5: 240326 43beb7cf66c7e9473280672381d539b2 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-5ubuntu0.1_sparc.deb Size/MD5: 374390 636de364e467d9400a8237ef636b5bb4 http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-5ubuntu0.1_sparc.deb Size/MD5: 195772 0152eff0742d67f470d6a7e5d79ba410 Updated packages for Ubuntu 10.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.11-1ubuntu2.1.diff.gz Size/MD5: 37792 91c5ee03d36da51a835976e0ff1c688e http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.11-1ubuntu2.1.dsc Size/MD5: 1313 34b2898a751164cadbd59572bf0eacc8 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.11.orig.tar.gz Size/MD5: 1709600 5aa22c0bc6aa3815b40a309ead2b9d1b amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.11-1ubuntu2.1_amd64.deb Size/MD5: 739366 b8e244fef49b2422e180b5fc37d4fc7b http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.11-1ubuntu2.1_amd64.udeb Size/MD5: 277296 09c42186549e22f61dedc77f162bade9 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.11-1ubuntu2.1_amd64.deb Size/MD5: 434322 e62e542678e479a90938357c14f0a86a http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.11-1ubuntu2.1_amd64.deb Size/MD5: 221370 39c8dcc460781359a5283df0aba0792d i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.11-1ubuntu2.1_i386.deb Size/MD5: 704664 64c3751c6f9341a4bd432cccc4d611ae http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.11-1ubuntu2.1_i386.udeb Size/MD5: 260696 636de26225eae8f7c480738545ecaeae http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.11-1ubuntu2.1_i386.deb Size/MD5: 418488 db37df9fc07ace0ef2ded4d9a7a91637 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.11-1ubuntu2.1_i386.deb Size/MD5: 188672 cc48be4e042eb3215c50bec8ed566a91 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.11-1ubuntu2.1_powerpc.deb Size/MD5: 727760 c1f31e0952484cb3a154c30d8efabe2e http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.11-1ubuntu2.1_powerpc.udeb Size/MD5: 266454 89a1057d4e013fae1c7265199a3b6627 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.11-1ubuntu2.1_powerpc.deb Size/MD5: 423818 28a622d650c3c9e0db13a20f1d69acb1 http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.11-1ubuntu2.1_powerpc.deb Size/MD5: 196646 44a6cb7e6084c96fb95e36723e187b56 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.11-1ubuntu2.1_sparc.deb Size/MD5: 707062 4a3a0b8a2b1a3e3d19a219ebef461380 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.11-1ubuntu2.1_sparc.udeb Size/MD5: 250700 e827e5ab700b21f343e44a4da45253b7 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.11-1ubuntu2.1_sparc.deb Size/MD5: 407810 423b481bec4b66ec2375c34a6ce4e153 http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.11-1ubuntu2.1_sparc.deb Size/MD5: 198278 0c059b0b2d188a61c50ea61aeededad8

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

input validation error

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Robert Swiecki robert@swiecki.net

SOURCES

LAST UPDATE DATE

2024-11-23T20:18:07.416000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE