Ubuntu

FreeType security fixes in 2.4.2

Reported by Martin Bretschneider on 2010-08-12
260
This bug affects 1 person
Affects Status Importance Assigned to Milestone
freetype (Ubuntu)
Undecided
Unassigned
Dapper
Undecided
Unassigned
Hardy
Undecided
Unassigned
Jaunty
Undecided
Unassigned
Karmic
Undecided
Unassigned
Lucid
Undecided
Unassigned
Maverick
Undecided
Unassigned

Bug Description

Binary package hint: libfreetype6

Hi,

there have been important security fixes in freetype 2.4.1 and 2.4.2. See the reports on http://www.freetype.org/index2.html#release-freetype-2.4.2, http://www.h-online.com/open/news/item/Critical-hole-closed-in-Foxit-Reader-1053040.htmland http://www.kb.cert.org/vuls/id/275247

In Debian Unstable they have already uploaded an updated package: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=592399

Marc Deslauriers (mdeslaur) wrote :

freetype 2.4.2 is now in maverick.

visibility: private → public
Changed in freetype (Ubuntu Maverick):
status: New → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package freetype - 2.3.11-1ubuntu2.2

---------------
freetype (2.3.11-1ubuntu2.2) lucid-security; urgency=low

  * SECURITY UPDATE: possible arbitrary code execution via buffer overflow
    in CFF Type2 CharStrings interpreter (LP: #617019)
    - debian/patches-freetype/CVE-2010-1797.patch: check number of operands
      in src/cff/cffgload.c.
    - CVE-2010-1797
  * SECURITY UPDATE: possible arbitrary code execution via buffer overflow
    in the ftmulti demo program (LP: #617019)
    - debian/patches-ft2demos/CVE-2010-2541.patch: use strncat and adjust
      sizes in src/ftmulti.c.
    - CVE-2010-2541
  * SECURITY UPDATE: possible arbitrary code execution via improper bounds
    checking (LP: #617019)
    - debian/patches-freetype/CVE-2010-2805.patch: fix calculation in
      src/base/ftstream.c.
    - CVE-2010-2805
  * SECURITY UPDATE: possible arbitrary code execution via improper bounds
    checking (LP: #617019)
    - debian/patches-freetype/CVE-2010-2806.patch: check string sizes in
      src/type42/t42parse.c.
    - CVE-2010-2806
  * SECURITY UPDATE: possible arbitrary code execution via improper type
    comparisons (LP: #617019)
    - debian/patches-freetype/CVE-2010-2807.patch: perform better bounds
      checking in src/smooth/ftsmooth.c, src/truetype/ttinterp.*.
    - CVE-2010-2807
  * SECURITY UPDATE: possible arbitrary code execution via memory
    corruption in Adobe Type 1 Mac Font File (LWFN) fonts (LP: #617019)
    - debian/patches-freetype/CVE-2010-2808.patch: check rlen in
      src/base/ftobjs.c.
    - CVE-2010-2808
  * SECURITY UPDATE: denial of service via bdf font (LP: #617019)
    - debian/patches-freetype/bug30135.patch: don't modify value in static
      string in src/bdf/bdflib.c.
 -- Marc Deslauriers <email address hidden> Fri, 13 Aug 2010 08:26:33 -0400

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package freetype - 2.3.9-5ubuntu0.2

---------------
freetype (2.3.9-5ubuntu0.2) karmic-security; urgency=low

  * SECURITY UPDATE: possible arbitrary code execution via buffer overflow
    in CFF Type2 CharStrings interpreter (LP: #617019)
    - debian/patches-freetype/CVE-2010-1797.patch: check number of operands
      in src/cff/cffgload.c.
    - CVE-2010-1797
  * SECURITY UPDATE: possible arbitrary code execution via buffer overflow
    in the ftmulti demo program (LP: #617019)
    - debian/patches-ft2demos/CVE-2010-2541.patch: use strncat and adjust
      sizes in src/ftmulti.c.
    - CVE-2010-2541
  * SECURITY UPDATE: possible arbitrary code execution via improper bounds
    checking (LP: #617019)
    - debian/patches-freetype/CVE-2010-2805.patch: fix calculation in
      src/base/ftstream.c.
    - CVE-2010-2805
  * SECURITY UPDATE: possible arbitrary code execution via improper bounds
    checking (LP: #617019)
    - debian/patches-freetype/CVE-2010-2806.patch: check string sizes in
      src/type42/t42parse.c.
    - CVE-2010-2806
  * SECURITY UPDATE: possible arbitrary code execution via improper type
    comparisons (LP: #617019)
    - debian/patches-freetype/CVE-2010-2807.patch: perform better bounds
      checking in src/smooth/ftsmooth.c, src/truetype/ttinterp.*.
    - CVE-2010-2807
  * SECURITY UPDATE: possible arbitrary code execution via memory
    corruption in Adobe Type 1 Mac Font File (LWFN) fonts (LP: #617019)
    - debian/patches-freetype/CVE-2010-2808.patch: check rlen in
      src/base/ftobjs.c.
    - CVE-2010-2808
  * SECURITY UPDATE: denial of service via bdf font (LP: #617019)
    - debian/patches-freetype/bug30135.patch: don't modify value in static
      string in src/bdf/bdflib.c.
  * SECURITY UPDATE: denial of service via nested "seac" calls
    - debian/patches-freetype/nested-seac.patch: handle nested calls
      correctly in include/freetype/internal/psaux.h, src/cff/cffgload.c,
      src/cff/cffgload.h, src/psaux/t1decode.c.
 -- Marc Deslauriers <email address hidden> Fri, 13 Aug 2010 10:05:35 -0400

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package freetype - 2.3.9-4ubuntu0.3

---------------
freetype (2.3.9-4ubuntu0.3) jaunty-security; urgency=low

  * SECURITY UPDATE: possible arbitrary code execution via buffer overflow
    in CFF Type2 CharStrings interpreter (LP: #617019)
    - debian/patches-freetype/CVE-2010-1797.patch: check number of operands
      in src/cff/cffgload.c.
    - CVE-2010-1797
  * SECURITY UPDATE: possible arbitrary code execution via buffer overflow
    in the ftmulti demo program (LP: #617019)
    - debian/patches-ft2demos/CVE-2010-2541.patch: use strncat and adjust
      sizes in src/ftmulti.c.
    - CVE-2010-2541
  * SECURITY UPDATE: possible arbitrary code execution via improper bounds
    checking (LP: #617019)
    - debian/patches-freetype/CVE-2010-2805.patch: fix calculation in
      src/base/ftstream.c.
    - CVE-2010-2805
  * SECURITY UPDATE: possible arbitrary code execution via improper bounds
    checking (LP: #617019)
    - debian/patches-freetype/CVE-2010-2806.patch: check string sizes in
      src/type42/t42parse.c.
    - CVE-2010-2806
  * SECURITY UPDATE: possible arbitrary code execution via improper type
    comparisons (LP: #617019)
    - debian/patches-freetype/CVE-2010-2807.patch: perform better bounds
      checking in src/smooth/ftsmooth.c, src/truetype/ttinterp.*.
    - CVE-2010-2807
  * SECURITY UPDATE: possible arbitrary code execution via memory
    corruption in Adobe Type 1 Mac Font File (LWFN) fonts (LP: #617019)
    - debian/patches-freetype/CVE-2010-2808.patch: check rlen in
      src/base/ftobjs.c.
    - CVE-2010-2808
  * SECURITY UPDATE: denial of service via bdf font (LP: #617019)
    - debian/patches-freetype/bug30135.patch: don't modify value in static
      string in src/bdf/bdflib.c.
  * SECURITY UPDATE: denial of service via nested "seac" calls
    - debian/patches-freetype/nested-seac.patch: handle nested calls
      correctly in include/freetype/internal/psaux.h, src/cff/cffgload.c,
      src/cff/cffgload.h, src/psaux/t1decode.c.
 -- Marc Deslauriers <email address hidden> Fri, 13 Aug 2010 10:23:02 -0400

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package freetype - 2.3.5-1ubuntu4.8.04.4

---------------
freetype (2.3.5-1ubuntu4.8.04.4) hardy-security; urgency=low

  * SECURITY UPDATE: possible arbitrary code execution via buffer overflow
    in CFF Type2 CharStrings interpreter (LP: #617019)
    - debian/patches-freetype/CVE-2010-1797.patch: check number of operands
      in src/cff/cffgload.c.
    - CVE-2010-1797
  * SECURITY UPDATE: possible arbitrary code execution via buffer overflow
    in the ftmulti demo program (LP: #617019)
    - debian/patches-ft2demos/CVE-2010-2541.patch: use strncat and adjust
      sizes in src/ftmulti.c.
    - CVE-2010-2541
  * SECURITY UPDATE: possible arbitrary code execution via improper bounds
    checking (LP: #617019)
    - debian/patches-freetype/CVE-2010-2805.patch: fix calculation in
      src/base/ftstream.c.
    - CVE-2010-2805
  * SECURITY UPDATE: possible arbitrary code execution via improper bounds
    checking (LP: #617019)
    - debian/patches-freetype/CVE-2010-2806.patch: check string sizes in
      src/type42/t42parse.c.
    - CVE-2010-2806
  * SECURITY UPDATE: possible arbitrary code execution via improper type
    comparisons (LP: #617019)
    - debian/patches-freetype/CVE-2010-2807.patch: perform better bounds
      checking in src/smooth/ftsmooth.c, src/truetype/ttinterp.*.
    - CVE-2010-2807
  * SECURITY UPDATE: possible arbitrary code execution via memory
    corruption in Adobe Type 1 Mac Font File (LWFN) fonts (LP: #617019)
    - debian/patches-freetype/CVE-2010-2808.patch: check rlen in
      src/base/ftobjs.c.
    - CVE-2010-2808
  * SECURITY UPDATE: denial of service via bdf font (LP: #617019)
    - debian/patches-freetype/bug30135.patch: don't modify value in static
      string in src/bdf/bdflib.c.
 -- Marc Deslauriers <email address hidden> Fri, 13 Aug 2010 10:35:08 -0400

Changed in freetype (Ubuntu Hardy):
status: New → Fix Released
Changed in freetype (Ubuntu Jaunty):
status: New → Fix Released
Changed in freetype (Ubuntu Karmic):
status: New → Fix Released
Changed in freetype (Ubuntu Lucid):
status: New → Fix Released
Changed in freetype (Ubuntu Dapper):
status: New → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers