Advisories (MDKSA-2006:099 ): freetype2

[aru]

Mandriva Advisories MDKSA-2006:099 : freetype2

 

Updated freetype2 packages fixes multiple vulnerabilities.

June 12th, 2006

 

Integer underflow in Freetype before 2.2 allows remote attackers to cause

 

a denial of service (crash) via a font file with an odd number of blue

 

values, which causes the underflow when decrementing by 2 in a context

 

that assumes an even number of values. (CVE-2006-0747)

 

 

 

Multiple integer overflows in FreeType before 2.2 allow remote attackers to

 

cause a denial of service (crash) and possibly execute arbitrary code via

 

attack vectors related to (1) bdf/bdflib.c, (2) sfnt/ttcmap.c,

 

(3) cff/cffgload.c, and (4) the read_lwfn function and a crafted LWFN file

 

in base/ftmac.c. (CVE-2006-1861)

 

 

 

Ftutil.c in Freetype before 2.2 allows remote attackers to cause a denial

 

of service (crash) via a crafted font file that triggers a null dereference.

 

(CVE-2006-2661)

 

 

 

In addition, a patch is applied to 2.1.10 in Mandriva 2006 to fix a serious

 

bug in ttkern.c that caused some programs to go into an infinite loop when

 

dealing with fonts that don't have a properly sorted kerning sub-table.

 

This patch is not applicable to the earlier Mandriva releases.

 

 

 

Packages have been patched to correct this issue.

 

 

The released versions of Mandriva GNU/Linux affected are:

• CS3.0
  
• MNF2.0
  
• 10.2
  
• 2006.0
  

Full information about this advisory, including the updated packages, is available at:

www.mandriva.com/security/advisories?name=MDKSA-2006:099

 

Other references:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2661

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1861

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0747

 

Posted automatically by aru (mdksec2mub v: mdksec2mub,v 1.2 2006/06/01 20:04:28 pituko Exp $)