Joined: 12 May 2004
|Posted: Tue Jun 01, 2010 4:26 pm Post subject: [ GLSA 201006-01 ] FreeType 1: User-assisted execution of ar
|Gentoo Linux Security Advisory
Title: FreeType 1: User-assisted execution of arbitrary code (GLSA 201006-01)
Date: June 01, 2010
Multiple vulnerabilities in FreeType might result in the remote execution
of arbitrary code.
FreeType is a True Type Font rendering library.
Vulnerable: < 1.4_pre20080316-r2
Unaffected: >= 1.4_pre20080316-r2
Architectures: All supported architectures
Multiple issues found in FreeType 2 were also discovered in FreeType 1.
For details on these issues, please review the Gentoo Linux Security
Advisories and CVE identifiers referenced below.
A remote attacker could entice a user to open a specially crafted TTF
file, possibly resulting in the execution of arbitrary code with the
privileges of the user running FreeType.
There is no known workaround at this time.
All FreeType 1 users should upgrade to an unaffected version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/freetype-1.4_pre20080316-r2"
NOTE: This is a legacy GLSA. Updates for all affected architectures are
available since May 27, 2009. It is likely that your system is already
no longer affected by this issue.