GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Mon Jan 23, 2012 8:26 pm Post subject: [ GLSA 201201-09 ] FreeType: Multiple vulnerabilities |
|
|
Gentoo Linux Security Advisory
Title: FreeType: Multiple vulnerabilities (GLSA 201201-09)
Severity: normal
Exploitable: remote
Date: January 23, 2012
Bug(s): #332701, #342121, #345843, #377143, #387535, #390623
ID: 201201-09
Synopsis
Multiple vulnerabilities have been found in FreeType, allowing
remote attackers to possibly execute arbitrary code or cause a Denial of
Service.
Background
FreeType is a high-quality and portable font engine.
Affected Packages
Package: media-libs/freetype
Vulnerable: < 2.4.8
Unaffected: >= 2.4.8
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in FreeType. Please review
the CVE identifiers referenced below for details.
Impact
A remote attacker could entice a user to open a specially crafted font,
possibly resulting in the remote execution of arbitrary code with the
privileges of the user running the application, or a Denial of Service.
Workaround
There is no known workaround at this time.
Resolution
All FreeType users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/freetype-2.4.8"
|
References
[url=http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1797 ]
CVE-2010-1797
[/url]
[url=http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2497 ]
CVE-2010-2497
[/url]
[url=http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2498 ]
CVE-2010-2498
[/url]
[url=http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2499 ]
CVE-2010-2499
[/url]
[url=http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2500 ]
CVE-2010-2500
[/url]
[url=http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2519 ]
CVE-2010-2519
[/url]
[url=http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2520 ]
CVE-2010-2520
[/url]
[url=http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2527 ]
CVE-2010-2527
[/url]
[url=http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2541 ]
CVE-2010-2541
[/url]
[url=http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2805 ]
CVE-2010-2805
[/url]
[url=http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2806 ]
CVE-2010-2806
[/url]
[url=http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2807 ]
CVE-2010-2807
[/url]
[url=http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2808 ]
CVE-2010-2808
[/url]
[url=http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3053 ]
CVE-2010-3053
[/url]
[url=http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3054 ]
CVE-2010-3054
[/url]
[url=http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3311 ]
CVE-2010-3311
[/url]
[url=http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3814 ]
CVE-2010-3814
[/url]
[url=http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3855 ]
CVE-2010-3855
[/url]
[url=http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0226 ]
CVE-2011-0226
[/url]
[url=http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3256 ]
CVE-2011-3256
[/url]
[url=http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3439 ]
CVE-2011-3439
[/url] |
|