Joined: 12 May 2004
|Posted: Tue Jun 01, 2010 4:26 pm Post subject: [ GLSA 201006-01 ] FreeType 1: User-assisted execution of ar
|Gentoo Linux Security Advisory
Title: FreeType 1: User-assisted execution of arbitrary code (GLSA 201006-01)
Date: June 01, 2010
Multiple vulnerabilities in FreeType might result in the remote execution
of arbitrary code.
FreeType is a True Type Font rendering library.
Vulnerable: < 1.4_pre20080316-r2
Unaffected: >= 1.4_pre20080316-r2
Architectures: All supported architectures
Multiple issues found in FreeType 2 were also discovered in FreeType 1.
For details on these issues, please review the Gentoo Linux Security
Advisories and CVE identifiers referenced below.
A remote attacker could entice a user to open a specially crafted TTF
file, possibly resulting in the execution of arbitrary code with the
privileges of the user running FreeType.
There is no known workaround at this time.
All FreeType 1 users should upgrade to an unaffected version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/freetype-1.4_pre20080316-r2"
NOTE: This is a legacy GLSA. Updates for all affected architectures are
available since May 27, 2009. It is likely that your system is already
no longer affected by this issue.
Last edited by GLSA on Mon Jun 10, 2013 4:31 am; edited 1 time in total