GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Tue Jun 01, 2010 4:26 pm Post subject: [ GLSA 201006-01 ] FreeType 1: User-assisted execution of ar |
|
|
Gentoo Linux Security Advisory
Title: FreeType 1: User-assisted execution of arbitrary code (GLSA 201006-01)
Severity: normal
Exploitable: remote
Date: June 01, 2010
Bug(s): #271234
ID: 201006-01
Synopsis
Multiple vulnerabilities in FreeType might result in the remote execution
of arbitrary code.
Background
FreeType is a True Type Font rendering library.
Affected Packages
Package: media-libs/freetype
Vulnerable: < 1.4_pre20080316-r2
Unaffected: >= 1.4_pre20080316-r2
Architectures: All supported architectures
Description
Multiple issues found in FreeType 2 were also discovered in FreeType 1.
For details on these issues, please review the Gentoo Linux Security
Advisories and CVE identifiers referenced below.
Impact
A remote attacker could entice a user to open a specially crafted TTF
file, possibly resulting in the execution of arbitrary code with the
privileges of the user running FreeType.
Workaround
There is no known workaround at this time.
Resolution
All FreeType 1 users should upgrade to an unaffected version:
Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/freetype-1.4_pre20080316-r2" |
NOTE: This is a legacy GLSA. Updates for all affected architectures are
available since May 27, 2009. It is likely that your system is already
no longer affected by this issue.
References
CVE-2006-1861
CVE-2007-2754
GLSA 200607-02
GLSA 200705-22
Last edited by GLSA on Mon Jun 10, 2013 4:31 am; edited 1 time in total |
|