Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:24241
HistoryJul 16, 2010 - 12:00 a.m.

[SECURITY] [DSA 2070-1] New freetype packages fix several vulnerabilities

2010-07-1600:00:00
vulners.com
14
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Debian Security Advisory DSA-2070-1 [email protected]
http://www.debian.org/security/ Moritz Muehlenhoff
July 14, 2010 http://www.debian.org/security/faq

Package : freetype
Vulnerability : several
Problem type : local(remote)
Debian-specific: no
CVE Id(s) : CVE-2010-2497 CVE-2010-2498 CVE-2010-2499 CVE-2010-2500 CVE-2010-2519 CVE-2010-2520 CVE-2010-2527

Robert Swiecki discovered several vulnerabilities in the FreeType font
library, which could lead to the execution of arbitrary code if a
malformed font file is processed.

Also, several buffer overflows were found in the included demo programs.

For the stable distribution (lenny), these problems have been fixed in
version 2.3.7-2+lenny2.

For the unstable distribution (sid), these problems have been fixed in
version 2.4.0-1.

We recommend that you upgrade your freetype packages.

Upgrade instructions

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 5.0 alias lenny

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny2.dsc
Size/MD5 checksum: 1219 a5930e5dfa3757bed045a67b7ef0e3e2
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7.orig.tar.gz
Size/MD5 checksum: 1567540 c1a9f44fde316470176fd6d66af3a0e8
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny2.diff.gz
Size/MD5 checksum: 36156 f1cb13247588b40f8f6c9d232df7efde

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_alpha.deb
Size/MD5 checksum: 775180 d9d1a2680550113aab5a5aa23998458e
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_alpha.deb
Size/MD5 checksum: 411954 63d800f83bd77f18b9307cd77b5cfd1d
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_alpha.deb
Size/MD5 checksum: 253784 b95be0af80d58e4e0818dd9b66447d9e
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_alpha.udeb
Size/MD5 checksum: 296564 6e080492ee03692588c5953b36bade6d

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_amd64.udeb
Size/MD5 checksum: 269680 4c9e6efc6c36f0867c74dde033b97ac8
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_amd64.deb
Size/MD5 checksum: 223010 5b9c55fc8ef35251ccdc3c1d22b13edd
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_amd64.deb
Size/MD5 checksum: 713084 b5933f78399f7d690f786fb7f04d1eca
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_amd64.deb
Size/MD5 checksum: 385600 741877f101eef1dd6f77aead47ddbba1

arm architecture (ARM)

http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_arm.deb
Size/MD5 checksum: 205134 624b8b38b6cea2d569c70a18a5f78934
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_arm.udeb
Size/MD5 checksum: 242180 d7c5020f9cb5417378b80571bc2eccd4
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_arm.deb
Size/MD5 checksum: 686080 a12f9cb0b5f76071ed204cfdcc571cd5
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_arm.deb
Size/MD5 checksum: 356996 ff79207089cce445fa6d0514156f12cf

armel architecture (ARM EABI)

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_armel.deb
Size/MD5 checksum: 684278 7654ae1ba45138f11c53da2acce6055c
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_armel.deb
Size/MD5 checksum: 210040 2d05fa53273572a89c81c9085a291fee
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_armel.udeb
Size/MD5 checksum: 236524 727d731977efad369b51fdc28d42bade
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_armel.deb
Size/MD5 checksum: 353412 0bd84857e81e20c777cfaa5cf75532f2

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_hppa.deb
Size/MD5 checksum: 390130 633e25d7f8c8c618d9bae093ccb82ce3
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_hppa.deb
Size/MD5 checksum: 226818 cddac3930a33e08d60652f33c9a74951
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_hppa.deb
Size/MD5 checksum: 724826 9b77d359086e5379ded04c10e2acd20e
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_hppa.udeb
Size/MD5 checksum: 273756 4e144120db5dcbf29368b95a783e55ca

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_i386.deb
Size/MD5 checksum: 198154 db88552ea82caf3939e7b0cf50aaacd6
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_i386.deb
Size/MD5 checksum: 369100 303fa098f2a6ae9b96dda6911f0bd7fb
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_i386.deb
Size/MD5 checksum: 681856 df21b1a3835e262d844f60f9da27b279
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_i386.udeb
Size/MD5 checksum: 254120 bfb155340e5d588d06f09901b508661b

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_ia64.deb
Size/MD5 checksum: 530172 3eb3af7df07000f3f77046c21476d336
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_ia64.udeb
Size/MD5 checksum: 415500 a7790020bc8e89e29d22ba21de275386
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_ia64.deb
Size/MD5 checksum: 331586 c0c579a4f47c6239c33cf1b139850d1c
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_ia64.deb
Size/MD5 checksum: 876158 52006540c63793635d2dcac9f8179dbf

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_mips.deb
Size/MD5 checksum: 716244 e62cde7460caa83b189326abbe6a5347
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_mips.deb
Size/MD5 checksum: 370118 606f0b24f3694f40eb5331e8d74c4f3b
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_mips.deb
Size/MD5 checksum: 215180 33b08b6b36a20501276e657c3613701e
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_mips.udeb
Size/MD5 checksum: 253874 fe4977d926f17b3cbc338ea9926fec40

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_mipsel.udeb
Size/MD5 checksum: 254212 58be71c203785b01889176e8b028afac
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_mipsel.deb
Size/MD5 checksum: 215322 f376b04c5b8450a03b7299a86cc4a586
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_mipsel.deb
Size/MD5 checksum: 369756 412a79e35817f664f76dcaab0df63a59
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_mipsel.deb
Size/MD5 checksum: 716552 3bc89b0f776eaaf3fcd5ec8f6373b599

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_powerpc.deb
Size/MD5 checksum: 379634 a6f5c6e8ff755639559e55973ec1074d
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_powerpc.deb
Size/MD5 checksum: 708420 6596bcb33887463503ad0507b216e4ed
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_powerpc.deb
Size/MD5 checksum: 233050 40ee5ec08547be283b808d3afd5f97ba
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_powerpc.udeb
Size/MD5 checksum: 262690 ed1fff07f9e2f763ca481b2f8599e4af

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_s390.deb
Size/MD5 checksum: 383824 3fbd3dc038b0ac35b961a964cb1147e6
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_s390.deb
Size/MD5 checksum: 225144 04291aff7589607427d175721aafe8c3
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_s390.udeb
Size/MD5 checksum: 268070 d565627ddbf45d36920a27b8f42c1f55
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_s390.deb
Size/MD5 checksum: 698596 f161a20932cbdbb2ccf4d3a30a555231

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_sparc.deb
Size/MD5 checksum: 351162 9f308ff70921739fffbbfe9fca486a87
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_sparc.deb
Size/MD5 checksum: 679330 4bee549927cdfc3b52fc62a5f16b3d49
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_sparc.udeb
Size/MD5 checksum: 235344 ed806b039d7d8868ae9f7c89fe794629
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_sparc.deb
Size/MD5 checksum: 200794 49a26fa64c57498279481a4786919055

These files will probably be moved into the stable distribution on
its next update.

For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: [email protected]
Package info: `apt-cache show <pkg>' and http://packages.debian.org/&lt;pkg&gt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkw+GCUACgkQXm3vHE4uylrkywCgy9GpS2XDmy5Y+pj3JOVAwpFs
mWwAn1lQsDqPntOyBssbJ901IHmL8FW/
=Y+AX
-----END PGP SIGNATURE-----

Related

debian 1
openvas 27
nessus 26
n0where 1
ubuntu 1
oraclelinux 2
centos 2
redhat 3
fedora 4
securityvulns 2
gentoo 1
cve 7
veracode 5
prion 7
ubuntucve 7
debiancve 7
suse 1
debian
debian
[SECURITY] [DSA 2070-1] New freetype packages fix several vulnerabilities
2010-07-14 20:04:45
openvas
openvas
FreeType Memory Corruption and Buffer Overflow Vulnerabilities (Windows)
2010-09-01 00:00:00
Debian Security Advisory DSA 2070-1 (freetype)
2010-07-22 00:00:00
FreeType Memory Corruption and Buffer Overflow Vulnerabilities (Windows)
2010-09-01 00:00:00
nessus
nessus
Debian DSA-2070-1 : freetype - several vulnerabilities
2010-07-15 00:00:00
Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : freetype vulnerabilities (USN-963-1)
2010-07-21 00:00:00
Mandriva Linux Security Advisory : freetype2 (MDVSA-2010:137)
2010-07-30 00:00:00
n0where
n0where
General Purpose Fuzzing: Honggfuzz
2015-06-05 15:50:13
ubuntu
ubuntu
FreeType vulnerabilities
2010-07-20 00:00:00
oraclelinux
oraclelinux
freetype security update
2010-07-30 00:00:00
freetype security update
2010-07-30 00:00:00
centos
centos
freetype security update
2010-08-03 00:36:19
freetype security update
2010-08-16 21:19:51
redhat
redhat
(RHSA-2010:0578) Important: freetype security update
2010-07-30 00:00:00
(RHSA-2010:0577) Important: freetype security update
2010-07-30 00:00:00
(RHSA-2010:0622) Important: rhev-hypervisor security and bug fix update
2010-08-19 00:00:00
fedora
fedora
[SECURITY] Fedora 13 Update: freetype-2.3.11-6.fc13
2010-10-19 07:23:19
[SECURITY] Fedora 12 Update: freetype-2.3.11-6.fc12
2010-11-01 20:53:44
[SECURITY] Fedora 13 Update: freetype-2.3.11-7.fc13
2010-11-21 21:52:29
securityvulns
securityvulns
freetype library multiple security vulnerabilities
2011-11-27 00:00:00
About the security content of Mac OS X v10.6.5 and Security Update 2010-007
2010-11-18 00:00:00
gentoo
gentoo
FreeType: Multiple vulnerabilities
2012-01-23 00:00:00
cve
cve
CVE-2010-2527
2010-08-19 18:00:00
CVE-2010-2499
2010-08-19 18:00:00
CVE-2010-2498
2010-08-19 18:00:00
veracode
veracode
Buffer Overflow
2020-04-10 00:49:48
Arbitrary Code Execution
2020-04-10 00:49:49
Denial Of Service (DoS)
2020-04-10 00:49:48
prion
prion
Buffer overflow
2010-08-19 18:00:00
Integer overflow
2010-08-19 18:00:00
Heap overflow
2010-08-19 18:00:00
ubuntucve
ubuntucve
CVE-2010-2527
2010-07-20 00:00:00
CVE-2010-2500
2010-07-20 00:00:00
CVE-2010-2499
2010-07-20 00:00:00
debiancve
debiancve
CVE-2010-2499
2010-08-19 18:00:00
CVE-2010-2520
2010-08-19 18:00:00
CVE-2010-2498
2010-08-19 18:00:00
suse
suse
Security update for freetype2 (important)
2012-04-23 18:08:18
JSON
Related for SECURITYVULNS:DOC:24241
debian1openvas27nessus26n0where1ubuntu1oraclelinux2centos2redhat3fedora4securityvulns2gentoo1cve7veracode5prion7ubuntucve7debiancve7suse1