Stay Connected:

ELSA-2010-0578

ELSA-2010-0578 - freetype security update

Type:SECURITY
Severity:IMPORTANT
Release Date:2010-07-30

Description



[2.2.1-25]
- Add freetype-2.2.1-axis-name-overflow.patch
(Avoid overflow when dealing with names of axes)
- Resolves: #614012

[2.2.1-24]
- Modify freetype-2.2.1-CVE-2010-2519.patch (additional fix)
(If the type of the POST fragment is 0, the segment is completely ignored)
- Resolves: #614012

[2.2.1-23]
- Add freetype-2.2.1-CVE-2010-2527.patch
(Use precision for '%s' where appropriate to avoid buffer overflows)
- Resolves: #614012

[2.2.1-22]
- Add freetype-2.2.1-CVE-2010-2498.patch
(Assure that 'end_point' is not larger than 'glyph->num_points')
- Add freetype-2.2.1-CVE-2010-2499.patch
(Check the buffer size during gathering PFB fragments)
- Add freetype-2.2.1-CVE-2010-2500.patch
(Use smaller threshold values for 'width' and 'height')
- Add freetype-2.2.1-CVE-2010-2519.patch
(Check 'rlen' the length of fragment declared in the POST fragment header)
- Resolves: #614012


Related CVEs


CVE-2010-2498
CVE-2010-2499
CVE-2010-2500
CVE-2010-2519
CVE-2010-2527
CVE-2010-2541

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 4 (i386) freetype-2.1.9-14.el4.8.src.rpmd674a4d2527df3839ece639dc7537909ELSA-2011-1455
freetype-2.1.9-14.el4.8.i386.rpm51891f91aff538dd36b3834773f9be42ELSA-2011-1455
freetype-demos-2.1.9-14.el4.8.i386.rpm2f9db4096b3feb73e19e4114e54ee5a2ELSA-2011-1455
freetype-devel-2.1.9-14.el4.8.i386.rpmd2b5cb7e0257628c1ab2c6a6cc7bcfe6ELSA-2011-1455
freetype-utils-2.1.9-14.el4.8.i386.rpm2a2f5efeb3715e230729dc71415ee6efELSA-2011-1455
Oracle Linux 4 (ia64) freetype-2.1.9-14.el4.8.src.rpmd674a4d2527df3839ece639dc7537909ELSA-2011-1455
freetype-2.1.9-14.el4.8.i386.rpm51891f91aff538dd36b3834773f9be42ELSA-2011-1455
freetype-2.1.9-14.el4.8.ia64.rpmbe87610df0608ef05e40e34af8a2c01eELSA-2011-1455
freetype-demos-2.1.9-14.el4.8.ia64.rpm33e2d78552925da887805d017ed60c28ELSA-2011-1455
freetype-devel-2.1.9-14.el4.8.ia64.rpmf5adaea3c06a21df8b29331234017a26ELSA-2011-1455
freetype-utils-2.1.9-14.el4.8.ia64.rpmb22bb31fccbd88701fbafda3b30fea68ELSA-2011-1455
Oracle Linux 4 (x86_64) freetype-2.1.9-14.el4.8.src.rpmd674a4d2527df3839ece639dc7537909ELSA-2011-1455
freetype-2.1.9-14.el4.8.i386.rpm51891f91aff538dd36b3834773f9be42ELSA-2011-1455
freetype-2.1.9-14.el4.8.x86_64.rpm56297a4a2ee7cd0225dd8bbb8a41dc1aELSA-2011-1455
freetype-demos-2.1.9-14.el4.8.x86_64.rpmf936a2fe1fbacf43045e5050b5905de2ELSA-2011-1455
freetype-devel-2.1.9-14.el4.8.x86_64.rpm60c6e9d81ab8a1729306da2a36c6ffbeELSA-2011-1455
freetype-utils-2.1.9-14.el4.8.x86_64.rpmb6b1aafffd0b61b174a99bd6187e97e0ELSA-2011-1455
Oracle Linux 5 (i386) freetype-2.2.1-25.el5_5.src.rpm76da7428e1d7759895ea4a91512e32ceELSA-2013-0216
freetype-2.2.1-25.el5_5.i386.rpm497b26710bd6a0fae8dbfd053d1a90b3ELSA-2013-0216
freetype-demos-2.2.1-25.el5_5.i386.rpmfaa7d79a6b13a99ef11ad0ab198f5cdbELSA-2013-0216
freetype-devel-2.2.1-25.el5_5.i386.rpm093e507f64e08edcb779f12ae59005f1ELSA-2013-0216
Oracle Linux 5 (ia64) freetype-2.2.1-25.el5_5.src.rpm76da7428e1d7759895ea4a91512e32ceELSA-2013-0216
freetype-2.2.1-25.el5_5.i386.rpm497b26710bd6a0fae8dbfd053d1a90b3ELSA-2013-0216
freetype-2.2.1-25.el5_5.ia64.rpme44076bbcea039d798d0878151a18238ELSA-2013-0216
freetype-demos-2.2.1-25.el5_5.ia64.rpm08ad711d45d33041b93635dbd390692bELSA-2013-0216
freetype-devel-2.2.1-25.el5_5.ia64.rpm713a7824285f16232c8144c0eb8e9dd4ELSA-2013-0216
Oracle Linux 5 (x86_64) freetype-2.2.1-25.el5_5.src.rpm76da7428e1d7759895ea4a91512e32ceELSA-2013-0216
freetype-2.2.1-25.el5_5.i386.rpm497b26710bd6a0fae8dbfd053d1a90b3ELSA-2013-0216
freetype-2.2.1-25.el5_5.x86_64.rpm447eeb6ebd9a8a10f3426c689ad640b9ELSA-2013-0216
freetype-demos-2.2.1-25.el5_5.x86_64.rpm813df8fa5c8ffb642c461fcf10f7571dELSA-2013-0216
freetype-devel-2.2.1-25.el5_5.i386.rpm093e507f64e08edcb779f12ae59005f1ELSA-2013-0216
freetype-devel-2.2.1-25.el5_5.x86_64.rpm49313507af70d1fd13c6321deb104ce3ELSA-2013-0216



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete
Subscribe | Careers | Contact Us | Legal Notices | Terms of Use | Your Privacy Rights