Gentoo Archives: gentoo-announce

From: Sean Amoss <ackle@g.o>
To: gentoo-announce@g.o
Subject: [gentoo-announce] [ GLSA 201204-04 ] FreeType: Multiple vulnerabilities
Date: Tue, 17 Apr 2012 23:18:03
Message-Id: 4F8DF896.3040700@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201204-04
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: FreeType: Multiple vulnerabilities
9 Date: April 17, 2012
10 Bugs: #407257
11 ID: 201204-04
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in FreeType, allowing remote
19 attackers to possibly execute arbitrary code or cause Denial of
20 Service.
21
22 Background
23 ==========
24
25 FreeType is a high-quality and portable font engine.
26
27 Affected packages
28 =================
29
30 -------------------------------------------------------------------
31 Package / Vulnerable / Unaffected
32 -------------------------------------------------------------------
33 1 media-libs/freetype < 2.4.9 >= 2.4.9
34
35 Description
36 ===========
37
38 Multiple vulnerabilities have been discovered in FreeType. Please
39 review the CVE identifiers referenced below for details.
40
41 Impact
42 ======
43
44 A remote attacker could entice a user to open a specially crafted font,
45 possibly resulting in execution of arbitrary code with the privileges
46 of the user running the application, or a Denial of Service condition.
47
48 Workaround
49 ==========
50
51 There is no known workaround at this time.
52
53 Resolution
54 ==========
55
56 All FreeType users should upgrade to the latest version:
57
58 # emerge --sync
59 # emerge --ask --oneshot --verbose ">=media-libs/freetype-2.4.9"
60
61 References
62 ==========
63
64 [ 1 ] CVE-2012-1126
65 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1126
66 [ 2 ] CVE-2012-1127
67 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1127
68 [ 3 ] CVE-2012-1128
69 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1128
70 [ 4 ] CVE-2012-1129
71 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1129
72 [ 5 ] CVE-2012-1130
73 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1130
74 [ 6 ] CVE-2012-1131
75 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1131
76 [ 7 ] CVE-2012-1132
77 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1132
78 [ 8 ] CVE-2012-1133
79 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1133
80 [ 9 ] CVE-2012-1134
81 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1134
82 [ 10 ] CVE-2012-1135
83 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1135
84 [ 11 ] CVE-2012-1136
85 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1136
86 [ 12 ] CVE-2012-1137
87 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1137
88 [ 13 ] CVE-2012-1138
89 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1138
90 [ 14 ] CVE-2012-1139
91 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1139
92 [ 15 ] CVE-2012-1140
93 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1140
94 [ 16 ] CVE-2012-1141
95 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1141
96 [ 17 ] CVE-2012-1142
97 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1142
98 [ 18 ] CVE-2012-1143
99 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1143
100 [ 19 ] CVE-2012-1144
101 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1144
102
103 Availability
104 ============
105
106 This GLSA and any updates to it are available for viewing at
107 the Gentoo Security Website:
108
109 http://security.gentoo.org/glsa/glsa-201204-04.xml
110
111 Concerns?
112 =========
113
114 Security is a primary focus of Gentoo Linux and ensuring the
115 confidentiality and security of our users' machines is of utmost
116 importance to us. Any security concerns should be addressed to
117 security@g.o or alternatively, you may file a bug at
118 https://bugs.gentoo.org.
119
120 License
121 =======
122
123 Copyright 2012 Gentoo Foundation, Inc; referenced text
124 belongs to its owner(s).
125
126 The contents of this document are licensed under the
127 Creative Commons - Attribution / Share Alike license.
128
129 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature