Lucene search

K
centosCentOS ProjectCESA-2008:0556
HistoryJun 20, 2008 - 3:05 p.m.

freetype security update

2008-06-2015:05:03
CentOS Project
lists.centos.org
48

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.021 Low

EPSS

Percentile

89.1%

CentOS Errata and Security Advisory CESA-2008:0556

FreeType is a free, high-quality, portable font engine that can open and
manage font files, as well as efficiently load, hint and render individual
glyphs.

Multiple flaws were discovered in FreeType’s Printer Font Binary (PFB)
font-file format parser. If a user loaded a carefully crafted font-file
with a program linked against FreeType, it could cause the application to
crash, or possibly execute arbitrary code. (CVE-2008-1806, CVE-2008-1807,
CVE-2008-1808)

Note: the flaw in FreeType’s TrueType Font (TTF) font-file format parser,
covered by CVE-2008-1808, did not affect the freetype packages as shipped
in Red Hat Enterprise Linux 3, 4, and 5, as they are not compiled with TTF
Byte Code Interpreter (BCI) support.

Users of freetype should upgrade to these updated packages, which contain
backported patches to resolve these issues.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2008-June/077154.html
https://lists.centos.org/pipermail/centos-announce/2008-June/077155.html
https://lists.centos.org/pipermail/centos-announce/2008-June/077156.html
https://lists.centos.org/pipermail/centos-announce/2008-June/077157.html
https://lists.centos.org/pipermail/centos-announce/2008-June/077158.html
https://lists.centos.org/pipermail/centos-announce/2008-June/077159.html
https://lists.centos.org/pipermail/centos-announce/2008-June/077162.html
https://lists.centos.org/pipermail/centos-announce/2008-June/077163.html
https://lists.centos.org/pipermail/centos-announce/2008-June/077168.html
https://lists.centos.org/pipermail/centos-announce/2008-June/077169.html
https://lists.centos.org/pipermail/centos-announce/2008-June/077186.html
https://lists.centos.org/pipermail/centos-announce/2008-June/077187.html
https://lists.centos.org/pipermail/centos-announce/2008-June/089967.html
https://lists.centos.org/pipermail/centos-announce/2008-June/089968.html
https://lists.centos.org/pipermail/centos-announce/2008-June/089969.html
https://lists.centos.org/pipermail/centos-announce/2008-June/089970.html

Affected packages:
freetype
freetype-demos
freetype-devel
freetype-utils

Upstream details at:
https://access.redhat.com/errata/RHSA-2008:0556

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.021 Low

EPSS

Percentile

89.1%