Lucene search

K
centosCentOS ProjectCESA-2010:0889
HistoryNov 16, 2010 - 5:01 p.m.

freetype security update

2010-11-1617:01:38
CentOS Project
lists.centos.org
47

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.174 Low

EPSS

Percentile

96.0%

CentOS Errata and Security Advisory CESA-2010:0889

FreeType is a free, high-quality, portable font engine that can open and
manage font files. It also loads, hints, and renders individual glyphs
efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide
both the FreeType 1 and FreeType 2 font engines. The freetype packages for
Red Hat Enterprise Linux 5 and 6 provide only the FreeType 2 font engine.

A heap-based buffer overflow flaw was found in the way the FreeType font
rendering engine processed certain TrueType GX fonts. If a user loaded a
specially-crafted font file with an application linked against FreeType, it
could cause the application to crash or, possibly, execute arbitrary code
with the privileges of the user running the application. (CVE-2010-3855)

Note: This issue only affects the FreeType 2 font engine.

Users are advised to upgrade to these updated packages, which contain a
backported patch to correct this issue. The X server must be restarted (log
out, then log back in) for this update to take effect.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2010-November/079339.html
https://lists.centos.org/pipermail/centos-announce/2010-November/079340.html
https://lists.centos.org/pipermail/centos-announce/2010-November/079345.html
https://lists.centos.org/pipermail/centos-announce/2010-November/079346.html

Affected packages:
freetype
freetype-demos
freetype-devel
freetype-utils

Upstream details at:
https://access.redhat.com/errata/RHSA-2010:0889

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.174 Low

EPSS

Percentile

96.0%

Related for CESA-2010:0889