Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DSA-2116-1:F1C4F
HistoryOct 04, 2010 - 9:03 p.m.

[SECURITY] [DSA-2116-1] New freetype packages integer overflow

2010-10-0421:03:33
lists.debian.org
6

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

JSON

Debian Security Advisory DSA-2116-1 [email protected]
http://www.debian.org/security/ Stefan Fritsch
October 4, 2010 http://www.debian.org/security/faq

Package : freetype
Vulnerability : integer overflow
Problem type : local (remote)
Debian-specific: no
CVE Id(s) : CVE-2010-3311

Marc Schoenefeld has found an input stream position error in the
way the FreeType font rendering engine processed input file streams.
If a user loaded a specially-crafted font file with an application
linked against FreeType and relevant font glyphs were subsequently
rendered with the X FreeType library (libXft), it could cause the
application to crash or, possibly execute arbitrary code.

After the upgrade, all running applications and services that use
libfreetype6 should be restarted. In most cases, logging out and
in again should be enough. The script checkrestart from the
debian-goodies package or lsof may help to find out which
processes are still using the old version of libfreetype6.

For the stable distribution (lenny), these problems have been fixed in
version 2.3.7-2+lenny4.

The testing distribution (squeeze) and the unstable distribution (sid)
are not affected by this problem.

We recommend that you upgrade your freetype packages.

Upgrade instructions

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 5.0 alias lenny (stable)

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny4.dsc
Size/MD5 checksum: 1211 e8eb7bb3966d14fc5b66857a7300e6b2
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7.orig.tar.gz
Size/MD5 checksum: 1567540 c1a9f44fde316470176fd6d66af3a0e8
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny4.diff.gz
Size/MD5 checksum: 39401 d1d5bb90167dec40ba9c7d994ccefeef

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny4_alpha.deb
Size/MD5 checksum: 253790 be62a4d4ef74375620fd1ba0e4748ca2
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny4_alpha.udeb
Size/MD5 checksum: 296640 3fc9c9db1b1f31fea8c072f1600a0cc3
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny4_alpha.deb
Size/MD5 checksum: 412358 cec01c79c128cd15812695a0b0874506
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny4_alpha.deb
Size/MD5 checksum: 775326 410bc831483dccfc0a6c18de7e71cba9

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny4_amd64.deb
Size/MD5 checksum: 223156 d92fce04f6d6eb160f3a69a6170094fe
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny4_amd64.deb
Size/MD5 checksum: 713268 1328888db2fe01093eb46b1d136b393e
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny4_amd64.deb
Size/MD5 checksum: 385884 3b31b35c1268c5fe9e7d9c2f88721c4c
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny4_amd64.udeb
Size/MD5 checksum: 269788 8c8b189b990973dea4dc649a3ee1f375

arm architecture (ARM)

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny4_arm.deb
Size/MD5 checksum: 357226 e30d0721701c76d97d834f972cb6e6f4
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny4_arm.deb
Size/MD5 checksum: 686184 002d550193037299794065785dbbe415
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny4_arm.deb
Size/MD5 checksum: 205108 871c6d806eca839ffae94a99bcfb57ae
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny4_arm.udeb
Size/MD5 checksum: 242208 4d86dc1a4ab0c534a16e99deebc1fc74

armel architecture (ARM EABI)

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny4_armel.udeb
Size/MD5 checksum: 236558 e01e2ed47b976afb2f2cf076d774dc22
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny4_armel.deb
Size/MD5 checksum: 212146 b91df649946fd0fec0ec5e2af160605e
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny4_armel.deb
Size/MD5 checksum: 683786 7f107b637d992d5985b119509d9e22dd
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny4_armel.deb
Size/MD5 checksum: 353416 6cf178afdf3a4834811e9e468dbf4c5f

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny4_hppa.udeb
Size/MD5 checksum: 273970 c7b3ba59505abbbc513b05aa6344d2f8
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny4_hppa.deb
Size/MD5 checksum: 226860 4f784b27a1bdc448ef773e745ae57c8a
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny4_hppa.deb
Size/MD5 checksum: 725000 b2be1195d0d730de3b0212882beb5ab8
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny4_hppa.deb
Size/MD5 checksum: 390482 9bedead1c79c9ab100235a35cb8292fd

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny4_i386.udeb
Size/MD5 checksum: 254446 0711a5a4840a60609eab1600f30059cc
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny4_i386.deb
Size/MD5 checksum: 371210 0c0ec7ed3c5431522854a63a2472c086
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny4_i386.deb
Size/MD5 checksum: 198090 45eebe4364c5e521ac11a81930adb4ac
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny4_i386.deb
Size/MD5 checksum: 685642 61507372e1025b8541a8c40df5d79223

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny4_ia64.deb
Size/MD5 checksum: 332158 07f8c38bd1b9f9f0978e979c9dc41f58
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny4_ia64.deb
Size/MD5 checksum: 531594 1ba8db18cff071df85cdd6395041803b
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny4_ia64.deb
Size/MD5 checksum: 876664 edfe5969841a9ac149880160e4721bc4
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny4_ia64.udeb
Size/MD5 checksum: 415940 a97a09ae4359e987a1f307ccd75011a1

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny4_mips.deb
Size/MD5 checksum: 713372 060d1f519ca44e9f2929c6cc497f5f32
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny4_mips.deb
Size/MD5 checksum: 215354 9422bf4b37031064897f240e6a16e4bd
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny4_mips.udeb
Size/MD5 checksum: 253938 240a257d6ab5e675a8d7df4ca73d741c
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny4_mips.deb
Size/MD5 checksum: 371116 f2f555ec73c128068561881dba4180ac

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny4_mipsel.deb
Size/MD5 checksum: 712500 50aaf715f150fc91713a48c8b56fc050
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny4_mipsel.deb
Size/MD5 checksum: 369826 34836bde5ab656b14aab11ac2ba377d8
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny4_mipsel.deb
Size/MD5 checksum: 214786 47342e0e3cf8557cf03957bc3f38ccf1
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny4_mipsel.udeb
Size/MD5 checksum: 254202 9a9268e23a621915d184707265333d86

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny4_powerpc.udeb
Size/MD5 checksum: 262836 1d44f167d8f5ab27294a52ffebe6b24a
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny4_powerpc.deb
Size/MD5 checksum: 233042 36bc26f025938280a60c057eee8b4d93
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny4_powerpc.deb
Size/MD5 checksum: 708572 c4f579af34066f88cf439d7b1afb06b5
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny4_powerpc.deb
Size/MD5 checksum: 380014 4309a48f707cfc5a441ba51057ac9ce2

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny4_s390.udeb
Size/MD5 checksum: 268250 fbd854913af557572f94b970c1ee2987
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny4_s390.deb
Size/MD5 checksum: 225934 7805a7ead0b6d2f9d7d5fd5fab380c62
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny4_s390.deb
Size/MD5 checksum: 701510 a06b2eb1f6394beb9d914e3f3a4d54e4
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny4_s390.deb
Size/MD5 checksum: 384504 0daf1dc1ae9b76b788d14f9ef3190071

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny4_sparc.deb
Size/MD5 checksum: 200090 e60c90c32352f007aa5b7802bbb80fef
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny4_sparc.deb
Size/MD5 checksum: 676516 98868c5cef925d1fbd114c15de7496e8
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny4_sparc.udeb
Size/MD5 checksum: 235422 c5fe1c8052ea0b30e73ace12b69116d0
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny4_sparc.deb
Size/MD5 checksum: 352580 295ebded2e16cfd43dad6a1fb91b31a8

These files will probably be moved into the stable distribution on
its next update.

For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: [email protected]
Package info: `apt-cache show <pkg>' and http://packages.debian.org/&lt;pkg&gt;

OSVersionArchitecturePackageVersionFilename
Debian5mipsfreetype2-demos< 2.3.7-2+lenny4freetype2-demos_2.3.7-2+lenny4_mips.deb
Debian5mipslibfreetype6-udeb< 2.3.7-2+lenny4libfreetype6-udeb_2.3.7-2+lenny4_mips.deb
Debian5alphalibfreetype6-dev< 2.3.7-2+lenny4libfreetype6-dev_2.3.7-2+lenny4_alpha.deb
Debian5ia64libfreetype6< 2.3.7-2+lenny4libfreetype6_2.3.7-2+lenny4_ia64.deb
Debian5armfreetype2-demos< 2.3.7-2+lenny4freetype2-demos_2.3.7-2+lenny4_arm.deb
Debian5i386freetype2-demos< 2.3.7-2+lenny4freetype2-demos_2.3.7-2+lenny4_i386.deb
Debian5armlibfreetype6< 2.3.7-2+lenny4libfreetype6_2.3.7-2+lenny4_arm.deb
Debian5mipslibfreetype6< 2.3.7-2+lenny4libfreetype6_2.3.7-2+lenny4_mips.deb
Debian5amd64freetype2-demos< 2.3.7-2+lenny4freetype2-demos_2.3.7-2+lenny4_amd64.deb
Debian5powerpclibfreetype6-dev< 2.3.7-2+lenny4libfreetype6-dev_2.3.7-2+lenny4_powerpc.deb
Rows per page:
1-10 of 491

Related

fedora 5
openvas 28
veracode 1
securityvulns 2
nessus 24
debian 1
prion 1
debiancve 1
ubuntucve 1
cve 1
redhat 3
centos 2
oraclelinux 3
ubuntu 1
gentoo 1
suse 1
fedora
fedora
[SECURITY] Fedora 14 Update: freetype-2.4.2-3.fc14
2010-10-13 12:47:51
[SECURITY] Fedora 13 Update: freetype-2.3.11-6.fc13
2010-10-19 07:23:19
[SECURITY] Fedora 12 Update: freetype-2.3.11-6.fc12
2010-11-01 20:53:44
openvas
openvas
Fedora Update for freetype FEDORA-2010-15878
2010-12-02 00:00:00
Fedora Update for freetype FEDORA-2010-15878
2010-12-02 00:00:00
Mandriva Update for freetype2 MDVSA-2010:201 (freetype2)
2010-10-19 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:48:58
securityvulns
securityvulns
[SECURITY] [DSA-2116-1] New freetype packages integer overflow
2010-10-06 00:00:00
freetype library multiple security vulnerabilities
2011-11-27 00:00:00
nessus
nessus
Fedora 14 : freetype-2.4.2-3.fc14 (2010-15878)
2010-10-14 00:00:00
Debian DSA-2116-1 : freetype - integer overflow
2010-10-06 00:00:00
Mandriva Linux Security Advisory : freetype2 (MDVSA-2010:201)
2010-10-14 00:00:00
debian
debian
[SECURITY] [DSA-2116-1] New freetype packages integer overflow
2010-10-04 21:03:33
prion
prion
Integer overflow
2011-01-07 23:00:00
debiancve
debiancve
CVE-2010-3311
2011-01-07 23:00:00
ubuntucve
ubuntucve
CVE-2010-3311
2010-09-28 00:00:00
cve
cve
CVE-2010-3311
2011-01-07 23:00:00
redhat
redhat
(RHSA-2010:0736) Important: freetype security update
2010-10-04 00:00:00
(RHSA-2010:0737) Important: freetype security update
2010-10-04 00:00:00
(RHSA-2010:0864) Important: freetype security update
2010-11-10 00:00:00
centos
centos
freetype security update
2010-10-05 15:49:55
freetype security update
2010-10-04 20:11:54
oraclelinux
oraclelinux
freetype security update
2010-10-04 00:00:00
freetype security update
2010-10-04 00:00:00
freetype security update
2010-11-16 00:00:00
ubuntu
ubuntu
FreeType vulnerabilities
2010-11-04 00:00:00
gentoo
gentoo
FreeType: Multiple vulnerabilities
2012-01-23 00:00:00
suse
suse
Security update for freetype2 (important)
2012-04-23 18:08:18

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

JSON
Related for DEBIAN:DSA-2116-1:F1C4F
fedora5openvas28veracode1securityvulns2nessus24debian1prion1debiancve1ubuntucve1cve1redhat3centos2oraclelinux3ubuntu1gentoo1suse1