(RHSA-2007:0150) Moderate: freetype security update

FreeType is a free, high-quality, portable font engine.

An integer overflow flaw was found in the way the FreeType font engine
processed BDF font files. If a user loaded a carefully crafted font file
with a program linked against FreeType, it could cause the application to
crash or execute arbitrary code. While it is uncommon for a user to
explicitly load a font file, there are several application file formats
which contain embedded fonts that are parsed by FreeType. (CVE-2007-1351)

This flaw did not affect the version of FreeType shipped in Red Hat
Enterprise Linux 2.1.

Users of FreeType should upgrade to these updated packages, which contain
a backported patch to correct this issue.

Red Hat would like to thank iDefense for reporting this issue.