openSUSE Security Update: freetype: Fixed several off-by-one / length checks missing
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2011:0852-1
Rating:             important
References:         #704612 
Cross-References:   CVE-2011-0226
Affected Products:
                    openSUSE 11.4
                    openSUSE 11.3
______________________________________________________________________________

   An update that fixes one vulnerability is now available.

Description:

   This freetype2 update fixes sign extension problems and
   missing length checks.

   This issue was used in one of the last jailbreakme exploits
   for Apple iPhone/iPad products. (CVE-2011-0226)


Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE 11.4:

      zypper in -t patch freetype2-4915

   - openSUSE 11.3:

      zypper in -t patch freetype2-4915

   To bring your system up-to-date, use "zypper patch".


Package List:

   - openSUSE 11.4 (i586 x86_64):

      freetype2-devel-2.4.4-7.8.1
      libfreetype6-2.4.4-7.8.1

   - openSUSE 11.4 (x86_64):

      freetype2-devel-32bit-2.4.4-7.8.1
      libfreetype6-32bit-2.4.4-7.8.1

   - openSUSE 11.3 (i586 x86_64):

      freetype2-devel-2.3.12-7.6.1
      libfreetype6-2.3.12-7.6.1

   - openSUSE 11.3 (x86_64):

      freetype2-devel-32bit-2.3.12-7.6.1
      libfreetype6-32bit-2.3.12-7.6.1


References:

   https://www.suse.com/security/cve/CVE-2011-0226.html
   https://bugzilla.novell.com/704612

--

openSUSE: 2011:0852-1: important: freetype

July 28, 2011
An update that fixes one vulnerability is now available.

Description

This freetype2 update fixes sign extension problems and missing length checks. This issue was used in one of the last jailbreakme exploits for Apple iPhone/iPad products. (CVE-2011-0226)

 

Patch

Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch freetype2-4915 - openSUSE 11.3: zypper in -t patch freetype2-4915 To bring your system up-to-date, use "zypper patch".


Package List

- openSUSE 11.4 (i586 x86_64): freetype2-devel-2.4.4-7.8.1 libfreetype6-2.4.4-7.8.1 - openSUSE 11.4 (x86_64): freetype2-devel-32bit-2.4.4-7.8.1 libfreetype6-32bit-2.4.4-7.8.1 - openSUSE 11.3 (i586 x86_64): freetype2-devel-2.3.12-7.6.1 libfreetype6-2.3.12-7.6.1 - openSUSE 11.3 (x86_64): freetype2-devel-32bit-2.3.12-7.6.1 libfreetype6-32bit-2.3.12-7.6.1


References

https://www.suse.com/security/cve/CVE-2011-0226.html https://bugzilla.novell.com/704612--


Severity
Announcement ID: openSUSE-SU-2011:0852-1
Rating: important
Affected Products: openSUSE 11.4 openSUSE 11.3

Related News

19.Laptop Bed Esm H170
2 - 4 min read
WSL (Windows Subsystem for Linux) , Microsoft's network security toolkit that allows users to run Linux natively on Windows without needing a
11.Locks IsometricPattern Esm H170
3 - 6 min read
Recently conducted research by Kaspersky indicates an alarming rise in cyberattacks using exploits against Linux systems. Data from Kaspersky
32.Lock Code Circular Esm H170
1 - 2 min read
The Kimsuky APT group, reportedly linked to North Korea's Reconnaissance General Bureau (RGB), has been identified deploying a Linux version of its
6.EmailConnection Touch Esm H170
2 - 3 min read
Recent security updates for Ubuntu and Debian have been released to address vulnerabilities in Thunderbird, the popular open-source mail and
19.Laptop Bed Esm H170
2 - 3 min read
The release of Google Chrome 124 addresses four vulnerabilities, including a critical security flaw enabling remote attackers to execute arbitrary
20.Lock AbstractDigital Circular Esm H170
2 - 3 min read
Google has released fixes for a high-severity Chromium security flaw ( CVE-2024-5274 ) impacting its widely used Chrome browser and other
20.Lock AbstractDigital Circular Esm H170
1 - 2 min read
The Ubuntu security team has recently discovered and addressed multiple vulnerabilities in the Apache HTTP Server (apache2). These vulnerabilities
28.Lock Globe Esm H170
2 - 3 min read
The intersection of Linux and quantum computing has become increasingly apparent, emphasizing the importance of Linux-based operating systems in

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved