LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: December 12th, 2014
Linux Security Week: December 9th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Debian: New freetype packages fix several vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Debian Updated package.
- --------------------------------------------------------------------------
Debian Security Advisory DSA 1095-1                    security@debian.org
http://www.debian.org/security/                             Martin Schulze
June 10th, 2006                          http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : freetype
Vulnerability  : integer overflows
Problem type   : local (remote)
Debian-specific: no
CVE IDs        : CVE-2006-0747 CVE-2006-1861 CVE-2006-2493 CVE-2006-2661
CERT advisory  : 
BugTraq ID     : 18034
Debian Bug     : 

Several problems have been discovered in the FreeType 2 font engine.
The Common vulnerabilities and Exposures project identifies the
following problems:

CVE-2006-0747

    Several integer underflows have been discovered which could allow
    remote attackers to cause a denial of service.

CVE-2006-1861

    Chris Evans discovered several integer overflows that lead to a
    denial of service or could possibly even lead to the execution of
    arbitrary code.

CVE-2006-2493

    Several more integer overflows have been discovered which could
    possibly lead to the execution of arbitrary code.

CVE-2006-2661

    A null pointer dereference could cause a denial of service.

For the old stable distribution (woody) these problems have been fixed in
version 2.0.9-1woody1.

For the stable distribution (sarge) these problems have been fixed in
version 2.1.7-2.5.

For the unstable distribution (sid) these problems will be fixed soon

We recommend that you upgrade your libfreetype packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/f/freetype/freetype_2.0.9-1woody1.dsc
      Size/MD5 checksum:      672 e9f338a6cc7d4f8924ec9df3dd14035a
    http://security.debian.org/pool/updates/main/f/freetype/freetype_2.0.9-1woody1.diff.gz
      Size/MD5 checksum:    17441 8313446b932167b006e7b039c6890821
    http://security.debian.org/pool/updates/main/f/freetype/freetype_2.0.9.orig.tar.gz
      Size/MD5 checksum:   908842 102e1d651fd6404e656e3d1d8a36a4a0

  Alpha architecture:

    http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.0.9-1woody1_alpha.deb
      Size/MD5 checksum:    72438 81cf505ba02eb5167141388fedd84177
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.0.9-1woody1_alpha.deb
      Size/MD5 checksum:   244742 599b407104960c51a32c75782ccc6bcb
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.0.9-1woody1_alpha.deb
      Size/MD5 checksum:   598368 f5bb8504b2d91b0af7cd878f661520d4

  ARM architecture:

    http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.0.9-1woody1_arm.deb
      Size/MD5 checksum:    38802 0890e233c07cfa17fcf4de4e312ee0cb
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.0.9-1woody1_arm.deb
      Size/MD5 checksum:   211736 c071143fd0bcbba47e3be584dd52c9b5
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.0.9-1woody1_arm.deb
      Size/MD5 checksum:   565936 3ea6b5786fdc1b74c8ce501a83f87b56

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.0.9-1woody1_i386.deb
      Size/MD5 checksum:    37128 55f75b5277bc86e66167bd92019d0dc0
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.0.9-1woody1_i386.deb
      Size/MD5 checksum:   208990 c59dc78191132dcc3db2ad6e529ed872
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.0.9-1woody1_i386.deb
      Size/MD5 checksum:   541294 028c883672af3f15cdea4595e124d12d

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.0.9-1woody1_ia64.deb
      Size/MD5 checksum:    91606 34dd0d964ef7f5471a9d8aca9204eae6
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.0.9-1woody1_ia64.deb
      Size/MD5 checksum:   314490 f277129e151512f5f40f7dac92bd70ca
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.0.9-1woody1_ia64.deb
      Size/MD5 checksum:   661156 2da5eeaec642e9ad417f05d556042654

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.0.9-1woody1_hppa.deb
      Size/MD5 checksum:    65954 01f070e5a891f294673ecc02746e2a3e
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.0.9-1woody1_hppa.deb
      Size/MD5 checksum:   243240 3ce3f6c9c81f475e8f5025d891c6baa3
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.0.9-1woody1_hppa.deb
      Size/MD5 checksum:   581982 2cd9bf66c5fa0900b2bbd892cb4fe27e

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.0.9-1woody1_m68k.deb
      Size/MD5 checksum:    35004 9fb250326a6ec18855b526881bff1971
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.0.9-1woody1_m68k.deb
      Size/MD5 checksum:   202382 b914d6dca81b0a0bbcd51b41f14d285b
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.0.9-1woody1_m68k.deb
      Size/MD5 checksum:   533332 99c58bfb00e2eec28605797281ba7d91

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.0.9-1woody1_mips.deb
      Size/MD5 checksum:    65994 d095a3147f7bf29601a633e0981812ef
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.0.9-1woody1_mips.deb
      Size/MD5 checksum:   227602 a0bb3a1ec9f4d199b592e83e1f96cc62
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.0.9-1woody1_mips.deb
      Size/MD5 checksum:   585274 70ee8753fbc279405f51aa3f85c9277a

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.0.9-1woody1_mipsel.deb
      Size/MD5 checksum:    66068 4252d63c5c6fc9c2073a3c4f9a2c94b3
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.0.9-1woody1_mipsel.deb
      Size/MD5 checksum:   224940 cd715fcea79690133890d1ac51c897d5
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.0.9-1woody1_mipsel.deb
      Size/MD5 checksum:   582886 95ab06bdb92195b369f4b1394caace23

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.0.9-1woody1_powerpc.deb
      Size/MD5 checksum:    40060 11ce0afd84b3b6d72aeb6ad65f46d20b
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.0.9-1woody1_powerpc.deb
      Size/MD5 checksum:   220220 f3e618b284f001fb1aca10f09153580c
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.0.9-1woody1_powerpc.deb
      Size/MD5 checksum:   562794 1f79591fa630cc0c1843a5877782fa5b

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.0.9-1woody1_s390.deb
      Size/MD5 checksum:    39878 f4349eae5c74098119905d368c7b0e2e
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.0.9-1woody1_s390.deb
      Size/MD5 checksum:   217756 f025a5c14fd3c2c115076095565628a5
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.0.9-1woody1_s390.deb
      Size/MD5 checksum:   550812 667c68d66e3055fdc01ff3a028f5b065

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.0.9-1woody1_sparc.deb
      Size/MD5 checksum:    49750 6c536054e3247e79bef317c60ca6b3b1
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.0.9-1woody1_sparc.deb
      Size/MD5 checksum:   212828 cab02000c53126f833994914024f057f
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.0.9-1woody1_sparc.deb
      Size/MD5 checksum:   549646 206cb2d25dd696a438e54c188bf83b2c


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/f/freetype/freetype_2.1.7-2.5.dsc
      Size/MD5 checksum:      677 89163a31332f8fd9602ee070e736db56
    http://security.debian.org/pool/updates/main/f/freetype/freetype_2.1.7-2.5.diff.gz
      Size/MD5 checksum:    56830 e44f23774c76ec8744556393d1a67155
    http://security.debian.org/pool/updates/main/f/freetype/freetype_2.1.7.orig.tar.gz
      Size/MD5 checksum:  1245623 991ff86e88b075ba363e876f4ea58680

  Alpha architecture:

    http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-2.5_alpha.deb
      Size/MD5 checksum:    88168 43fe03488f5298535877f31e514af2b5
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-2.5_alpha.deb
      Size/MD5 checksum:   422428 ca66e5f4c34fe72139aec143d2267638
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-2.5_alpha.deb
      Size/MD5 checksum:   784362 87d5c43d63e83523ed20051640b702c8

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-2.5_amd64.deb
      Size/MD5 checksum:    76236 3352ce99b2a88ca07d88f04c91b3dc3e
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-2.5_amd64.deb
      Size/MD5 checksum:   389884 7262b08b4199214f93165ae412c9f467
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-2.5_amd64.deb
      Size/MD5 checksum:   723734 fb33e8413b560d7afaeb02e59a76cf09

  ARM architecture:

    http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-2.5_arm.deb
      Size/MD5 checksum:    58730 55df9efbd4eb664f1783ee82a38f1844
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-2.5_arm.deb
      Size/MD5 checksum:   352562 7abf762b31898aaca08668d0a96b6f2f
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-2.5_arm.deb
      Size/MD5 checksum:   714506 954e50736413bdef43b26230c639de88

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-2.5_i386.deb
      Size/MD5 checksum:    63194 cb8a719a9a774729d66008d9027e51e6
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-2.5_i386.deb
      Size/MD5 checksum:   363860 db9690836e2cec4d75d72e21fa3454b2
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-2.5_i386.deb
      Size/MD5 checksum:   693456 413e7c3ac3cbe875565583e4d715e9f9

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-2.5_ia64.deb
      Size/MD5 checksum:   102602 33a1531632b9b99c8dddaf3db4bf5b76
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-2.5_ia64.deb
      Size/MD5 checksum:   493270 d5c7f28e477780047c923279b96b3e4a
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-2.5_ia64.deb
      Size/MD5 checksum:   843896 72048488bde93d3630b6b9da079e69e9

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-2.5_hppa.deb
      Size/MD5 checksum:    80762 42a0bfccfaac7473755699a843e24a47
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-2.5_hppa.deb
      Size/MD5 checksum:   406960 0c4175c2dd0e48b799e09d2afc12690f
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-2.5_hppa.deb
      Size/MD5 checksum:   734430 89b01eb71ca9666bfda516a81b42279c

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-2.5_m68k.deb
      Size/MD5 checksum:    43850 8c48fb2db89bd539888bee4b5e96bc9f
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-2.5_m68k.deb
      Size/MD5 checksum:   359290 8d0540203484407b5e3ac0caa6a17a76
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-2.5_m68k.deb
      Size/MD5 checksum:   678740 6a4a245d16be00bfb42c4c95bc46c33b

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-2.5_mips.deb
      Size/MD5 checksum:    91802 edb71b520cad9ee3325f1ab6c9aba2e1
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-2.5_mips.deb
      Size/MD5 checksum:   384104 a3a2b6850b6ad4fa58b26e4f87c99bc1
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-2.5_mips.deb
      Size/MD5 checksum:   742462 1622c7ed6976c080c191bf4355a39bcf

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-2.5_mipsel.deb
      Size/MD5 checksum:    91530 b5f2884e0a60f941472f73e5bb4ed36a
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-2.5_mipsel.deb
      Size/MD5 checksum:   376154 44ecb1dd13695505127605383ba08550
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-2.5_mipsel.deb
      Size/MD5 checksum:   735808 5be48a87080982898270d5d3872d23a1

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-2.5_powerpc.deb
      Size/MD5 checksum:    81984 1947fae668eea39c6547b5f7223b161b
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-2.5_powerpc.deb
      Size/MD5 checksum:   379112 ba3fcf9e41fb86ffb942f62da564e443
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-2.5_powerpc.deb
      Size/MD5 checksum:   730110 abef79b7c668f78ac1824d28871d12e5

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-2.5_s390.deb
      Size/MD5 checksum:    76224 cad554cfd04bc4d3a95b2a2ec2fdc0d5
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-2.5_s390.deb
      Size/MD5 checksum:   399662 a0b113ed1c25426c878a88fa3709eab9
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-2.5_s390.deb
      Size/MD5 checksum:   752436 294913dbf3d5371ea9bb20f44a03d5c0

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-2.5_sparc.deb
      Size/MD5 checksum:    68422 5c7b16ad44271621f8d5212ddcedefe9
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-2.5_sparc.deb
      Size/MD5 checksum:   363802 64e8b09bf5e357b284c23b284e5c13cc
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-2.5_sparc.deb
      Size/MD5 checksum:   699974 ef249a5e5d11b534e55f1e942ef29cef


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
The Difference Between Wi-Fi Security Protocols: WPA2-AES vs WPA2-TKIP
Segmenting for security: Five steps to protect your network
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.