|
|
>> Mandriva Security Update Fixes FreeType2 BDF Font Integer Overflow Vulnerability
|
Title : Mandriva Security Update Fixes FreeType2 BDF Font Integer Overflow Vulnerability
VUPEN ID : VUPEN/ADV-2007-1253
CVE ID : CVE-2007-1351
Rated as : Moderate Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-04-05
|
Mandriva has released security updates to address a vulnerability identified in FreeType2. This issue could be exploited by attackers to execute arbitrary commands. For additional information, see : VUPEN/ADV-2007-1264
Affected Products
Mandriva Linux 2007.0
Mandriva Linux 2007.1
Mandriva Corporate 3.0
Mandriva Corporate 4.0
Mandriva Multi Network Firewall 2.0
Solution
Upgrade the affected packages :
Mandriva Linux 2007.0:
f6fa7475ddd370e4c5666c8e5f3ea1ab 2007.0/i586/libfreetype6-2.2.1-4.1mdv2007.0.i586.rpm
798b4436b273364cb5b88adc2ab02284 2007.0/i586/libfreetype6-devel-2.2.1-4.1mdv2007.0.i586.rpm
d4448a43fcf33b965148f985918c8c1f 2007.0/i586/libfreetype6-static-devel-2.2.1-4.1mdv2007.0.i586.rpm
e94919cdff41a89e8dfb013b51e97298 2007.0/SRPMS/freetype2-2.2.1-4.1mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
09b1e2a374c33f5ba03fbdf9a3a9c06d 2007.0/x86_64/lib64freetype6-2.2.1-4.1mdv2007.0.x86_64.rpm
07920f5a1d99c335b6c8348c278ab1c5 2007.0/x86_64/lib64freetype6-devel-2.2.1-4.1mdv2007.0.x86_64.rpm
d23852054cb490feea6dfb9c00c66d96 2007.0/x86_64/lib64freetype6-static-devel-2.2.1-4.1mdv2007.0.x86_64.rpm
e94919cdff41a89e8dfb013b51e97298 2007.0/SRPMS/freetype2-2.2.1-4.1mdv2007.0.src.rpm
Mandriva Linux 2007.1:
b6d65fcc62754bd1400e90efa49e6679 2007.1/i586/libfreetype6-2.3.1-3.1mdv2007.1.i586.rpm
142d11543d5db9880c9db97b99595559 2007.1/i586/libfreetype6-devel-2.3.1-3.1mdv2007.1.i586.rpm
bfc535d187f868751ed2460f3de01e53 2007.1/i586/libfreetype6-static-devel-2.3.1-3.1mdv2007.1.i586.rpm
81a51e662770f7d91ff92b6ae53211af 2007.1/SRPMS/freetype2-2.3.1-3.1mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
3323e12c0ac539c7bc6b7f6ead647f7e 2007.1/x86_64/lib64freetype6-2.3.1-3.1mdv2007.1.x86_64.rpm
c9c6db8da9895b96eb074ffb09f2383e 2007.1/x86_64/lib64freetype6-devel-2.3.1-3.1mdv2007.1.x86_64.rpm
87f48e86ee449bbba06fd0159c6c34af 2007.1/x86_64/lib64freetype6-static-devel-2.3.1-3.1mdv2007.1.x86_64.rpm
81a51e662770f7d91ff92b6ae53211af 2007.1/SRPMS/freetype2-2.3.1-3.1mdv2007.1.src.rpm
Corporate 3.0:
dbd9d9dce2eecf5dc0f07b949438f6e2 corporate/3.0/i586/libfreetype6-2.1.7-4.4.C30mdk.i586.rpm
5b4ae55777d8fb0802300180164626be corporate/3.0/i586/libfreetype6-devel-2.1.7-4.4.C30mdk.i586.rpm
e93a54a13629939d1b069cc8c6d7ba00 corporate/3.0/i586/libfreetype6-static-devel-2.1.7-4.4.C30mdk.i586.rpm
389338c4062630ef82932a16888aca74 corporate/3.0/SRPMS/freetype2-2.1.7-4.4.C30mdk.src.rpm
Corporate 3.0/X86_64:
020ea45885d2d352f01e6db561e91043 corporate/3.0/x86_64/lib64freetype6-2.1.7-4.4.C30mdk.x86_64.rpm
1bd6b3ca33a1c79664b77fef5386d968 corporate/3.0/x86_64/lib64freetype6-devel-2.1.7-4.4.C30mdk.x86_64.rpm
8beb621c6ad598032038295c1742eaa5 corporate/3.0/x86_64/lib64freetype6-static-devel-2.1.7-4.4.C30mdk.x86_64.rpm
dbd9d9dce2eecf5dc0f07b949438f6e2 corporate/3.0/x86_64/libfreetype6-2.1.7-4.4.C30mdk.i586.rpm
389338c4062630ef82932a16888aca74 corporate/3.0/SRPMS/freetype2-2.1.7-4.4.C30mdk.src.rpm
Corporate 4.0:
14f546a8e3fe70362e25138b08efe734 corporate/4.0/i586/libfreetype6-2.1.10-9.5.20060mlcs4.i586.rpm
47bc3d7a07c632386e1d11c5180e89bf corporate/4.0/i586/libfreetype6-devel-2.1.10-9.5.20060mlcs4.i586.rpm
d61c4fbe40e780d40638e83e556ca464 corporate/4.0/i586/libfreetype6-static-devel-2.1.10-9.5.20060mlcs4.i586.rpm
53fb2858df7f92bee30b27f588953d42 corporate/4.0/SRPMS/freetype2-2.1.10-9.5.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
593b7b057948a4e68bccc078f3e6582a corporate/4.0/x86_64/lib64freetype6-2.1.10-9.5.20060mlcs4.x86_64.rpm
06e9aedc719c1e1232d193dfe0fd1430 corporate/4.0/x86_64/lib64freetype6-devel-2.1.10-9.5.20060mlcs4.x86_64.rpm
f3e065cdefa7ae88538dd8c8d630d65b corporate/4.0/x86_64/lib64freetype6-static-devel-2.1.10-9.5.20060mlcs4.x86_64.rpm
14f546a8e3fe70362e25138b08efe734 corporate/4.0/x86_64/libfreetype6-2.1.10-9.5.20060mlcs4.i586.rpm
47bc3d7a07c632386e1d11c5180e89bf corporate/4.0/x86_64/libfreetype6-devel-2.1.10-9.5.20060mlcs4.i586.rpm
d61c4fbe40e780d40638e83e556ca464 corporate/4.0/x86_64/libfreetype6-static-devel-2.1.10-9.5.20060mlcs4.i586.rpm
53fb2858df7f92bee30b27f588953d42 corporate/4.0/SRPMS/freetype2-2.1.10-9.5.20060mlcs4.src.rpm
Multi Network Firewall 2.0:
2d6f0486f22dba324dcfbfba8ee92aea mnf/2.0/i586/libfreetype6-2.1.7-4.4.M20mdk.i586.rpm
cb19a04e2a59b58c0404865ee2b6ad0b mnf/2.0/i586/libfreetype6-devel-2.1.7-4.4.M20mdk.i586.rpm
95374cb08444a52b998bec97099d8692 mnf/2.0/i586/libfreetype6-static-devel-2.1.7-4.4.M20mdk.i586.rpm
61be4166abddbca6eb0910f71fefcb53 mnf/2.0/SRPMS/freetype2-2.1.7-4.4.M20mdk.src.rpm
References
http://www.vupen.com/english/advisories/2007/1253
http://archives.mandrivalinux.com/security-announce/2007-04/msg00009.php
http://archives.mandrivalinux.com/security-announce/2007-04/msg00012.php
ChangeLog
2007-04-05 : Initial release
2007-04-10 : Updated Solution
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
