VUPEN Security - Mandriva Security Update Fixes FreeType "TT_Load_Simple_Glyph()" Integer Overflow / Exploit (Security Advisories)

	Contact \| Site en Français

Vulnerabilities & Threats

VUPEN Security Advisories

Linux Security Advisories

Malware Advisories

Security Research

Threat Watch Blog

Zero-Day Monitor

Search Engine

Mailing List & RSS

>> Mandriva Security Update Fixes FreeType "TT_Load_Simple_Glyph()" Integer Overflow

Title : Mandriva Security Update Fixes FreeType "TT_Load_Simple_Glyph()" Integer Overflow
VUPEN ID : VUPEN/ADV-2007-2174
CVE ID : CVE-2007-2754
Rated as : Moderate Risk

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-06-14

Technical Description

Receive VUPEN Security alerts in a Text format

Receive VUPEN Security alerts in a PDF format

Receive VUPEN Security alerts in an XML format

A vulnerability has been identified in Mandriva, which could be exploited by attackers to execute arbitrary code. This issue is caused by an error in FreeType. For additional information, see : VUPEN/ADV-2007-1894

Affected Products

Mandriva Linux 2007.0
Mandriva Linux 2007.1
Mandriva Corporate 3.0
Mandriva Corporate 4.0
Mandriva Multi Network Firewall 2.0

Solution

Upgrade the affected packages :

Mandriva Linux 2007.0:
888adc26eb66e993d1c8256ebf72287e 2007.0/i586/libfreetype6-2.2.1-4.2mdv2007.0.i586.rpm
b10ff58273af4bfbf05bd1d6fabe5da8 2007.0/i586/libfreetype6-devel-2.2.1-4.2mdv2007.0.i586.rpm
84d7e5982cd6c7bb7b10e0960a943474 2007.0/i586/libfreetype6-static-devel-2.2.1-4.2mdv2007.0.i586.rpm
fbf5f1732c13a6f54f3e0214b48552c1 2007.0/SRPMS/freetype2-2.2.1-4.2mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
a93fb30f5a597fa89fc8cd85286b53ce 2007.0/x86_64/lib64freetype6-2.2.1-4.2mdv2007.0.x86_64.rpm
406806d503f5d355c8e77b989baf1f42 2007.0/x86_64/lib64freetype6-devel-2.2.1-4.2mdv2007.0.x86_64.rpm
f86a4e7e99da26c14d673c02cd4d4ba8 2007.0/x86_64/lib64freetype6-static-devel-2.2.1-4.2mdv2007.0.x86_64.rpm
fbf5f1732c13a6f54f3e0214b48552c1 2007.0/SRPMS/freetype2-2.2.1-4.2mdv2007.0.src.rpm

Mandriva Linux 2007.1:
6bafde7e6f952a0492765d461da32c97 2007.1/i586/libfreetype6-2.3.1-3.2mdv2007.1.i586.rpm
f34186eb65e04d416413cff4df8f9613 2007.1/i586/libfreetype6-devel-2.3.1-3.2mdv2007.1.i586.rpm
c111b1522e7825cc6ddf05b60e171aae 2007.1/i586/libfreetype6-static-devel-2.3.1-3.2mdv2007.1.i586.rpm
47d7d53f3e9b9b302b7398b46200e3bb 2007.1/SRPMS/freetype2-2.3.1-3.2mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
baa54ceaf4ba1525299cf6b0e859f933 2007.1/x86_64/lib64freetype6-2.3.1-3.2mdv2007.1.x86_64.rpm
ff16e366025be280a20e3d39ff0943d7 2007.1/x86_64/lib64freetype6-devel-2.3.1-3.2mdv2007.1.x86_64.rpm
7db139854e18a1d7f20438068bb22761 2007.1/x86_64/lib64freetype6-static-devel-2.3.1-3.2mdv2007.1.x86_64.rpm
47d7d53f3e9b9b302b7398b46200e3bb 2007.1/SRPMS/freetype2-2.3.1-3.2mdv2007.1.src.rpm

Corporate 3.0:
6a5823f891bb8dd9b34af5c194697151 corporate/3.0/i586/libfreetype6-2.1.7-4.5.C30mdk.i586.rpm
92a49443058dc76734007f42ea6ce992 corporate/3.0/i586/libfreetype6-devel-2.1.7-4.5.C30mdk.i586.rpm
ad0d74f4a3415f7ff808b1d50c6deda6 corporate/3.0/i586/libfreetype6-static-devel-2.1.7-4.5.C30mdk.i586.rpm
b13be6aab56c9c23f32e3da292d424c1 corporate/3.0/SRPMS/freetype2-2.1.7-4.5.C30mdk.src.rpm

Corporate 3.0/X86_64:
6a5823f891bb8dd9b34af5c194697151 corporate/3.0/x86_64/libfreetype6-2.1.7-4.5.C30mdk.i586.rpm
ae6a04d285558d7d58e82e40ac82d5f2 corporate/3.0/x86_64/lib64freetype6-2.1.7-4.5.C30mdk.x86_64.rpm
f03df050feb6e8ec2abe9c30e4386423 corporate/3.0/x86_64/lib64freetype6-devel-2.1.7-4.5.C30mdk.x86_64.rpm
40af8e12d5651ce2ee05c166e6d9f180 corporate/3.0/x86_64/lib64freetype6-static-devel-2.1.7-4.5.C30mdk.x86_64.rpm
b13be6aab56c9c23f32e3da292d424c1 corporate/3.0/SRPMS/freetype2-2.1.7-4.5.C30mdk.src.rpm

Corporate 4.0:
554afdf7c745ba4476df5860a25b05d4 corporate/4.0/i586/libfreetype6-2.1.10-9.6.20060mlcs4.i586.rpm
3b80645d0a25c3871268c7e2d0a378ac corporate/4.0/i586/libfreetype6-devel-2.1.10-9.6.20060mlcs4.i586.rpm
8017f06d616c226f00e8476f8583973f corporate/4.0/i586/libfreetype6-static-devel-2.1.10-9.6.20060mlcs4.i586.rpm
0e75c0ceca12cc7eeb93a32cb415effa corporate/4.0/SRPMS/freetype2-2.1.10-9.6.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
554afdf7c745ba4476df5860a25b05d4 corporate/4.0/x86_64/libfreetype6-2.1.10-9.6.20060mlcs4.i586.rpm
3b80645d0a25c3871268c7e2d0a378ac corporate/4.0/x86_64/libfreetype6-devel-2.1.10-9.6.20060mlcs4.i586.rpm
8017f06d616c226f00e8476f8583973f corporate/4.0/x86_64/libfreetype6-static-devel-2.1.10-9.6.20060mlcs4.i586.rpm
a8c75240e1c74eeddbb96b034157ce48 corporate/4.0/x86_64/lib64freetype6-2.1.10-9.6.20060mlcs4.x86_64.rpm
4ca744991bfb4260f45c9d2c48610287 corporate/4.0/x86_64/lib64freetype6-devel-2.1.10-9.6.20060mlcs4.x86_64.rpm
79ad754685d97d2f58ddcc5ed218955c corporate/4.0/x86_64/lib64freetype6-static-devel-2.1.10-9.6.20060mlcs4.x86_64.rpm
0e75c0ceca12cc7eeb93a32cb415effa corporate/4.0/SRPMS/freetype2-2.1.10-9.6.20060mlcs4.src.rpm

Multi Network Firewall 2.0:
f80e2f5f4bc935846ee4daa624112574 mnf/2.0/i586/libfreetype6-2.1.7-4.5.M20mdk.i586.rpm
e3dc2d5b741f17859470c33d8ce604b3 mnf/2.0/SRPMS/freetype2-2.1.7-4.5.M20mdk.src.rpm

References

http://www.vupen.com/english/advisories/2007/2174
http://archives.mandrivalinux.com/security-announce/2007-06/msg00012.php

ChangeLog

2007-06-14 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.

Vulnerability Alerting

Free 14-Day Trial

Latest News

>> 2009-07-06

Microsoft Windows 0-Day
Flaw Exploited in the Wild

>> 2009-06-10

VUPEN Security Research
Discovered Critical Flaws
in Adobe Acrobat and MS
Office Word

>> 2009-06-02

VUPEN Security Research
Discovered Critical Flaws
in ACDSee Products

>> 2009-05-22

VUPEN Discovered Two
Critical Vulnerabilities in
Novell GroupWise 8 / 7

More Informations