Description: | Description:
The remote host is missing an update to freetype announced via advisory FEDORA-2008-5425.
The FreeType engine is a free and portable font rendering engine, developed to provide advanced font support for a variety of platforms and environments. FreeType is a library which can open and manages font files as well as efficiently load, hint and render individual glyphs. FreeType is not a font server or a complete text-rendering library.
Update Information:
This update backports security fixes from upstream version 2.3.6 - CVE-2008-1806, CVE-2008-1807 and CVE-2008-1808. For further details, see: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=715 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=716 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=717 Note: TTF bytecode interpreter is not enabled by default in the Fedora freetype packages, therefore Fedora packages were not affected by the TTF part of the CVE-2008-1808.
ChangeLog:
* Tue Jun 17 2008 Behdad Esfahbod 2.3.5-6 - Add freetype-2.3.5-CVEs.patch - Resolves: #451213 * Fri May 23 2008 Dennis Gilmore - 2.3.5-5 - add sparc64 to list of 64 bit arches
References:
[ 1 ] Bug #450768 - CVE-2008-1806 FreeType PFB integer overflow https://bugzilla.redhat.com/show_bug.cgi?id=450768 [ 2 ] Bug #450774 - CVE-2008-1808 FreeType off-by-one flaws https://bugzilla.redhat.com/show_bug.cgi?id=450774 [ 3 ] Bug #450773 - CVE-2008-1807 FreeType invalid free() flaw https://bugzilla.redhat.com/show_bug.cgi?id=450773
Solution: Apply the appropriate updates.
This update can be installed with the yum update program. Use su -c 'yum update freetype' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/.
https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2008-5425
Risk factor : High
CVSS Score: 7.5
|