Mandriva Linux Archives: security-announce@mandrivalinux.org
Mandriva Linux: security-announce@mandrivalinux.org
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
- From: security
- Subject: [Security Announce] [ MDKSA-2007:081-1 ] - Updated freetype2 packages fix vulnerability
- Date: 10 Apr 2007 22:09:57 -0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2007:081-1 http://www.mandriva.com/security/ _______________________________________________________________________ Package : freetype2 Date : April 10, 2007 Affected: 2007.1 _______________________________________________________________________ Problem Description: iDefense integer overflows in the way freetype handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code. Updated packages have been patched to correct this issue. Update: Packages for Mandriva Linux 2007.1 are now available. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1351 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.1: b6d65fcc62754bd1400e90efa49e6679 2007.1/i586/libfreetype6-2.3.1-3.1mdv2007.1.i586.rpm 142d11543d5db9880c9db97b99595559 2007.1/i586/libfreetype6-devel-2.3.1-3.1mdv2007.1.i586.rpm bfc535d187f868751ed2460f3de01e53 2007.1/i586/libfreetype6-static-devel-2.3.1-3.1mdv2007.1.i586.rpm 81a51e662770f7d91ff92b6ae53211af 2007.1/SRPMS/freetype2-2.3.1-3.1mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 3323e12c0ac539c7bc6b7f6ead647f7e 2007.1/x86_64/lib64freetype6-2.3.1-3.1mdv2007.1.x86_64.rpm c9c6db8da9895b96eb074ffb09f2383e 2007.1/x86_64/lib64freetype6-devel-2.3.1-3.1mdv2007.1.x86_64.rpm 87f48e86ee449bbba06fd0159c6c34af 2007.1/x86_64/lib64freetype6-static-devel-2.3.1-3.1mdv2007.1.x86_64.rpm 81a51e662770f7d91ff92b6ae53211af 2007.1/SRPMS/freetype2-2.3.1-3.1mdv2007.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGG9yumqjQ0CJFipgRAj2LAKDxahKXOhYOpS6JZ1he0FMxfbuQJgCgif5j Hfcfrg4ZKpE/LPNAxnuUE0E= =hw7N -----END PGP SIGNATURE-----
To unsubscribe, send a email to sympa@mandrivalinux.org with this subject : unsubscribe security-announce _______________________________________________________ Want to buy your Pack or Services from Mandriva? Go to http://www.mandrivastore.com Join the Club : http://www.mandrivaclub.com _______________________________________________________
- Prev by Date: [Security Announce] [ MDKA-2007:023 ] - Updated autofs packages address master map parsing errors
- Next by Date: [Security Announce] [ MDKA-2007:024 ] - Updated gimp packages address filename issue
- Previous by thread: [Security Announce] [ MDKA-2007:023 ] - Updated autofs packages address master map parsing errors
- Next by thread: [Security Announce] [ MDKA-2007:024 ] - Updated gimp packages address filename issue
- Index(es):
Search the archive:
To (un)subscribe from/to the lists:
Fund the Mandriva Linux project