Advisories
Mandriva Advisories
|
 |
| Problem Description |
iDefense integer overflows in the way freetype handled various font
files. A malicious local user could exploit these issues to potentially
execute arbitrary code.
Updated packages have been patched to correct this issue.
| Updated Packages |
Corporate Server 3.0
dbd9d9dce2eecf5dc0f07b949438f6e2 corporate/3.0/i586/libfreetype6-2.1.7-4.4.C30mdk.i586.rpm 5b4ae55777d8fb0802300180164626be corporate/3.0/i586/libfreetype6-devel-2.1.7-4.4.C30mdk.i586.rpm e93a54a13629939d1b069cc8c6d7ba00 corporate/3.0/i586/libfreetype6-static-devel-2.1.7-4.4.C30mdk.i586.rpm 389338c4062630ef82932a16888aca74 corporate/3.0/SRPMS/freetype2-2.1.7-4.4.C30mdk.src.rpm
Corporate Server 3.0/X86_64
020ea45885d2d352f01e6db561e91043 corporate/3.0/x86_64/lib64freetype6-2.1.7-4.4.C30mdk.x86_64.rpm 1bd6b3ca33a1c79664b77fef5386d968 corporate/3.0/x86_64/lib64freetype6-devel-2.1.7-4.4.C30mdk.x86_64.rpm 8beb621c6ad598032038295c1742eaa5 corporate/3.0/x86_64/lib64freetype6-static-devel-2.1.7-4.4.C30mdk.x86_64.rpm dbd9d9dce2eecf5dc0f07b949438f6e2 corporate/3.0/x86_64/libfreetype6-2.1.7-4.4.C30mdk.i586.rpm 389338c4062630ef82932a16888aca74 corporate/3.0/SRPMS/freetype2-2.1.7-4.4.C30mdk.src.rpm
Multi Network Firewall 2.0
2d6f0486f22dba324dcfbfba8ee92aea mnf/2.0/i586/libfreetype6-2.1.7-4.4.M20mdk.i586.rpm cb19a04e2a59b58c0404865ee2b6ad0b mnf/2.0/i586/libfreetype6-devel-2.1.7-4.4.M20mdk.i586.rpm 95374cb08444a52b998bec97099d8692 mnf/2.0/i586/libfreetype6-static-devel-2.1.7-4.4.M20mdk.i586.rpm 61be4166abddbca6eb0910f71fefcb53 mnf/2.0/SRPMS/freetype2-2.1.7-4.4.M20mdk.src.rpm
Mandriva Linux 2007
f6fa7475ddd370e4c5666c8e5f3ea1ab 2007.0/i586/libfreetype6-2.2.1-4.1mdv2007.0.i586.rpm 798b4436b273364cb5b88adc2ab02284 2007.0/i586/libfreetype6-devel-2.2.1-4.1mdv2007.0.i586.rpm d4448a43fcf33b965148f985918c8c1f 2007.0/i586/libfreetype6-static-devel-2.2.1-4.1mdv2007.0.i586.rpm e94919cdff41a89e8dfb013b51e97298 2007.0/SRPMS/freetype2-2.2.1-4.1mdv2007.0.src.rpm
Mandriva Linux 2007/X86_64
09b1e2a374c33f5ba03fbdf9a3a9c06d 2007.0/x86_64/lib64freetype6-2.2.1-4.1mdv2007.0.x86_64.rpm 07920f5a1d99c335b6c8348c278ab1c5 2007.0/x86_64/lib64freetype6-devel-2.2.1-4.1mdv2007.0.x86_64.rpm d23852054cb490feea6dfb9c00c66d96 2007.0/x86_64/lib64freetype6-static-devel-2.2.1-4.1mdv2007.0.x86_64.rpm e94919cdff41a89e8dfb013b51e97298 2007.0/SRPMS/freetype2-2.2.1-4.1mdv2007.0.src.rpm
Corporate Server 4.0
14f546a8e3fe70362e25138b08efe734 corporate/4.0/i586/libfreetype6-2.1.10-9.5.20060mlcs4.i586.rpm 47bc3d7a07c632386e1d11c5180e89bf corporate/4.0/i586/libfreetype6-devel-2.1.10-9.5.20060mlcs4.i586.rpm d61c4fbe40e780d40638e83e556ca464 corporate/4.0/i586/libfreetype6-static-devel-2.1.10-9.5.20060mlcs4.i586.rpm 53fb2858df7f92bee30b27f588953d42 corporate/4.0/SRPMS/freetype2-2.1.10-9.5.20060mlcs4.src.rpm
Corporate Server 4.0/X86_64
593b7b057948a4e68bccc078f3e6582a corporate/4.0/x86_64/lib64freetype6-2.1.10-9.5.20060mlcs4.x86_64.rpm 06e9aedc719c1e1232d193dfe0fd1430 corporate/4.0/x86_64/lib64freetype6-devel-2.1.10-9.5.20060mlcs4.x86_64.rpm f3e065cdefa7ae88538dd8c8d630d65b corporate/4.0/x86_64/lib64freetype6-static-devel-2.1.10-9.5.20060mlcs4.x86_64.rpm 14f546a8e3fe70362e25138b08efe734 corporate/4.0/x86_64/libfreetype6-2.1.10-9.5.20060mlcs4.i586.rpm 47bc3d7a07c632386e1d11c5180e89bf corporate/4.0/x86_64/libfreetype6-devel-2.1.10-9.5.20060mlcs4.i586.rpm d61c4fbe40e780d40638e83e556ca464 corporate/4.0/x86_64/libfreetype6-static-devel-2.1.10-9.5.20060mlcs4.i586.rpm 53fb2858df7f92bee30b27f588953d42 corporate/4.0/SRPMS/freetype2-2.1.10-9.5.20060mlcs4.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1351
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.