Red Hat Enterprise Linux: Important freetype security update | Vulnerability Managment Blog

Hide threads | Keyboard Shortcuts

vulnerability management 1:24 am on October 6, 2010 Permalink Reply
Tags: application ( 11 ), critical watch ( 900 ), freetype ( 9 ), red hat enterprise ( 4 ), security ( 505 ), security advisories ( 695 ), vulnerability ( 725 ), vulnerability management ( 512 )

Red Hat Enterprise Linux: Important freetype security update

Users of Red Hat Enterprise Linux please be advised of an Important freetype security update that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from http://www.criticalwatch.com

RHSA-2010:0737-01: Important: freetype security update

Product: Red Hat Enterprise Linux

Description:

It was discovered that the FreeType font rendering engine improperly

validated certain position values when processing input streams. If a user

loaded a specially-crafted font file with an application linked against

FreeType, and the relevant font glyphs were subsequently rendered with the

X FreeType library (libXft), it could trigger a heap-based buffer overflow

in the libXft library, causing the application to crash or, possibly,

execute arbitrary code with the privileges of the user running the

application. Read more at http://www.criticalwatch.com

See this Amp at http://bit.ly/9KgtUl

Reply Cancel reply

c: Compose new post
j: Next post/Next comment
k: Previous post/Previous comment
r: Reply
e: Edit
o: Show/Hide comments
t: Go to top
l: Go to login
h: Show/Hide help
shift + esc: Cancel