FreeType: Important Security Update

Users of FreeType please be advised of an important security update fix vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

RHSA-2010:0889-01: [RHSA-2010:0889-01] Important: freetype security update
Product: Red Hat Enterprise Linux
Description:

FreeType is a free, high-quality, portable font engine that can open and

manage font files. It also loads, hints, and renders individual glyphs

efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide

both the FreeType 1 and FreeType 2 font engines. The freetype packages for

Red Hat Enterprise Linux 5 and 6 provide only the FreeType 2 font engine.

A heap-based buffer overflow flaw was found in the way the FreeType font

rendering engine processed certain TrueType GX fonts. If a user loaded a

specially-crafted font file with an application linked against FreeType, it

could cause the application to crash or, possibly, execute arbitrary code

with the privileges of the user running the application. (CVE-2010-3855)
Read more at http://www.criticalwatch.com

 

Advertisements