Säkerhetsbulletin från Debian

DSA-1454-1 freetype -- heltalsspill

Rapporterat den:

2008-01-07

Berörda paket:

freetype

Sårbara:

Referenser i säkerhetsdatabaser:

I Mitres CVE-förteckning: CVE-2007-1351.

Ytterligare information:

Greg MacManus upptäckte ett heltalsspill i teckensnittshanteringen i libfreetype, en FreeType 2-teckensnittsmotor, vilket kunde användas i en överbelastningsattack eller möjligen exekvering av godtycklig kod om en användare lurades att öppna en felformaterat teckensnitt.

För den gamla stabila utgåvan (Sarge) kommer detta problem att rättas inom kort.

För den stabila utgåvan (Etch) har detta problem rättats i version 2.2.1-5+etch2.

För den instabila utgåvan (Sid) har detta problem rättats i version 2.3.5-1.

Vi rekommenderar att ni uppgraderar era freetype-paket.

Rättat i:

Debian GNU/Linux 4.0 (stable)

Källkod:: http://security.debian.org/pool/updates/main/f/freetype/freetype_2.2.1-5+etch2.dsc; http://security.debian.org/pool/updates/main/f/freetype/freetype_2.2.1.orig.tar.gz; http://security.debian.org/pool/updates/main/f/freetype/freetype_2.2.1-5+etch2.diff.gz
Alpha:: http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch2_alpha.deb; http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch2_alpha.deb; http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch2_alpha.deb; http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch2_alpha.udeb
AMD64:: http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch2_amd64.deb; http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch2_amd64.udeb; http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch2_amd64.deb; http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch2_amd64.deb
ARM:: http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch2_arm.deb; http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch2_arm.udeb; http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch2_arm.deb; http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch2_arm.deb
HP Precision:: http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch2_hppa.udeb; http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch2_hppa.deb; http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch2_hppa.deb; http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch2_hppa.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch2_i386.deb; http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch2_i386.udeb; http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch2_i386.deb; http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch2_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch2_ia64.deb; http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch2_ia64.deb; http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch2_ia64.udeb; http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch2_ia64.deb
Big-endian MIPS:: http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch2_mips.deb; http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch2_mips.deb; http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch2_mips.udeb; http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch2_mips.deb
Little-endian MIPS:: http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch2_mipsel.deb; http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch2_mipsel.udeb; http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch2_mipsel.deb; http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch2_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch2_powerpc.deb; http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch2_powerpc.deb; http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch2_powerpc.udeb; http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch2_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch2_s390.deb; http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch2_s390.deb; http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch2_s390.udeb; http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch2_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch2_sparc.deb; http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch2_sparc.deb; http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch2_sparc.deb; http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch2_sparc.udeb

MD5-kontrollsummor för dessa filer finns i originalbulletinen.