Articles / SuSE: New freetype packages…

SuSE: New freetype packages fix security vulnerabilities

Specially crafted font files could have caused buffer overflows in freetype, which could have been exploited for remote code execution. Updated packages are available from download.opensuse.org.

  SUSE Security Update: Security update for freetype2
______________________________________________________________________________

Announcement ID:    SUSE-SU-2012:0553-1
Rating:             important
References:         #619562 #628213 #629447 #633938 #633943 #635692 
                   #647375 #709851 #728044 #730124 #750937 #750938 
                   #750939 #750940 #750941 #750943 #750945 #750946 
                   #750947 #750948 #750949 #750950 #750951 #750952 
                   #750953 #750955 
Cross-References:   CVE-2010-1797 CVE-2010-2497 CVE-2010-2498
                   CVE-2010-2499 CVE-2010-2500 CVE-2010-2519
                   CVE-2010-2520 CVE-2010-2527 CVE-2010-2541
                   CVE-2010-2805 CVE-2010-3053 CVE-2010-3054
                   CVE-2010-3311 CVE-2010-3814 CVE-2010-3855
                   CVE-2011-2895 CVE-2011-3256 CVE-2011-3439
                   CVE-2012-1126 CVE-2012-1127 CVE-2012-1129
                   CVE-2012-1130 CVE-2012-1131 CVE-2012-1132
                   CVE-2012-1133 CVE-2012-1134 CVE-2012-1135
                   CVE-2012-1136 CVE-2012-1137 CVE-2012-1138
                   CVE-2012-1139 CVE-2012-1141 CVE-2012-1142
                   CVE-2012-1143
Affected Products:
                   SUSE Linux Enterprise Server 10 SP2
______________________________________________________________________________

  An update that fixes 34 vulnerabilities is now available.

Description:


  Specially crafted font files could have caused buffer
  overflows in  freetype, which could have been exploited for
  remote code execution.

  Security Issue references:

  * CVE-2012-1141
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1141

  * CVE-2012-1132
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1132

  * CVE-2012-1138
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1138

  * CVE-2012-1139
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1139

  * CVE-2011-2895
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2895

  * CVE-2012-1130
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1130

  * CVE-2010-3311
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3311

  * CVE-2012-1134
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1134

  * CVE-2010-2805
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2805

  * CVE-2010-3814
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3814

  * CVE-2012-1127
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1127

  * CVE-2012-1126
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1126

  * CVE-2010-1797
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1797

  * CVE-2010-3855
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3855

  * CVE-2010-2497
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2497

  * CVE-2012-1142
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1142

  * CVE-2010-3053
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3053

  * CVE-2012-1133
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1133

  * CVE-2012-1137
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1137

  * CVE-2011-3439
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3439

  * CVE-2012-1136
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1136

  * CVE-2012-1143
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1143

  * CVE-2011-3256
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3256

  * CVE-2012-1129
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1129

  * CVE-2012-1131
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1131

  * CVE-2010-3054
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3054

  * CVE-2012-1135
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1135

  * CVE-2010-2498
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2498

  * CVE-2010-2499
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2499

  * CVE-2010-2500
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2500

  * CVE-2010-2519
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2519

  * CVE-2010-2520
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2520

  * CVE-2010-2527
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2527

  * CVE-2010-2541
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2541




Package List:

  - SUSE Linux Enterprise Server 10 SP2 (i586 s390x x86_64):

     freetype2-2.1.10-18.22.21.25
     freetype2-devel-2.1.10-18.22.21.25
     ft2demos-2.1.10-19.18.21.7

  - SUSE Linux Enterprise Server 10 SP2 (s390x x86_64):

     freetype2-32bit-2.1.10-18.22.21.25
     freetype2-devel-32bit-2.1.10-18.22.21.25


References:

  http://support.novell.com/security/cve/CVE-2010-1797.html
  http://support.novell.com/security/cve/CVE-2010-2497.html
  http://support.novell.com/security/cve/CVE-2010-2498.html
  http://support.novell.com/security/cve/CVE-2010-2499.html
  http://support.novell.com/security/cve/CVE-2010-2500.html
  http://support.novell.com/security/cve/CVE-2010-2519.html
  http://support.novell.com/security/cve/CVE-2010-2520.html
  http://support.novell.com/security/cve/CVE-2010-2527.html
  http://support.novell.com/security/cve/CVE-2010-2541.html
  http://support.novell.com/security/cve/CVE-2010-2805.html
  http://support.novell.com/security/cve/CVE-2010-3053.html
  http://support.novell.com/security/cve/CVE-2010-3054.html
  http://support.novell.com/security/cve/CVE-2010-3311.html
  http://support.novell.com/security/cve/CVE-2010-3814.html
  http://support.novell.com/security/cve/CVE-2010-3855.html
  http://support.novell.com/security/cve/CVE-2011-2895.html
  http://support.novell.com/security/cve/CVE-2011-3256.html
  http://support.novell.com/security/cve/CVE-2011-3439.html
  http://support.novell.com/security/cve/CVE-2012-1126.html
  http://support.novell.com/security/cve/CVE-2012-1127.html
  http://support.novell.com/security/cve/CVE-2012-1129.html
  http://support.novell.com/security/cve/CVE-2012-1130.html
  http://support.novell.com/security/cve/CVE-2012-1131.html
  http://support.novell.com/security/cve/CVE-2012-1132.html
  http://support.novell.com/security/cve/CVE-2012-1133.html
  http://support.novell.com/security/cve/CVE-2012-1134.html
  http://support.novell.com/security/cve/CVE-2012-1135.html
  http://support.novell.com/security/cve/CVE-2012-1136.html
  http://support.novell.com/security/cve/CVE-2012-1137.html
  http://support.novell.com/security/cve/CVE-2012-1138.html
  http://support.novell.com/security/cve/CVE-2012-1139.html
  http://support.novell.com/security/cve/CVE-2012-1141.html
  http://support.novell.com/security/cve/CVE-2012-1142.html
  http://support.novell.com/security/cve/CVE-2012-1143.html
  https://bugzilla.novell.com/619562
  https://bugzilla.novell.com/628213
  https://bugzilla.novell.com/629447
  https://bugzilla.novell.com/633938
  https://bugzilla.novell.com/633943
  https://bugzilla.novell.com/635692
  https://bugzilla.novell.com/647375
  https://bugzilla.novell.com/709851
  https://bugzilla.novell.com/728044
  https://bugzilla.novell.com/730124
  https://bugzilla.novell.com/750937
  https://bugzilla.novell.com/750938
  https://bugzilla.novell.com/750939
  https://bugzilla.novell.com/750940
  https://bugzilla.novell.com/750941
  https://bugzilla.novell.com/750943
  https://bugzilla.novell.com/750945
  https://bugzilla.novell.com/750946
  https://bugzilla.novell.com/750947
  https://bugzilla.novell.com/750948
  https://bugzilla.novell.com/750949
  https://bugzilla.novell.com/750950
  https://bugzilla.novell.com/750951
  https://bugzilla.novell.com/750952
  https://bugzilla.novell.com/750953
  https://bugzilla.novell.com/750955
  http://download.novell.com/patch/finder/?keywords=7476e36b394db4aa52c01037bbfd62ee
Screenshot

Project Spotlight

Kigo Video Converter Ultimate for Mac

A tool for converting and editing videos.

Screenshot

Project Spotlight

Kid3

An efficient tagger for MP3, Ogg/Vorbis, and FLAC files.