Articles / SuSE: New freetype2 package…

SuSE: New freetype2 packages fix security vulnerabilities

Specially crafted font files could have caused buffer overflows in freetype, which could be exploited for remote code execution. Updated packages are available from download.opensuse.org.

  SUSE Security Update: Security update for freetype2
______________________________________________________________________________

Announcement ID:    SUSE-SU-2012:0483-2
Rating:             important
References:         #750937 #750938 #750939 #750940 #750941 #750943 
                   #750945 #750946 #750947 #750948 #750949 #750950 
                   #750951 #750952 #750953 #750955 
Cross-References:   CVE-2012-1126 CVE-2012-1127 CVE-2012-1129
                   CVE-2012-1130 CVE-2012-1131 CVE-2012-1132
                   CVE-2012-1133 CVE-2012-1134 CVE-2012-1135
                   CVE-2012-1136 CVE-2012-1137 CVE-2012-1138
                   CVE-2012-1139 CVE-2012-1141 CVE-2012-1142
                   CVE-2012-1143
Affected Products:
                   SUSE Linux Enterprise Server 10 SP3 LTSS
______________________________________________________________________________

  An update that fixes 16 vulnerabilities is now available.

Description:


  Specially crafted font files could have caused buffer
  overflows in  freetype, which could be exploited for remote
  code execution.

  Security Issue references:

  * CVE-2012-1129
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1129

  * CVE-2012-1127
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1127

  * CVE-2012-1138
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1138

  * CVE-2012-1131
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1131

  * CVE-2012-1141
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1141

  * CVE-2012-1132
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1132

  * CVE-2012-1139
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1139

  * CVE-2012-1137
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1137

  * CVE-2012-1126
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1126

  * CVE-2012-1142
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1142

  * CVE-2012-1130
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1130

  * CVE-2012-1136
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1136

  * CVE-2012-1143
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1143

  * CVE-2012-1133
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1133

  * CVE-2012-1135
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1135

  * CVE-2012-1134
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1134




Package List:

  - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64):

     freetype2-2.1.10-18.29.17
     freetype2-devel-2.1.10-18.29.17
     ft2demos-2.1.10-19.29.7

  - SUSE Linux Enterprise Server 10 SP3 LTSS (s390x x86_64):

     freetype2-32bit-2.1.10-18.29.17
     freetype2-devel-32bit-2.1.10-18.29.17


References:

  http://support.novell.com/security/cve/CVE-2012-1126.html
  http://support.novell.com/security/cve/CVE-2012-1127.html
  http://support.novell.com/security/cve/CVE-2012-1129.html
  http://support.novell.com/security/cve/CVE-2012-1130.html
  http://support.novell.com/security/cve/CVE-2012-1131.html
  http://support.novell.com/security/cve/CVE-2012-1132.html
  http://support.novell.com/security/cve/CVE-2012-1133.html
  http://support.novell.com/security/cve/CVE-2012-1134.html
  http://support.novell.com/security/cve/CVE-2012-1135.html
  http://support.novell.com/security/cve/CVE-2012-1136.html
  http://support.novell.com/security/cve/CVE-2012-1137.html
  http://support.novell.com/security/cve/CVE-2012-1138.html
  http://support.novell.com/security/cve/CVE-2012-1139.html
  http://support.novell.com/security/cve/CVE-2012-1141.html
  http://support.novell.com/security/cve/CVE-2012-1142.html
  http://support.novell.com/security/cve/CVE-2012-1143.html
  https://bugzilla.novell.com/750937
  https://bugzilla.novell.com/750938
  https://bugzilla.novell.com/750939
  https://bugzilla.novell.com/750940
  https://bugzilla.novell.com/750941
  https://bugzilla.novell.com/750943
  https://bugzilla.novell.com/750945
  https://bugzilla.novell.com/750946
  https://bugzilla.novell.com/750947
  https://bugzilla.novell.com/750948
  https://bugzilla.novell.com/750949
  https://bugzilla.novell.com/750950
  https://bugzilla.novell.com/750951
  https://bugzilla.novell.com/750952
  https://bugzilla.novell.com/750953
  https://bugzilla.novell.com/750955
  http://download.novell.com/patch/finder/?keywords=79a084c6d12b368701383076dee3e174
Screenshot

Project Spotlight

Kigo Video Converter Ultimate for Mac

A tool for converting and editing videos.

Screenshot

Project Spotlight

Kid3

An efficient tagger for MP3, Ogg/Vorbis, and FLAC files.