freetype 보안 업데이트
Web Browser 로는 FTP 접속이 불가능 합니다.
문서번호 : 1246385075
업데이트 : 2009.07.01
상세내용
update 2.1.9-10
. CVE-2006-1861
Chris Evans discovered multiple integer overflow flaws in the FreeType font
engine. If a user loaded a carefully-crafted font file with an application
linked against FreeType, it could cause the application to crash or,
possibly, execute arbitrary code with the privileges of the user running
the application.
. CVE-2007-2754
An integer overflow flaw was found in the way the FreeType font engine
processed TrueType® Font (TTF) files. If a user loaded a carefully-crafted
font file with an application linked against FreeType, it could cause the
application to crash or, possibly, execute arbitrary code with the
privileges of the user running the application.
. CVE-2008-1808
A flaw was discovered in the FreeType TTF font-file format parser when the
TrueType virtual machine Byte Code Interpreter (BCI) is enabled. If a user
loaded a carefully-crafted font file with an application linked against
FreeType, it could cause the application to crash or, possibly, execute
arbitrary code with the privileges of the user running the application.
. CVE-2009-0946
Tavis Ormandy of the Google Security Team discovered several integer
overflow flaws in the FreeType 2 font engine. If a user loaded a
carefully-crafted font file with an application linked against FreeType 2,
it could cause the application to crash or, possibly, execute arbitrary
code with the privileges of the user running the application.
Autoupdates 지원 : 지원
pkgsysupdate
update 패키지
RPMS :
. freetype-2.1.9-10.i686.rpm
. freetype-devel-2.1.9-10.i686.rpm
. freetype-utils-2.1.9-10.i686.rpm
SRPMS :
. freetype-2.1.9-10.src.rpm
참고 :
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1808
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1861
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2754
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1808
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0946
|