Rapid7 VulnDB

RHSA-2008:0556: freetype security update

Back to Search

RHSA-2008:0556: freetype security update

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
06/16/2008
Created
07/25/2018
Added
07/08/2008
Modified
07/04/2017

Description

Updated freetype packages that fix various security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 25th June 2008] The original packages for Red Hat Enterprise Linux 3 and 4 distributed with this errata had a bug which prevented freetype library from loading certain font files correctly. We have updated the packages to correct this bug.

FreeType is a free, high-quality, portable font engine that can open and manage font files, as well as efficiently load, hint and render individual glyphs. Multiple flaws were discovered in FreeType's Printer Font Binary (PFB) font-file format parser. If a user loaded a carefully crafted font-file with a program linked against FreeType, it could cause the application to crash, or possibly execute arbitrary code. (CVE-2008-1806, CVE-2008-1807, CVE-2008-1808) Note: the flaw in FreeType's TrueType Font (TTF) font-file format parser, covered by CVE-2008-1808, did not affect the freetype packages as shipped in Red Hat Enterprise Linux 3, 4, and 5, as they are not compiled with TTF Byte Code Interpreter (BCI) support. Users of freetype should upgrade to these updated packages, which contain backported patches to resolve these issues.

Solution(s)

  • redhat-upgrade-freetype
  • redhat-upgrade-freetype-demos
  • redhat-upgrade-freetype-devel

References

  • redhat-upgrade-freetype
  • redhat-upgrade-freetype-demos
  • redhat-upgrade-freetype-devel

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;