-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2010-17728 2010-11-15 21:21:42 --------------------------------------------------------------------------------

Name : freetype Product : Fedora 13 Version : 2.3.11 Release : 7.fc13 URL : http://www.freetype.org Summary : A free and portable font rendering engine Description : The FreeType engine is a free and portable font rendering engine, developed to provide advanced font support for a variety of platforms and environments. FreeType is a library which can open and manages font files as well as efficiently load, hint and render individual glyphs. FreeType is not a font server or a complete text-rendering library.

-------------------------------------------------------------------------------- ChangeLog:

* Mon Nov 15 2010 Marek Kasik mkasik@redhat.com 2.3.11-7 - Add freetype-2.3.11-CVE-2010-3855.patch (Protect against invalid `runcnt' values.) - Resolves: #651764 * Mon Oct 4 2010 Marek Kasik mkasik@redhat.com 2.3.11-6 - Add freetype-2.3.11-CVE-2010-2805.patch (Fix comparison.) - Add freetype-2.3.11-CVE-2010-2806.patch (Protect against negative string_size. Fix comparison.) - Add freetype-2.3.11-CVE-2010-2808.patch (Check the total length of collected POST segments.) - Add freetype-2.3.11-CVE-2010-3311.patch (Don't seek behind end of stream.) - Resolves: #638522 * Mon Oct 4 2010 Marek Kasik mkasik@redhat.com 2.3.11-5 - Add freetype-2.3.11-CVE-2010-1797.patch (Check stack after execution of operations too. Skip the evaluations of the values in decoder, if cff_decoder_parse_charstrings() returns any error.) - Resolves: #621627 * Fri Oct 1 2010 Marek Kasik mkasik@redhat.com 2.3.11-4 - Add freetype-2.3.11-CVE-2010-2498.patch (Assure that `end_point' is not larger than `glyph->num_points') - Add freetype-2.3.11-CVE-2010-2499.patch (Check the buffer size during gathering PFB fragments) - Add freetype-2.3.11-CVE-2010-2500.patch (Use smaller threshold values for `width' and `height') - Add freetype-2.3.11-CVE-2010-2519.patch (Check `rlen' the length of fragment declared in the POST fragment header) - Add freetype-2.3.11-CVE-2010-2520.patch (Fix bounds check) - Add freetype-2.3.11-CVE-2010-2527.patch (Use precision for `%s' where appropriate to avoid buffer overflows) - Add freetype-2.3.11-CVE-2010-2541.patch (Avoid overflow when dealing with names of axes) - Resolves: #613299 -------------------------------------------------------------------------------- References:

[ 1 ] Bug #645275 - CVE-2010-3855 Freetype : Heap based buffer overflow in ft_var_readpackedpoints() https://bugzilla.redhat.com/show_bug.cgi?id=645275 --------------------------------------------------------------------------------

This update can be installed with the "yum" update program. Use su -c 'yum update freetype' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------