GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Tue Apr 17, 2012 11:26 pm Post subject: [ GLSA 201204-04 ] FreeType: Multiple vulnerabilities |
 |
|
Gentoo Linux Security Advisory
Title: FreeType: Multiple vulnerabilities (GLSA 201204-04)
Severity: normal
Exploitable: remote
Date: April 17, 2012
Bug(s): #407257
ID: 201204-04
Synopsis
Multiple vulnerabilities have been found in FreeType, allowing
remote attackers to possibly execute arbitrary code or cause Denial of
Service.
Background
FreeType is a high-quality and portable font engine.
Affected Packages
Package: media-libs/freetype
Vulnerable: < 2.4.9
Unaffected: >= 2.4.9
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in FreeType. Please review
the CVE identifiers referenced below for details.
Impact
A remote attacker could entice a user to open a specially crafted font,
possibly resulting in execution of arbitrary code with the privileges of
the user running the application, or a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All FreeType users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/freetype-2.4.9"
|
References
CVE-2012-1126
CVE-2012-1127
CVE-2012-1128
CVE-2012-1129
CVE-2012-1130
CVE-2012-1131
CVE-2012-1132
CVE-2012-1133
CVE-2012-1134
CVE-2012-1135
CVE-2012-1136
CVE-2012-1137
CVE-2012-1138
CVE-2012-1139
CVE-2012-1140
CVE-2012-1141
CVE-2012-1142
CVE-2012-1143
CVE-2012-1144 |
|
News & Announcements
