From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -------------------------------------------------------------------------- Debian Security Advisory DSA-1784-1
[email protected] http://www.debian.org/security/ Nico Golde April 30th, 2009
http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : freetype
Vulnerability : integer overflows
Problem type : local (remote)
Debian-specific: no
CVE ID : CVE-2009-0946
Tavis Ormandy discovered several integer overflows in FreeType, a library
to process and access font files, resulting in heap- or stack-based
buffer overflows leading to application crashes or the execution
of arbitrary code via a crafted font file.
For the oldstable distribution (etch), this problem has been fixed in
version 2.2.1-5+etch4.
For the stable distribution (lenny), this problem has been fixed in
version 2.3.7-2+lenny1.
For the testing distribution (squeeze), this problem will be fixed soon.
For the unstable distribution (sid), this problem has been fixed in
version 2.3.9-4.1.
We recommend that you upgrade your freetype packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Debian (oldstable)
- ------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.2.1-5+etch4.dsc
Size/MD5 checksum: 806 64611cbb471628359be5e3add390481b
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.2.1.orig.tar.gz
Size/MD5 checksum: 1451392 a584e84d617c6e7919b4aef9b5106cf4
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.2.1-5+etch4.diff.gz
Size/MD5 checksum: 35460 355360a6157070ec1beed2a59b566053
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch4_alpha.udeb
Size/MD5 checksum: 279388 b3d4210547ecf4a04bf88c75494cc111
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch4_alpha.deb
Size/MD5 checksum: 385174 278d5134975a1dba703d98240ddc6a63
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch4_alpha.deb
Size/MD5 checksum: 728690 68737b103f329973ee7d7e9fff4e83c8
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch4_alpha.deb
Size/MD5 checksum: 169114 5133d57b21cc7cf44b5975b6527b4825
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch4_amd64.udeb
Size/MD5 checksum: 248282 fc8b4e8e3ffe15eeeb7bcfb162e4a9e1
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch4_amd64.deb
Size/MD5 checksum: 671298 61b8048d1cbc5275322ed0d730bdbea7
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch4_amd64.deb
Size/MD5 checksum: 355350 abee35456605685cb9c439363f800173
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch4_amd64.deb
Size/MD5 checksum: 149832 35ca786b9430666664982428ea773053
arm architecture (ARM)
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch4_arm.deb
Size/MD5 checksum: 334084 5fc9bbce9a35e23c111858aadbc789fd
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch4_arm.deb
Size/MD5 checksum: 646784 b3d8b2b22ab3afeb931d2aea821cae40
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch4_arm.udeb
Size/MD5 checksum: 227438 1752dce98655004ce337b2506da50676
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch4_arm.deb
Size/MD5 checksum: 134032 8adc7ae3f9469d351afbdfe2a4120d79
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch4_hppa.deb
Size/MD5 checksum: 367148 867febdc912d70e94522d9ce712149c9
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch4_hppa.deb
Size/MD5 checksum: 684936 3ba0531b968c737e6d2dd35096b828b6
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch4_hppa.udeb
Size/MD5 checksum: 260684 592acdba2d42293937b84a33a1b336ba
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch4_hppa.deb
Size/MD5 checksum: 150362 1a25c1494492e10337c8d21267b464de
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch4_i386.deb
Size/MD5 checksum: 644162 9eafc8843737666cba8d6108d4a15d7c
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch4_i386.deb
Size/MD5 checksum: 135884 348459f71c33c0a258a7dcce04f9cc3e
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch4_i386.udeb
Size/MD5 checksum: 236062 05007d69881d19521ad59dce79e1f23f
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch4_i386.deb
Size/MD5 checksum: 342212 98511ff4ae4ae5f7fee332093a2e346d
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch4_ia64.deb
Size/MD5 checksum: 222234 8daeb88920829fbf27819b0e0ce5846a
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch4_ia64.deb
Size/MD5 checksum: 817176 17ad55179e15ad7e9f2de28ab7653c89
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch4_ia64.deb
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)