Security Advisory Important: freetype security update

Advisory: RHSA-2009:0329-1
Type: Security Advisory
Severity: Important
Issued on: 2009-05-22
Last updated on: 2009-05-22
Affected Products: Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux AS (v. 4.8.z)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux ES (v. 4.8.z)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
OVAL: com.redhat.rhsa-20090329.xml
CVEs (cve.mitre.org): CVE-2006-1861
CVE-2007-2754
CVE-2008-1808
CVE-2009-0946

Details

Updated freetype packages that fix various security issues are now
available for Red Hat Enterprise Linux 3 and 4.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

FreeType is a free, high-quality, portable font engine that can open and
manage font files. It also loads, hints, and renders individual glyphs
efficiently. These packages provide both the FreeType 1 and FreeType 2
font engines.

Tavis Ormandy of the Google Security Team discovered several integer
overflow flaws in the FreeType 2 font engine. If a user loaded a
carefully-crafted font file with an application linked against FreeType 2,
it could cause the application to crash or, possibly, execute arbitrary
code with the privileges of the user running the application.
(CVE-2009-0946)

Chris Evans discovered multiple integer overflow flaws in the FreeType font
engine. If a user loaded a carefully-crafted font file with an application
linked against FreeType, it could cause the application to crash or,
possibly, execute arbitrary code with the privileges of the user running
the application. (CVE-2006-1861)

An integer overflow flaw was found in the way the FreeType font engine
processed TrueType® Font (TTF) files. If a user loaded a carefully-crafted
font file with an application linked against FreeType, it could cause the
application to crash or, possibly, execute arbitrary code with the
privileges of the user running the application. (CVE-2007-2754)

A flaw was discovered in the FreeType TTF font-file format parser when the
TrueType virtual machine Byte Code Interpreter (BCI) is enabled. If a user
loaded a carefully-crafted font file with an application linked against
FreeType, it could cause the application to crash or, possibly, execute
arbitrary code with the privileges of the user running the application.
(CVE-2008-1808)

The CVE-2008-1808 flaw did not affect the freetype packages as distributed
in Red Hat Enterprise Linux 3 and 4, as they are not compiled with TrueType
BCI support. A fix for this flaw has been included in this update as users
may choose to recompile the freetype packages in order to enable TrueType
BCI support. Red Hat does not, however, provide support for modified and
recompiled packages.

Note: For the FreeType 2 font engine, the CVE-2006-1861, CVE-2007-2754,
and CVE-2008-1808 flaws were addressed via RHSA-2006:0500, RHSA-2007:0403,
and RHSA-2008:0556 respectively. This update provides corresponding
updates for the FreeType 1 font engine, included in the freetype packages
distributed in Red Hat Enterprise Linux 3 and 4.

Users are advised to upgrade to these updated packages, which contain
backported patches to correct these issues. The X server must be restarted
(log out, then log back in) for this update to take effect.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

Red Hat Desktop (v. 3)
SRPMS:
freetype-2.1.4-12.el3.src.rpm     0ad92ae4d0505b13d30e8092dff597fa
 
IA-32:
freetype-2.1.4-12.el3.i386.rpm     5d47ec9a2261f1038d943e8deae49d2b
freetype-devel-2.1.4-12.el3.i386.rpm     215e1477add917ff7f6c66edbdb10c27
 
x86_64:
freetype-2.1.4-12.el3.i386.rpm     5d47ec9a2261f1038d943e8deae49d2b
freetype-2.1.4-12.el3.x86_64.rpm     cbc637276c6a75a2b0388ea59a8991a5
freetype-devel-2.1.4-12.el3.x86_64.rpm     0cc6715a4ab08151ef7e18010d2aa610
 
Red Hat Desktop (v. 4)
SRPMS:
freetype-2.1.9-10.el4.7.src.rpm     cf698570314f6c275f59dbfb42c827c4
 
IA-32:
freetype-2.1.9-10.el4.7.i386.rpm     8feeaa0d31aadb63cf232373aaaf6176
freetype-demos-2.1.9-10.el4.7.i386.rpm     f49673bf273dd0d0dcd6093943247300
freetype-devel-2.1.9-10.el4.7.i386.rpm     00a98937d7238adc082072cff5faa187
freetype-utils-2.1.9-10.el4.7.i386.rpm     743c665fd58d7d22e8932a3076ec3e5b
 
x86_64:
freetype-2.1.9-10.el4.7.i386.rpm     8feeaa0d31aadb63cf232373aaaf6176
freetype-2.1.9-10.el4.7.x86_64.rpm     277331f895ae105e7e14dd93a4f0d3d5
freetype-demos-2.1.9-10.el4.7.x86_64.rpm     b91c4d9eae0d3aec49bbd1f2428a5eb9
freetype-devel-2.1.9-10.el4.7.x86_64.rpm     68e8e13a51ca09e7f791854f0bd3b2d2
freetype-utils-2.1.9-10.el4.7.x86_64.rpm     f1869787e6d5ba44948646ce7e75f13f
 
Red Hat Enterprise Linux AS (v. 3)
SRPMS:
freetype-2.1.4-12.el3.src.rpm     0ad92ae4d0505b13d30e8092dff597fa
 
IA-32:
freetype-2.1.4-12.el3.i386.rpm     5d47ec9a2261f1038d943e8deae49d2b
freetype-devel-2.1.4-12.el3.i386.rpm     215e1477add917ff7f6c66edbdb10c27
 
IA-64:
freetype-2.1.4-12.el3.i386.rpm     5d47ec9a2261f1038d943e8deae49d2b
freetype-2.1.4-12.el3.ia64.rpm     3c75b1c94299a7c25bfc48ae3bf2de1e
freetype-devel-2.1.4-12.el3.ia64.rpm     436b8d02afe9b68e8ca03c9ffd21fc7c
 
PPC:
freetype-2.1.4-12.el3.ppc.rpm     abc796c22b0f705319dcd8270912cc40
freetype-2.1.4-12.el3.ppc64.rpm     5a4d2572ebc127405193721bcd1895b2
freetype-devel-2.1.4-12.el3.ppc.rpm     9dacf00a55ec941d4a35e73e719a70a2
 
s390:
freetype-2.1.4-12.el3.s390.rpm     ad9d40c42cb83ec4180c1ca20fbf51af
freetype-devel-2.1.4-12.el3.s390.rpm     dca00e55953c62bfdf81b95441660488
 
s390x:
freetype-2.1.4-12.el3.s390.rpm     ad9d40c42cb83ec4180c1ca20fbf51af
freetype-2.1.4-12.el3.s390x.rpm     58332ba19495bb24f23fa6dccd253fff
freetype-devel-2.1.4-12.el3.s390x.rpm     85265dffd2aff844dbc4e616e96ee74b
 
x86_64:
freetype-2.1.4-12.el3.i386.rpm     5d47ec9a2261f1038d943e8deae49d2b
freetype-2.1.4-12.el3.x86_64.rpm     cbc637276c6a75a2b0388ea59a8991a5
freetype-devel-2.1.4-12.el3.x86_64.rpm     0cc6715a4ab08151ef7e18010d2aa610
 
Red Hat Enterprise Linux AS (v. 4)
SRPMS:
freetype-2.1.9-10.el4.7.src.rpm     cf698570314f6c275f59dbfb42c827c4
 
IA-32:
freetype-2.1.9-10.el4.7.i386.rpm     8feeaa0d31aadb63cf232373aaaf6176
freetype-demos-2.1.9-10.el4.7.i386.rpm     f49673bf273dd0d0dcd6093943247300
freetype-devel-2.1.9-10.el4.7.i386.rpm     00a98937d7238adc082072cff5faa187
freetype-utils-2.1.9-10.el4.7.i386.rpm     743c665fd58d7d22e8932a3076ec3e5b
 
IA-64:
freetype-2.1.9-10.el4.7.i386.rpm     8feeaa0d31aadb63cf232373aaaf6176
freetype-2.1.9-10.el4.7.ia64.rpm     3a7b4cedad823a7a2a869231df35755c
freetype-demos-2.1.9-10.el4.7.ia64.rpm     b2630495aa76ebcac908907f358c0a6e
freetype-devel-2.1.9-10.el4.7.ia64.rpm     d794a92f1d7dac36025ee6ccadd6fc87
freetype-utils-2.1.9-10.el4.7.ia64.rpm     043f4d857c590aa17081eabc416b89ce
 
PPC:
freetype-2.1.9-10.el4.7.ppc.rpm     2a9bbfc4b611db19f3596922cc9f2729
freetype-2.1.9-10.el4.7.ppc64.rpm     a2a8c83c2dac96fea7ee0393da9d1b6f
freetype-demos-2.1.9-10.el4.7.ppc.rpm     0b891c68816067d258542a560cd214dc
freetype-devel-2.1.9-10.el4.7.ppc.rpm     686e2f54c281c48f220fef6f973509a8
freetype-utils-2.1.9-10.el4.7.ppc.rpm     9e4396077442035aee6a0babedb3a7a4
 
s390:
freetype-2.1.9-10.el4.7.s390.rpm     0bf768f32b6b378e4e588432c208fadc
freetype-demos-2.1.9-10.el4.7.s390.rpm     6d4f0b10eb164a704792f16d8e139c69
freetype-devel-2.1.9-10.el4.7.s390.rpm     cae3223db233cfd48d2ef20eef2acdcb
freetype-utils-2.1.9-10.el4.7.s390.rpm     b7fa550afac87f28ff281913066d2503
 
s390x:
freetype-2.1.9-10.el4.7.s390.rpm     0bf768f32b6b378e4e588432c208fadc
freetype-2.1.9-10.el4.7.s390x.rpm     12444443b8cb29eff2c13e9575f7c4df
freetype-demos-2.1.9-10.el4.7.s390x.rpm     a455a226c97f3035ce4b254548464a7e
freetype-devel-2.1.9-10.el4.7.s390x.rpm     18a77d6a1bb76b6c2b9e4601f1a52ffb
freetype-utils-2.1.9-10.el4.7.s390x.rpm     dff8b32423b4ea81c3421ecc481e3471
 
x86_64:
freetype-2.1.9-10.el4.7.i386.rpm     8feeaa0d31aadb63cf232373aaaf6176
freetype-2.1.9-10.el4.7.x86_64.rpm     277331f895ae105e7e14dd93a4f0d3d5
freetype-demos-2.1.9-10.el4.7.x86_64.rpm     b91c4d9eae0d3aec49bbd1f2428a5eb9
freetype-devel-2.1.9-10.el4.7.x86_64.rpm     68e8e13a51ca09e7f791854f0bd3b2d2
freetype-utils-2.1.9-10.el4.7.x86_64.rpm     f1869787e6d5ba44948646ce7e75f13f
 
Red Hat Enterprise Linux AS (v. 4.8.z)
SRPMS:
freetype-2.1.9-10.el4.7.src.rpm     cf698570314f6c275f59dbfb42c827c4
 
IA-32:
freetype-2.1.9-10.el4.7.i386.rpm     8feeaa0d31aadb63cf232373aaaf6176
freetype-demos-2.1.9-10.el4.7.i386.rpm     f49673bf273dd0d0dcd6093943247300
freetype-devel-2.1.9-10.el4.7.i386.rpm     00a98937d7238adc082072cff5faa187
freetype-utils-2.1.9-10.el4.7.i386.rpm     743c665fd58d7d22e8932a3076ec3e5b
 
IA-64:
freetype-2.1.9-10.el4.7.i386.rpm     8feeaa0d31aadb63cf232373aaaf6176
freetype-2.1.9-10.el4.7.ia64.rpm     3a7b4cedad823a7a2a869231df35755c
freetype-demos-2.1.9-10.el4.7.ia64.rpm     b2630495aa76ebcac908907f358c0a6e
freetype-devel-2.1.9-10.el4.7.ia64.rpm     d794a92f1d7dac36025ee6ccadd6fc87
freetype-utils-2.1.9-10.el4.7.ia64.rpm     043f4d857c590aa17081eabc416b89ce
 
PPC:
freetype-2.1.9-10.el4.7.ppc.rpm     2a9bbfc4b611db19f3596922cc9f2729
freetype-2.1.9-10.el4.7.ppc64.rpm     a2a8c83c2dac96fea7ee0393da9d1b6f
freetype-demos-2.1.9-10.el4.7.ppc.rpm     0b891c68816067d258542a560cd214dc
freetype-devel-2.1.9-10.el4.7.ppc.rpm     686e2f54c281c48f220fef6f973509a8
freetype-utils-2.1.9-10.el4.7.ppc.rpm     9e4396077442035aee6a0babedb3a7a4
 
s390:
freetype-2.1.9-10.el4.7.s390.rpm     0bf768f32b6b378e4e588432c208fadc
freetype-demos-2.1.9-10.el4.7.s390.rpm     6d4f0b10eb164a704792f16d8e139c69
freetype-devel-2.1.9-10.el4.7.s390.rpm     cae3223db233cfd48d2ef20eef2acdcb
freetype-utils-2.1.9-10.el4.7.s390.rpm     b7fa550afac87f28ff281913066d2503
 
s390x:
freetype-2.1.9-10.el4.7.s390.rpm     0bf768f32b6b378e4e588432c208fadc
freetype-2.1.9-10.el4.7.s390x.rpm     12444443b8cb29eff2c13e9575f7c4df
freetype-demos-2.1.9-10.el4.7.s390x.rpm     a455a226c97f3035ce4b254548464a7e
freetype-devel-2.1.9-10.el4.7.s390x.rpm     18a77d6a1bb76b6c2b9e4601f1a52ffb
freetype-utils-2.1.9-10.el4.7.s390x.rpm     dff8b32423b4ea81c3421ecc481e3471
 
x86_64:
freetype-2.1.9-10.el4.7.i386.rpm     8feeaa0d31aadb63cf232373aaaf6176
freetype-2.1.9-10.el4.7.x86_64.rpm     277331f895ae105e7e14dd93a4f0d3d5
freetype-demos-2.1.9-10.el4.7.x86_64.rpm     b91c4d9eae0d3aec49bbd1f2428a5eb9
freetype-devel-2.1.9-10.el4.7.x86_64.rpm     68e8e13a51ca09e7f791854f0bd3b2d2
freetype-utils-2.1.9-10.el4.7.x86_64.rpm     f1869787e6d5ba44948646ce7e75f13f
 
Red Hat Enterprise Linux ES (v. 3)
SRPMS:
freetype-2.1.4-12.el3.src.rpm     0ad92ae4d0505b13d30e8092dff597fa
 
IA-32:
freetype-2.1.4-12.el3.i386.rpm     5d47ec9a2261f1038d943e8deae49d2b
freetype-devel-2.1.4-12.el3.i386.rpm     215e1477add917ff7f6c66edbdb10c27
 
IA-64:
freetype-2.1.4-12.el3.i386.rpm     5d47ec9a2261f1038d943e8deae49d2b
freetype-2.1.4-12.el3.ia64.rpm     3c75b1c94299a7c25bfc48ae3bf2de1e
freetype-devel-2.1.4-12.el3.ia64.rpm     436b8d02afe9b68e8ca03c9ffd21fc7c
 
x86_64:
freetype-2.1.4-12.el3.i386.rpm     5d47ec9a2261f1038d943e8deae49d2b
freetype-2.1.4-12.el3.x86_64.rpm     cbc637276c6a75a2b0388ea59a8991a5
freetype-devel-2.1.4-12.el3.x86_64.rpm     0cc6715a4ab08151ef7e18010d2aa610
 
Red Hat Enterprise Linux ES (v. 4)
SRPMS:
freetype-2.1.9-10.el4.7.src.rpm     cf698570314f6c275f59dbfb42c827c4
 
IA-32:
freetype-2.1.9-10.el4.7.i386.rpm     8feeaa0d31aadb63cf232373aaaf6176
freetype-demos-2.1.9-10.el4.7.i386.rpm     f49673bf273dd0d0dcd6093943247300
freetype-devel-2.1.9-10.el4.7.i386.rpm     00a98937d7238adc082072cff5faa187
freetype-utils-2.1.9-10.el4.7.i386.rpm     743c665fd58d7d22e8932a3076ec3e5b
 
IA-64:
freetype-2.1.9-10.el4.7.i386.rpm     8feeaa0d31aadb63cf232373aaaf6176
freetype-2.1.9-10.el4.7.ia64.rpm     3a7b4cedad823a7a2a869231df35755c
freetype-demos-2.1.9-10.el4.7.ia64.rpm     b2630495aa76ebcac908907f358c0a6e
freetype-devel-2.1.9-10.el4.7.ia64.rpm     d794a92f1d7dac36025ee6ccadd6fc87
freetype-utils-2.1.9-10.el4.7.ia64.rpm     043f4d857c590aa17081eabc416b89ce
 
x86_64:
freetype-2.1.9-10.el4.7.i386.rpm     8feeaa0d31aadb63cf232373aaaf6176
freetype-2.1.9-10.el4.7.x86_64.rpm     277331f895ae105e7e14dd93a4f0d3d5
freetype-demos-2.1.9-10.el4.7.x86_64.rpm     b91c4d9eae0d3aec49bbd1f2428a5eb9
freetype-devel-2.1.9-10.el4.7.x86_64.rpm     68e8e13a51ca09e7f791854f0bd3b2d2
freetype-utils-2.1.9-10.el4.7.x86_64.rpm     f1869787e6d5ba44948646ce7e75f13f
 
Red Hat Enterprise Linux ES (v. 4.8.z)
SRPMS:
freetype-2.1.9-10.el4.7.src.rpm     cf698570314f6c275f59dbfb42c827c4
 
IA-32:
freetype-2.1.9-10.el4.7.i386.rpm     8feeaa0d31aadb63cf232373aaaf6176
freetype-demos-2.1.9-10.el4.7.i386.rpm     f49673bf273dd0d0dcd6093943247300
freetype-devel-2.1.9-10.el4.7.i386.rpm     00a98937d7238adc082072cff5faa187
freetype-utils-2.1.9-10.el4.7.i386.rpm     743c665fd58d7d22e8932a3076ec3e5b
 
IA-64:
freetype-2.1.9-10.el4.7.i386.rpm     8feeaa0d31aadb63cf232373aaaf6176
freetype-2.1.9-10.el4.7.ia64.rpm     3a7b4cedad823a7a2a869231df35755c
freetype-demos-2.1.9-10.el4.7.ia64.rpm     b2630495aa76ebcac908907f358c0a6e
freetype-devel-2.1.9-10.el4.7.ia64.rpm     d794a92f1d7dac36025ee6ccadd6fc87
freetype-utils-2.1.9-10.el4.7.ia64.rpm     043f4d857c590aa17081eabc416b89ce
 
x86_64:
freetype-2.1.9-10.el4.7.i386.rpm     8feeaa0d31aadb63cf232373aaaf6176
freetype-2.1.9-10.el4.7.x86_64.rpm     277331f895ae105e7e14dd93a4f0d3d5
freetype-demos-2.1.9-10.el4.7.x86_64.rpm     b91c4d9eae0d3aec49bbd1f2428a5eb9
freetype-devel-2.1.9-10.el4.7.x86_64.rpm     68e8e13a51ca09e7f791854f0bd3b2d2
freetype-utils-2.1.9-10.el4.7.x86_64.rpm     f1869787e6d5ba44948646ce7e75f13f
 
Red Hat Enterprise Linux WS (v. 3)
SRPMS:
freetype-2.1.4-12.el3.src.rpm     0ad92ae4d0505b13d30e8092dff597fa
 
IA-32:
freetype-2.1.4-12.el3.i386.rpm     5d47ec9a2261f1038d943e8deae49d2b
freetype-devel-2.1.4-12.el3.i386.rpm     215e1477add917ff7f6c66edbdb10c27
 
IA-64:
freetype-2.1.4-12.el3.i386.rpm     5d47ec9a2261f1038d943e8deae49d2b
freetype-2.1.4-12.el3.ia64.rpm     3c75b1c94299a7c25bfc48ae3bf2de1e
freetype-devel-2.1.4-12.el3.ia64.rpm     436b8d02afe9b68e8ca03c9ffd21fc7c
 
x86_64:
freetype-2.1.4-12.el3.i386.rpm     5d47ec9a2261f1038d943e8deae49d2b
freetype-2.1.4-12.el3.x86_64.rpm     cbc637276c6a75a2b0388ea59a8991a5
freetype-devel-2.1.4-12.el3.x86_64.rpm     0cc6715a4ab08151ef7e18010d2aa610
 
Red Hat Enterprise Linux WS (v. 4)
SRPMS:
freetype-2.1.9-10.el4.7.src.rpm     cf698570314f6c275f59dbfb42c827c4
 
IA-32:
freetype-2.1.9-10.el4.7.i386.rpm     8feeaa0d31aadb63cf232373aaaf6176
freetype-demos-2.1.9-10.el4.7.i386.rpm     f49673bf273dd0d0dcd6093943247300
freetype-devel-2.1.9-10.el4.7.i386.rpm     00a98937d7238adc082072cff5faa187
freetype-utils-2.1.9-10.el4.7.i386.rpm     743c665fd58d7d22e8932a3076ec3e5b
 
IA-64:
freetype-2.1.9-10.el4.7.i386.rpm     8feeaa0d31aadb63cf232373aaaf6176
freetype-2.1.9-10.el4.7.ia64.rpm     3a7b4cedad823a7a2a869231df35755c
freetype-demos-2.1.9-10.el4.7.ia64.rpm     b2630495aa76ebcac908907f358c0a6e
freetype-devel-2.1.9-10.el4.7.ia64.rpm     d794a92f1d7dac36025ee6ccadd6fc87
freetype-utils-2.1.9-10.el4.7.ia64.rpm     043f4d857c590aa17081eabc416b89ce
 
x86_64:
freetype-2.1.9-10.el4.7.i386.rpm     8feeaa0d31aadb63cf232373aaaf6176
freetype-2.1.9-10.el4.7.x86_64.rpm     277331f895ae105e7e14dd93a4f0d3d5
freetype-demos-2.1.9-10.el4.7.x86_64.rpm     b91c4d9eae0d3aec49bbd1f2428a5eb9
freetype-devel-2.1.9-10.el4.7.x86_64.rpm     68e8e13a51ca09e7f791854f0bd3b2d2
freetype-utils-2.1.9-10.el4.7.x86_64.rpm     f1869787e6d5ba44948646ce7e75f13f
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

240200 - CVE-2007-2754 freetype integer overflow
450774 - CVE-2008-1808 FreeType off-by-one flaws
484437 - CVE-2006-1861 freetype: multiple integer overflow vulnerabilities
491384 - CVE-2009-0946 freetype: multiple integer overflows


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1861
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2754
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1808
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0946
http://www.redhat.com/security/updates/classification/#important
http://www.redhat.com/support/policy/soc/production/

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/