Skip to navigation

Security Advisory Moderate: freetype security update

Advisory: RHSA-2011:1161-1
Type: Security Advisory
Severity: Moderate
Issued on: 2011-08-15
Last updated on: 2011-08-15
Affected Products: Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2011-2895

Details

Updated freetype packages that fix one security issue are now available for
Red Hat Enterprise Linux 4.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

FreeType is a free, high-quality, portable font engine that can open and
manage font files. It also loads, hints, and renders individual glyphs
efficiently. These packages provide both the FreeType 1 and FreeType 2 font
engines.

A buffer overflow flaw was found in the way the FreeType library handled
malformed font files compressed using UNIX compress. If a user loaded a
specially-crafted compressed font file with an application linked against
FreeType, it could cause the application to crash or, possibly, execute
arbitrary code with the privileges of the user running the application.
(CVE-2011-2895)

Note: This issue only affects the FreeType 2 font engine.

Users are advised to upgrade to these updated packages, which contain a
backported patch to correct this issue. The X server must be restarted (log
out, then log back in) for this update to take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

Red Hat Desktop (v. 4)

SRPMS:
freetype-2.1.9-19.el4.src.rpm
File outdated by:  RHSA-2011:1455
    MD5: 780165d676abbedd70c13f302ee8bfa3
SHA-256: 93c64f22342d402543162aa2c9231a50ed1614f2b2c3b99a34a67c7f950c2671
 
IA-32:
freetype-2.1.9-19.el4.i386.rpm
File outdated by:  RHSA-2011:1455
    MD5: 4ad0bb281c82306ac751a691f66a1816
SHA-256: 287ea13a23ed2f03fa2f6fa45fd319e76941960c376572f708cec7a17b1b47b0
freetype-demos-2.1.9-19.el4.i386.rpm
File outdated by:  RHSA-2011:1455
    MD5: f762db49eec0c4ac46707a2ccc42d879
SHA-256: f236648266e17b5d3d44369d7a75475aed656ff7dd9f212558a0a01f5515be31
freetype-devel-2.1.9-19.el4.i386.rpm
File outdated by:  RHSA-2011:1455
    MD5: 2478ba32bef595cd2ff0d0d319fa46f8
SHA-256: 703a847ce0e9ae9088dcfdc780af254fcaaa1aaab5f9ac174ad5e1a1ab059320
freetype-utils-2.1.9-19.el4.i386.rpm
File outdated by:  RHSA-2011:1455
    MD5: cb624bd6355f4b50f0aedd39d5c110a1
SHA-256: 066575800f0f201e6c7ae78f6509110ded6a8eafce797b5a0737cedca25d973e
 
x86_64:
freetype-2.1.9-19.el4.i386.rpm
File outdated by:  RHSA-2011:1455
    MD5: 4ad0bb281c82306ac751a691f66a1816
SHA-256: 287ea13a23ed2f03fa2f6fa45fd319e76941960c376572f708cec7a17b1b47b0
freetype-2.1.9-19.el4.x86_64.rpm
File outdated by:  RHSA-2011:1455
    MD5: be67a37911e04c3fd8a1220c1e78b216
SHA-256: 855c6577eab52f08b691782219673562ac01cc23fa0e17ab554485f89b4a5646
freetype-demos-2.1.9-19.el4.x86_64.rpm
File outdated by:  RHSA-2011:1455
    MD5: f6f0c4115b9249eb3b0c59fb6e4445fd
SHA-256: 882668a16a799d171106e49e0a52647202a9590e9ef5b3d6476d9700f21f0431
freetype-devel-2.1.9-19.el4.x86_64.rpm
File outdated by:  RHSA-2011:1455
    MD5: 898b50bc5749c9958287ada3b6412ff0
SHA-256: c7f03ad2da46e1d21b53bb7fb161e4c62e3154d86a19739365ace0add838c734
freetype-utils-2.1.9-19.el4.x86_64.rpm
File outdated by:  RHSA-2011:1455
    MD5: b55589ce760f4b088b2e96d217a9a385
SHA-256: 7192059a58f233b7ed90d81636929a5275e9b54e676cdef6bf8df2efe950673d
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
freetype-2.1.9-19.el4.src.rpm
File outdated by:  RHSA-2011:1455
    MD5: 780165d676abbedd70c13f302ee8bfa3
SHA-256: 93c64f22342d402543162aa2c9231a50ed1614f2b2c3b99a34a67c7f950c2671
 
IA-32:
freetype-2.1.9-19.el4.i386.rpm
File outdated by:  RHSA-2011:1455
    MD5: 4ad0bb281c82306ac751a691f66a1816
SHA-256: 287ea13a23ed2f03fa2f6fa45fd319e76941960c376572f708cec7a17b1b47b0
freetype-demos-2.1.9-19.el4.i386.rpm
File outdated by:  RHSA-2011:1455
    MD5: f762db49eec0c4ac46707a2ccc42d879
SHA-256: f236648266e17b5d3d44369d7a75475aed656ff7dd9f212558a0a01f5515be31
freetype-devel-2.1.9-19.el4.i386.rpm
File outdated by:  RHSA-2011:1455
    MD5: 2478ba32bef595cd2ff0d0d319fa46f8
SHA-256: 703a847ce0e9ae9088dcfdc780af254fcaaa1aaab5f9ac174ad5e1a1ab059320
freetype-utils-2.1.9-19.el4.i386.rpm
File outdated by:  RHSA-2011:1455
    MD5: cb624bd6355f4b50f0aedd39d5c110a1
SHA-256: 066575800f0f201e6c7ae78f6509110ded6a8eafce797b5a0737cedca25d973e
 
IA-64:
freetype-2.1.9-19.el4.i386.rpm
File outdated by:  RHSA-2011:1455
    MD5: 4ad0bb281c82306ac751a691f66a1816
SHA-256: 287ea13a23ed2f03fa2f6fa45fd319e76941960c376572f708cec7a17b1b47b0
freetype-2.1.9-19.el4.ia64.rpm
File outdated by:  RHSA-2011:1455
    MD5: dc848d394056a9799bc3b9381c3258ca
SHA-256: a3abd95f977773c3e37427fbb5ba2bf4e4a8dfe6aade6f8e65ebac5bb916df36
freetype-demos-2.1.9-19.el4.ia64.rpm
File outdated by:  RHSA-2011:1455
    MD5: 9131b81cd493a0512733d080cc944f20
SHA-256: 472169a9abf35fdca599731fb0a17ac610d93bce8a57fd2169e1460146510277
freetype-devel-2.1.9-19.el4.ia64.rpm
File outdated by:  RHSA-2011:1455
    MD5: 317d26705261c429bee01ce9472f08c1
SHA-256: 0022144fa1ea6c0a0d3b7b6e1ab8f0d74aa10781dbe0e0ebecd126f0c5a3e302
freetype-utils-2.1.9-19.el4.ia64.rpm
File outdated by:  RHSA-2011:1455
    MD5: 1df1c137f81fb941502f314952b62412
SHA-256: 6f3f3e891d96635552131ae581685ac4c1af71ee894fcc26ed0801769da34764
 
PPC:
freetype-2.1.9-19.el4.ppc.rpm
File outdated by:  RHSA-2011:1455
    MD5: 36a421994660687d53886eabae046246
SHA-256: 860b47e446c77c230b5923758f15658b89f0ca3c9fbcac865c6b2fc9471310ae
freetype-2.1.9-19.el4.ppc64.rpm
File outdated by:  RHSA-2011:1455
    MD5: 05a5a45bd31bcd4e1d94c54cee9b9a97
SHA-256: ec7fa937d8a680d541cb924c1f5c04ed9428229c1b0aebebfc029a402c1570e2
freetype-demos-2.1.9-19.el4.ppc.rpm
File outdated by:  RHSA-2011:1455
    MD5: 0a53f3c2ad82e2a8dbcac60e5d159948
SHA-256: 8467a18aa53383fc9dce50acf6f1e830e79861db71e475a80daebcc26820ebd5
freetype-devel-2.1.9-19.el4.ppc.rpm
File outdated by:  RHSA-2011:1455
    MD5: 5cf789e714dc759e761885d5c43c6650
SHA-256: 1f3a84049e9d2215873efad590f109736da7f2380b27c782647fe3d496d9732c
freetype-utils-2.1.9-19.el4.ppc.rpm
File outdated by:  RHSA-2011:1455
    MD5: 55688eb42a5ed1c7eef8f50672705113
SHA-256: 8860b594fa226c5eacdb62ed338e8dcf0b5c31bbf405e0b69005b4aec7e39ffa
 
s390:
freetype-2.1.9-19.el4.s390.rpm
File outdated by:  RHSA-2011:1455
    MD5: 0cdbd66a8550202a47dfc3e3e87debd6
SHA-256: af4c7c9de12c0a4b4153c8642afa31c0b7c3e3621a97360c909cbba723f322fe
freetype-demos-2.1.9-19.el4.s390.rpm
File outdated by:  RHSA-2011:1455
    MD5: 6aa3aaa31c2d3d8e8498add23a188108
SHA-256: 50f1e972cf3578a58bf54866f625d3b57586e1d549f8743258bf1edaea3a2aaf
freetype-devel-2.1.9-19.el4.s390.rpm
File outdated by:  RHSA-2011:1455
    MD5: ab8bafad7586ea1e1935608c60c0e389
SHA-256: 4ebe8ffe178938e677b272601af11f0d2f594b7a2dec46a59a00c8b8e14ccf61
freetype-utils-2.1.9-19.el4.s390.rpm
File outdated by:  RHSA-2011:1455
    MD5: 633700b753d73e4447a10658771dbbc7
SHA-256: 4a7e87f5b771ac2dadbd8b271796feab14351a69ce84acc501fa91486c6d8fa5
 
s390x:
freetype-2.1.9-19.el4.s390.rpm
File outdated by:  RHSA-2011:1455
    MD5: 0cdbd66a8550202a47dfc3e3e87debd6
SHA-256: af4c7c9de12c0a4b4153c8642afa31c0b7c3e3621a97360c909cbba723f322fe
freetype-2.1.9-19.el4.s390x.rpm
File outdated by:  RHSA-2011:1455
    MD5: f6c3b2c713d8e5e1e7ec2fb4ca5a6176
SHA-256: 16fba68c6622aa99ef1063bd4b70ec47813fe23fe8ceb627e6474cc10fd2bab3
freetype-demos-2.1.9-19.el4.s390x.rpm
File outdated by:  RHSA-2011:1455
    MD5: 3af8ff7f53e4ba2d809e86718540553c
SHA-256: f0589e9a87e5b69ac807e4b90a1e057e1b7e7dc0859d783616cfb519e48406fd
freetype-devel-2.1.9-19.el4.s390x.rpm
File outdated by:  RHSA-2011:1455
    MD5: a1879c100de77c413228a2ab8dfa9874
SHA-256: 0b8457c25b3b4fc55cc6e9f436476a92b955a2d3badc7caa1a11ea031cb337ad
freetype-utils-2.1.9-19.el4.s390x.rpm
File outdated by:  RHSA-2011:1455
    MD5: bb993119a235de0ff8adb471b300d95f
SHA-256: c0da77481ef4452abb8fa2fe05ec1f9ca512704064300a0dae33e4142cd63a43
 
x86_64:
freetype-2.1.9-19.el4.i386.rpm
File outdated by:  RHSA-2011:1455
    MD5: 4ad0bb281c82306ac751a691f66a1816
SHA-256: 287ea13a23ed2f03fa2f6fa45fd319e76941960c376572f708cec7a17b1b47b0
freetype-2.1.9-19.el4.x86_64.rpm
File outdated by:  RHSA-2011:1455
    MD5: be67a37911e04c3fd8a1220c1e78b216
SHA-256: 855c6577eab52f08b691782219673562ac01cc23fa0e17ab554485f89b4a5646
freetype-demos-2.1.9-19.el4.x86_64.rpm
File outdated by:  RHSA-2011:1455
    MD5: f6f0c4115b9249eb3b0c59fb6e4445fd
SHA-256: 882668a16a799d171106e49e0a52647202a9590e9ef5b3d6476d9700f21f0431
freetype-devel-2.1.9-19.el4.x86_64.rpm
File outdated by:  RHSA-2011:1455
    MD5: 898b50bc5749c9958287ada3b6412ff0
SHA-256: c7f03ad2da46e1d21b53bb7fb161e4c62e3154d86a19739365ace0add838c734
freetype-utils-2.1.9-19.el4.x86_64.rpm
File outdated by:  RHSA-2011:1455
    MD5: b55589ce760f4b088b2e96d217a9a385
SHA-256: 7192059a58f233b7ed90d81636929a5275e9b54e676cdef6bf8df2efe950673d
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
freetype-2.1.9-19.el4.src.rpm
File outdated by:  RHSA-2011:1455
    MD5: 780165d676abbedd70c13f302ee8bfa3
SHA-256: 93c64f22342d402543162aa2c9231a50ed1614f2b2c3b99a34a67c7f950c2671
 
IA-32:
freetype-2.1.9-19.el4.i386.rpm
File outdated by:  RHSA-2011:1455
    MD5: 4ad0bb281c82306ac751a691f66a1816
SHA-256: 287ea13a23ed2f03fa2f6fa45fd319e76941960c376572f708cec7a17b1b47b0
freetype-demos-2.1.9-19.el4.i386.rpm
File outdated by:  RHSA-2011:1455
    MD5: f762db49eec0c4ac46707a2ccc42d879
SHA-256: f236648266e17b5d3d44369d7a75475aed656ff7dd9f212558a0a01f5515be31
freetype-devel-2.1.9-19.el4.i386.rpm
File outdated by:  RHSA-2011:1455
    MD5: 2478ba32bef595cd2ff0d0d319fa46f8
SHA-256: 703a847ce0e9ae9088dcfdc780af254fcaaa1aaab5f9ac174ad5e1a1ab059320
freetype-utils-2.1.9-19.el4.i386.rpm
File outdated by:  RHSA-2011:1455
    MD5: cb624bd6355f4b50f0aedd39d5c110a1
SHA-256: 066575800f0f201e6c7ae78f6509110ded6a8eafce797b5a0737cedca25d973e
 
IA-64:
freetype-2.1.9-19.el4.i386.rpm
File outdated by:  RHSA-2011:1455
    MD5: 4ad0bb281c82306ac751a691f66a1816
SHA-256: 287ea13a23ed2f03fa2f6fa45fd319e76941960c376572f708cec7a17b1b47b0
freetype-2.1.9-19.el4.ia64.rpm
File outdated by:  RHSA-2011:1455
    MD5: dc848d394056a9799bc3b9381c3258ca
SHA-256: a3abd95f977773c3e37427fbb5ba2bf4e4a8dfe6aade6f8e65ebac5bb916df36
freetype-demos-2.1.9-19.el4.ia64.rpm
File outdated by:  RHSA-2011:1455
    MD5: 9131b81cd493a0512733d080cc944f20
SHA-256: 472169a9abf35fdca599731fb0a17ac610d93bce8a57fd2169e1460146510277
freetype-devel-2.1.9-19.el4.ia64.rpm
File outdated by:  RHSA-2011:1455
    MD5: 317d26705261c429bee01ce9472f08c1
SHA-256: 0022144fa1ea6c0a0d3b7b6e1ab8f0d74aa10781dbe0e0ebecd126f0c5a3e302
freetype-utils-2.1.9-19.el4.ia64.rpm
File outdated by:  RHSA-2011:1455
    MD5: 1df1c137f81fb941502f314952b62412
SHA-256: 6f3f3e891d96635552131ae581685ac4c1af71ee894fcc26ed0801769da34764
 
x86_64:
freetype-2.1.9-19.el4.i386.rpm
File outdated by:  RHSA-2011:1455
    MD5: 4ad0bb281c82306ac751a691f66a1816
SHA-256: 287ea13a23ed2f03fa2f6fa45fd319e76941960c376572f708cec7a17b1b47b0
freetype-2.1.9-19.el4.x86_64.rpm
File outdated by:  RHSA-2011:1455
    MD5: be67a37911e04c3fd8a1220c1e78b216
SHA-256: 855c6577eab52f08b691782219673562ac01cc23fa0e17ab554485f89b4a5646
freetype-demos-2.1.9-19.el4.x86_64.rpm
File outdated by:  RHSA-2011:1455
    MD5: f6f0c4115b9249eb3b0c59fb6e4445fd
SHA-256: 882668a16a799d171106e49e0a52647202a9590e9ef5b3d6476d9700f21f0431
freetype-devel-2.1.9-19.el4.x86_64.rpm
File outdated by:  RHSA-2011:1455
    MD5: 898b50bc5749c9958287ada3b6412ff0
SHA-256: c7f03ad2da46e1d21b53bb7fb161e4c62e3154d86a19739365ace0add838c734
freetype-utils-2.1.9-19.el4.x86_64.rpm
File outdated by:  RHSA-2011:1455
    MD5: b55589ce760f4b088b2e96d217a9a385
SHA-256: 7192059a58f233b7ed90d81636929a5275e9b54e676cdef6bf8df2efe950673d
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
freetype-2.1.9-19.el4.src.rpm
File outdated by:  RHSA-2011:1455
    MD5: 780165d676abbedd70c13f302ee8bfa3
SHA-256: 93c64f22342d402543162aa2c9231a50ed1614f2b2c3b99a34a67c7f950c2671
 
IA-32:
freetype-2.1.9-19.el4.i386.rpm
File outdated by:  RHSA-2011:1455
    MD5: 4ad0bb281c82306ac751a691f66a1816
SHA-256: 287ea13a23ed2f03fa2f6fa45fd319e76941960c376572f708cec7a17b1b47b0
freetype-demos-2.1.9-19.el4.i386.rpm
File outdated by:  RHSA-2011:1455
    MD5: f762db49eec0c4ac46707a2ccc42d879
SHA-256: f236648266e17b5d3d44369d7a75475aed656ff7dd9f212558a0a01f5515be31
freetype-devel-2.1.9-19.el4.i386.rpm
File outdated by:  RHSA-2011:1455
    MD5: 2478ba32bef595cd2ff0d0d319fa46f8
SHA-256: 703a847ce0e9ae9088dcfdc780af254fcaaa1aaab5f9ac174ad5e1a1ab059320
freetype-utils-2.1.9-19.el4.i386.rpm
File outdated by:  RHSA-2011:1455
    MD5: cb624bd6355f4b50f0aedd39d5c110a1
SHA-256: 066575800f0f201e6c7ae78f6509110ded6a8eafce797b5a0737cedca25d973e
 
IA-64:
freetype-2.1.9-19.el4.i386.rpm
File outdated by:  RHSA-2011:1455
    MD5: 4ad0bb281c82306ac751a691f66a1816
SHA-256: 287ea13a23ed2f03fa2f6fa45fd319e76941960c376572f708cec7a17b1b47b0
freetype-2.1.9-19.el4.ia64.rpm
File outdated by:  RHSA-2011:1455
    MD5: dc848d394056a9799bc3b9381c3258ca
SHA-256: a3abd95f977773c3e37427fbb5ba2bf4e4a8dfe6aade6f8e65ebac5bb916df36
freetype-demos-2.1.9-19.el4.ia64.rpm
File outdated by:  RHSA-2011:1455
    MD5: 9131b81cd493a0512733d080cc944f20
SHA-256: 472169a9abf35fdca599731fb0a17ac610d93bce8a57fd2169e1460146510277
freetype-devel-2.1.9-19.el4.ia64.rpm
File outdated by:  RHSA-2011:1455
    MD5: 317d26705261c429bee01ce9472f08c1
SHA-256: 0022144fa1ea6c0a0d3b7b6e1ab8f0d74aa10781dbe0e0ebecd126f0c5a3e302
freetype-utils-2.1.9-19.el4.ia64.rpm
File outdated by:  RHSA-2011:1455
    MD5: 1df1c137f81fb941502f314952b62412
SHA-256: 6f3f3e891d96635552131ae581685ac4c1af71ee894fcc26ed0801769da34764
 
x86_64:
freetype-2.1.9-19.el4.i386.rpm
File outdated by:  RHSA-2011:1455
    MD5: 4ad0bb281c82306ac751a691f66a1816
SHA-256: 287ea13a23ed2f03fa2f6fa45fd319e76941960c376572f708cec7a17b1b47b0
freetype-2.1.9-19.el4.x86_64.rpm
File outdated by:  RHSA-2011:1455
    MD5: be67a37911e04c3fd8a1220c1e78b216
SHA-256: 855c6577eab52f08b691782219673562ac01cc23fa0e17ab554485f89b4a5646
freetype-demos-2.1.9-19.el4.x86_64.rpm
File outdated by:  RHSA-2011:1455
    MD5: f6f0c4115b9249eb3b0c59fb6e4445fd
SHA-256: 882668a16a799d171106e49e0a52647202a9590e9ef5b3d6476d9700f21f0431
freetype-devel-2.1.9-19.el4.x86_64.rpm
File outdated by:  RHSA-2011:1455
    MD5: 898b50bc5749c9958287ada3b6412ff0
SHA-256: c7f03ad2da46e1d21b53bb7fb161e4c62e3154d86a19739365ace0add838c734
freetype-utils-2.1.9-19.el4.x86_64.rpm
File outdated by:  RHSA-2011:1455
    MD5: b55589ce760f4b088b2e96d217a9a385
SHA-256: 7192059a58f233b7ed90d81636929a5275e9b54e676cdef6bf8df2efe950673d
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

727624 - CVE-2011-2895 BSD compress LZW decoder buffer overflow


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/