[USN-643-1] FreeType vulnerabilities

Kees Cook kees at ubuntu.com
Thu Sep 11 22:27:09 UTC 2008


=========================================================== 
Ubuntu Security Notice USN-643-1         September 11, 2008
freetype vulnerabilities
CVE-2008-1806, CVE-2008-1807, CVE-2008-1808
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.04
Ubuntu 7.10
Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  libfreetype6                    2.1.10-1ubuntu2.5

Ubuntu 7.04:
  libfreetype6                    2.2.1-5ubuntu1.2

Ubuntu 7.10:
  libfreetype6                    2.3.5-1ubuntu4.7.10.1

Ubuntu 8.04 LTS:
  libfreetype6                    2.3.5-1ubuntu4.8.04.1

After a standard system upgrade you need to restart your session to
effect the necessary changes.

Details follow:

Multiple flaws were discovered in the PFB and TTF font handling code
in freetype.  If a user were tricked into using a specially crafted
font file, a remote attacker could execute arbitrary code with user
privileges or cause the application linked against freetype to crash,
leading to a denial of service.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.10-1ubuntu2.5.diff.gz
      Size/MD5:    61226 6c66dd6e70020232a317923954795f55
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.10-1ubuntu2.5.dsc
      Size/MD5:      756 ae876a7d63fc19acd58839f78883568e
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.10.orig.tar.gz
      Size/MD5:  1323617 adf145ce51196ad1b3054d5fb032efe6

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.5_amd64.deb
      Size/MD5:   717504 f7f01c858678c88b72a297cfaf0c04d8
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.5_amd64.deb
      Size/MD5:   439950 bd57f3d8d0de6c92313a5013cc65a9dd
    http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.5_amd64.deb
      Size/MD5:   133870 a9e289db8b44a07e560762c4b50fbb32
    http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.5_amd64.udeb
      Size/MD5:   251744 2ec43e089150ebf7e4ca76a283123bfe

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.5_i386.deb
      Size/MD5:   677456 bb8a9ffe2a4129440a5f2b1580951441
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.5_i386.deb
      Size/MD5:   415534 285c888edd64956294eb12401086fdf9
    http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.5_i386.deb
      Size/MD5:   117362 9f871503b252e990b134481aaee8bf05
    http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.5_i386.udeb
      Size/MD5:   227326 8edd92c819fdf564dfaf9eabb8d5bbcb

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.5_powerpc.deb
      Size/MD5:   708442 236abfb1c77da946d4964a65330c3723
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.5_powerpc.deb
      Size/MD5:   430020 f7bacfcd3b7067e055f9e1a19d652839
    http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.5_powerpc.deb
      Size/MD5:   134256 4537e50e0087a7dbbc4dbd1881f37986
    http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.5_powerpc.udeb
      Size/MD5:   241466 3cdc08267a14e7c8d318b89588850f4f

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.5_sparc.deb
      Size/MD5:   683628 d65cc62a285251ba5adf654a46a9873f
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.5_sparc.deb
      Size/MD5:   411058 e75386ffdb84eec8734c5a4e8e316515
    http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.5_sparc.deb
      Size/MD5:   120082 ca64eaec1f4443e7a7e483ce11d908db
    http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.5_sparc.udeb
      Size/MD5:   222480 b2bed2f9d40445aed9fdbaffde6557a0

Updated packages for Ubuntu 7.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.2.1-5ubuntu1.2.diff.gz
      Size/MD5:    34128 293369b7734de909c48a1a53a52ac9ad
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.2.1-5ubuntu1.2.dsc
      Size/MD5:      934 c962be94c068c0267d53aef2ca8049dc
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.2.1.orig.tar.gz
      Size/MD5:  1451392 a584e84d617c6e7919b4aef9b5106cf4

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.2.1-5ubuntu1.2_amd64.deb
      Size/MD5:   669160 7c282fffc798a15c26611d605ab5f644
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.2.1-5ubuntu1.2_amd64.deb
      Size/MD5:   355868 7c1ca824c4b99d0602f2ab3a48217daa
    http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.2.1-5ubuntu1.2_amd64.deb
      Size/MD5:   151698 1f50e1bef945a99f73ff5d7731bee945
    http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.2.1-5ubuntu1.2_amd64.udeb
      Size/MD5:   250868 53aaf7a3a775e1b0c8ca9a511db5ef27

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.2.1-5ubuntu1.2_i386.deb
      Size/MD5:   640474 e231a834f099014cc68714e5ab322337
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.2.1-5ubuntu1.2_i386.deb
      Size/MD5:   343826 d0aed109134464b056e44aca37e3f400
    http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.2.1-5ubuntu1.2_i386.deb
      Size/MD5:   134584 d9ba29677ab94b9b69ea726a33abe06d
    http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.2.1-5ubuntu1.2_i386.udeb
      Size/MD5:   237572 f227ea16926050038c2452360cfe0397

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.2.1-5ubuntu1.2_powerpc.deb
      Size/MD5:   663186 7262489abc1ed1726eb60480cae9daaf
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.2.1-5ubuntu1.2_powerpc.deb
      Size/MD5:   356450 eaaec2862b5ba92908353fde90e354d9
    http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.2.1-5ubuntu1.2_powerpc.deb
      Size/MD5:   160368 949d30bc1508138673acc48e4d54117a
    http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.2.1-5ubuntu1.2_powerpc.udeb
      Size/MD5:   250216 601c00ff376609db7e272a4cb22b8277

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.2.1-5ubuntu1.2_sparc.deb
      Size/MD5:   635780 eee358eb58a4a274a3cf4f7924a45425
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.2.1-5ubuntu1.2_sparc.deb
      Size/MD5:   328008 6fb5e77c1e11345af657f50990a23799
    http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.2.1-5ubuntu1.2_sparc.deb
      Size/MD5:   135438 e389f6f4c58408cb143fc53b5ec16f18
    http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.2.1-5ubuntu1.2_sparc.udeb
      Size/MD5:   222258 5005d2bf0ebab47b0f00ba006e4b3a3a

Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.5-1ubuntu4.7.10.1.diff.gz
      Size/MD5:    32392 f43351d5c56e0a6432132556581bbe59
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.5-1ubuntu4.7.10.1.dsc
      Size/MD5:      944 4095a3dbfcc9a33f9014cb40415b9434
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.5.orig.tar.gz
      Size/MD5:  1536077 4a5bdbe1ab92f3fe4c4816f9934a5ec2

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.7.10.1_amd64.deb
      Size/MD5:   695776 bd34599d40b4bada4a7c942ecb73af2e
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.7.10.1_amd64.deb
      Size/MD5:   363958 b94b8a86bfc9b4d377bafbe1a270d10f
    http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.7.10.1_amd64.deb
      Size/MD5:   226098 06393a425b12ba5db9edc0be0d43f5f3
    http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.7.10.1_amd64.udeb
      Size/MD5:   260832 dcafd9881766c3fe78d3981b770f5ae3

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.7.10.1_i386.deb
      Size/MD5:   664184 36999d55d7900a522eeb1393440abfdb
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.7.10.1_i386.deb
      Size/MD5:   348580 3317d4129d8b48e72bed79cc77007e76
    http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.7.10.1_i386.deb
      Size/MD5:   199554 b5fe08ca3fe3fc72d99e9d8774738938
    http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.7.10.1_i386.udeb
      Size/MD5:   245958 9fe1900b2a3676624c5d8bb1e0eb4719

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.7.10.1_lpia.deb
      Size/MD5:   665092 eb05b0004a767fb5adf20b15b11a0957
    http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.7.10.1_lpia.deb
      Size/MD5:   348748 ef2b09db0c6afac6557bc24d4147f6a0
    http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.7.10.1_lpia.deb
      Size/MD5:   205274 053325b7712aa9edb70a5153626459ed
    http://ports.ubuntu.com/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.7.10.1_lpia.udeb
      Size/MD5:   245988 e6a9e1d029fe308a62d726f7aed67bf9

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.7.10.1_powerpc.deb
      Size/MD5:   688928 4431492d76055646289cd563c2fdca54
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.7.10.1_powerpc.deb
      Size/MD5:   361526 a7ad92719a212856bbf09a3c421257c8
    http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.7.10.1_powerpc.deb
      Size/MD5:   234566 775ce2c35af5d64f48c76302d78b5f25
    http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.7.10.1_powerpc.udeb
      Size/MD5:   259014 083d6dfa14a395f2ea8a8cf7ebb80b08

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.7.10.1_sparc.deb
      Size/MD5:   659680 966a89e882917b3395eb6252dbdb4e74
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.7.10.1_sparc.deb
      Size/MD5:   333962 93a9a871a86bd6f313c330a8c36fed7c
    http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.7.10.1_sparc.deb
      Size/MD5:   201010 c2ff174e86e3e42a5aa268fa7f173d34
    http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.7.10.1_sparc.udeb
      Size/MD5:   230518 0e9fd929044df71406738e9d84c7c880

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.5-1ubuntu4.8.04.1.diff.gz
      Size/MD5:    32395 2ae84145941bf1c67058decbef143652
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.5-1ubuntu4.8.04.1.dsc
      Size/MD5:      944 bb7c3ed6113393ccd6abdb3d37300c07
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.5.orig.tar.gz
      Size/MD5:  1536077 4a5bdbe1ab92f3fe4c4816f9934a5ec2

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.1_amd64.deb
      Size/MD5:   694000 d3f6a9432ba6e6128ae6042ec913de9c
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.1_amd64.deb
      Size/MD5:   361338 3b5f89dab8e56569d7427ac67507492c
    http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.1_amd64.deb
      Size/MD5:   221288 c27d0aa4b83a0f428b45388fade03097
    http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.1_amd64.udeb
      Size/MD5:   258196 6277f4040b0e996e87dc251a874dd439

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.1_i386.deb
      Size/MD5:   663140 87fd64034becc5901e1559e9cb1301ba
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.1_i386.deb
      Size/MD5:   346396 f49f1d306c5c2ffd41df1f85c82ff20a
    http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.1_i386.deb
      Size/MD5:   201200 3c1851a782a0886f23de434aeaa8d033
    http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.1_i386.udeb
      Size/MD5:   243222 84dc439ed4697cfee55da2eb67d81698

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.1_lpia.deb
      Size/MD5:   665082 22e6aedd01689bb8cad75d1e98f6211e
    http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.1_lpia.deb
      Size/MD5:   346596 6f8718573d06a221a4cec2f41411fe21
    http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.1_lpia.deb
      Size/MD5:   205444 cbe4313062dee1ee8a06fbced6e9a0d1
    http://ports.ubuntu.com/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.1_lpia.udeb
      Size/MD5:   244208 8388f5dc96acef6cc8a2e375569b450a

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.1_powerpc.deb
      Size/MD5:   686986 9ddf5f196c576dfae2f53ab2c57df29b
    http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.1_powerpc.deb
      Size/MD5:   357360 68496230dd15b13b59dbf8b713bf1f8e
    http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.1_powerpc.deb
      Size/MD5:   235472 175aaae30eaa1c46ec8653e104794682
    http://ports.ubuntu.com/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.1_powerpc.udeb
      Size/MD5:   254308 f2489420c89bbe5009fe0b3b33dcb3fb

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.1_sparc.deb
      Size/MD5:   657910 e3b7e8c502de36802d0cd75c22257f67
    http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.1_sparc.deb
      Size/MD5:   331172 dfae3b2a457907b6719c0fbf0019eb6f
    http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.1_sparc.deb
      Size/MD5:   199666 8181a2d5292df6a775f8a2179120bf8e
    http://ports.ubuntu.com/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.1_sparc.udeb
      Size/MD5:   227644 e945304ee5c12b57850c91cc6b2ef903

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 235 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20080911/aa8ecbc6/attachment.sig>


More information about the ubuntu-security-announce mailing list