[El-errata] ELSA-2010-0578 Important: Enterprise Linux 4 freetype security update

Errata Announcements for Enterprise Linux el-errata at oss.oracle.com
Fri Jul 30 16:21:07 PDT 2010


Enterprise Linux Security Advisory ELSA-2010-0578

https://rhn.redhat.com/errata/RHSA-2010-0578.html

The following updated rpms for Enterprise Linux 4 have been uploaded to 
the Unbreakable Linux Network:

i386:
freetype-2.1.9-14.el4.8.i386.rpm
freetype-demos-2.1.9-14.el4.8.i386.rpm
freetype-devel-2.1.9-14.el4.8.i386.rpm
freetype-utils-2.1.9-14.el4.8.i386.rpm

x86_64:
freetype-2.1.9-14.el4.8.i386.rpm
freetype-2.1.9-14.el4.8.x86_64.rpm
freetype-demos-2.1.9-14.el4.8.x86_64.rpm
freetype-devel-2.1.9-14.el4.8.x86_64.rpm
freetype-utils-2.1.9-14.el4.8.x86_64.rpm

ia64:
freetype-2.1.9-14.el4.8.i386.rpm
freetype-2.1.9-14.el4.8.ia64.rpm
freetype-demos-2.1.9-14.el4.8.ia64.rpm
freetype-devel-2.1.9-14.el4.8.ia64.rpm
freetype-utils-2.1.9-14.el4.8.ia64.rpm


SRPMS:
http://oss.oracle.com/el4/SRPMS-updates/freetype-2.1.9-14.el4.8.src.rpm


Description of changes:

[2.1.9-14.el4.8]
- Add freetype-2.1.9-axis-name-overflow.patch
    (Avoid overflow when dealing with names of axes)
- Resolves: #614010

[2.1.9-13.el4.8]
- Modify freetype-2.1.9-CVE-2010-2519.patch (additional fix)
    (If the type of the POST fragment is 0, the segment is completely 
ignored)
- Resolves: #614010

[2.1.9-12.el4.8]
- Add freetype-2.1.9-CVE-2010-2527.patch
    (Use precision for `%s' where appropriate to avoid buffer overflows)
- Resolves: #614010

[2.1.9-11.el4.8]
- Add freetype-2.1.9-CVE-2010-2498.patch
    (Assure that `end_point' is not larger than `glyph->num_points')
- Add freetype-2.1.9-CVE-2010-2499.patch
    (Check the buffer size during gathering PFB fragments)
- Add freetype-2.1.9-CVE-2010-2500.patch
    (Use smaller threshold values for `width' and `height')
- Add freetype-2.1.9-CVE-2010-2519.patch
    (Check `rlen' the length of fragment declared in the POST fragment 
header)
- Resolves: #614010





More information about the El-errata mailing list