[Oraclevm-errata] OVMSA-2009-0012 Important: Oracle VM 2.1 freetype security update
Errata Announcements for Oracle VM
oraclevm-errata at oss.oracle.com
Wed May 27 11:42:05 PDT 2009
Oracle VM Security Advisory OVMSA-2009-0012
The following updated rpms for Oracle VM 2.1 have been uploaded to the
Unbreakable Linux Network:
i386:
freetype-2.2.1-21.el5_3.i386.rpm
SRPMS:
http://oss.oracle.com/oraclevm/server/SRPMS-updates/freetype-2.2.1-21.el5_3.src.rpm
Description of changes:
Following security fixes is released in this errata:
CVE-2009-0946 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0946>
Multiple integer overflows in FreeType 2.3.9 and earlier allow remote
attackers to execute arbitrary code via vectors related to large values
in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3)
cff/cffload.c.
CVE-2008-1806 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1806>
Integer overflow in FreeType2 before 2.3.6 allows context-dependent
attackers to execute arbitrary code via a crafted set of 16-bit length
values within the Private dictionary table in a Printer Font Binary
(PFB) file, which triggers a heap-based buffer overflow.
CVE-2008-1807 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1807>
FreeType2 before 2.3.6 allow context-dependent attackers to execute
arbitrary code via an invalid "number of axes" field in a Printer Font
Binary (PFB) file, which triggers a free of arbitrary memory locations,
leading to memory corruption.
CVE-2008-1808 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1808>
Multiple off-by-one errors in FreeType2 before 2.3.6 allow
context-dependent attackers to execute arbitrary code via (1) a crafted
table in a Printer Font Binary (PFB) file or (2) a crafted SHC
instruction in a TrueType Font (TTF) file, which triggers a heap-based
buffer overflow.
[2.2.1-21]
- Add freetype-2009-CVEs.patch
- Resolves: #496111
[2.2.1-20]
- Add freetype-2.3.5-CVEs.patch
- Resolves: #450910
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://oss.oracle.com/pipermail/oraclevm-errata/attachments/20090527/3d157436/attachment.html
More information about the Oraclevm-errata
mailing list