Multiple vulnerabilities have been found in freetype2 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=715 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=716 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=717 idefense reports the following in all three advisories: <quote> Exploitation of this vulnerability results in the execution of arbitrary code with the privileges of the application using the library. Since FreeType2 is a library and not a standalone application, the exploitation vector will vary. iDefense Labs verified that local privilege escalation was possible via the X.Org Xserver.</quote>
fonts herd, please provide an updated ebuild
I(In reply to comment #1) > fonts herd, please provide an updated ebuild Please check your local portage rsync mirror.
sorry, loki_val pointed out that it was already in the tree arches, please test media-libs/freetype-2.3.6 and mark stable if possible target KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc ~sparc-fbsd x86 ~x86-fbsd"
x86 stable
sparc stable
alpha/ia64 stable
amd64 stable
ppc64 done
it should be okay to remove 2.1.10-r3 now. i kept it in the tree because some people were getting crashes with newer versions, but we fixed that with some eclass changes a while back.
Stable for HPPA.
ppc stable
Created attachment 156889 [details] freetype 2.3.6 build log emerge failed for me -> x86 build log attached Portage 2.1.4.4 (default-linux/x86/2007.0, gcc-4.1.2, glibc-2.6.1-r0, 2.6.24-gentoo-r8 i686) ================================================================= System uname: 2.6.24-gentoo-r8 i686 Intel(R) Pentium(R) M processor 2.00GHz Timestamp of tree: Sun, 15 Jun 2008 12:30:01 +0000 ccache version 2.4 [enabled] app-shells/bash: 3.2_p33 dev-java/java-config: 1.3.7, 2.1.6 dev-lang/python: 2.4.4-r13 dev-python/pycrypto: 2.0.1-r6 dev-util/ccache: 2.4-r7 sys-apps/baselayout: 1.12.12 sys-apps/sandbox: 1.2.18.1-r2 sys-devel/autoconf: 2.13, 2.61-r1 sys-devel/automake: 1.4_p6, 1.5, 1.7.9-r1, 1.9.6-r2, 1.10.1 sys-devel/binutils: 2.18-r1 sys-devel/gcc-config: 1.4.0-r4 sys-devel/libtool: 1.5.26 virtual/os-headers: 2.6.23-r3 ACCEPT_KEYWORDS="x86" CBUILD="i686-pc-linux-gnu" CFLAGS="-march=pentium-m -O2 -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/config" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c /etc/udev/rules.d" CXXFLAGS="-march=pentium-m -O2 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="ccache collision-protect distlocks metadata-transfer parallel-fetch sandbox sfperms strict unmerge-orphans userfetch" GENTOO_MIRRORS="http://darkstar.ist.utl.pt/gentoo/ http://ftp.dei.uc.pt/pub/linux/gentoo/ http://cesium.di.uminho.pt/pub/gentoo/" LANG="en_US.UTF-8" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/portage/local/layman/science /usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="X alsa bzip2 cli cracklib crypt cups dri firefox fortran gdbm gif gpm iconv ipv6 isdnlog jpeg midi mudflap ncurses nptl nptlonly opengl openmp pcre perl png pppd python readline reflection sdl session spl sse sse2 ssl tcpd tiff truetype unicode x86 xorg zlib" ALSA_CARDS="intel8x0 intel8x0m" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic auth_digest authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dbd deflate dir disk_cache env expires ext_filter file_cache filter headers ident imagemap include info log_config logio mem_cache mime mime_magic negotiation proxy proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_http rewrite setenvif speling status unique_id userdir usertrack vhost_alias" APACHE2_MPMS="worker" ELIBC="glibc" INPUT_DEVICES="keyboard mouse synaptics" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" VIDEO_CARDS="fbdev fglrx vesa vga radeon" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, LDFLAGS, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
try rebuilding libtool.
Fixed in release snapshot.
(In reply to comment #13) > try rebuilding libtool. > Still doesn't build. The error is the same revdep-rebuild finds nothing... sync as of Thu Jun 19 21:20:34 UTC 2008
(In reply to comment #15) > (In reply to comment #13) > > try rebuilding libtool. > > > > Still doesn't build. The error is the same > revdep-rebuild finds nothing... > sync as of Thu Jun 19 21:20:34 UTC 2008 > Nevermind... ccache was the culprit. cleaning ccache solved the problem
GLSA 200806-10
(In reply to comment #17) > GLSA 200806-10 > All the CVE's state that FreeType2 has vulnerabilities. The GLSA's scope is applied to 1.X series also. Is this correct? TexLive has dependencies on =media-libs/freetype-1* I don't think this will be easy to change any time soon. Is there really a problem with the 1.x code? If there is, could a backported FreeType-1.x fix be made available?
the CVE's specifically say Freetype2, so I don't believe 1.* is affected. however i don't speak for the security team.
Are we still maintaining those? Whoops, this bug needs to be reopened then. Analysis by our friends at RedHat yielded that 1.X is also affected, see this for a patch: http://cvs.fedoraproject.org/viewcvs/devel/freetype1/freetype-1.4pre-CVE-2008-1808.patch?rev=1.1&view=auto
+*freetype-1.4_pre20080316-r1 (06 Jul 2008) + + 06 Jul 2008; Peter Alfredsen <loki_val@gentoo.org> + +files/freetype-1.4_pre20080316-CVE-2008-1808.patch, + +freetype-1.4_pre20080316-r1.ebuild: + Revbump for CVE-2008-{1806,1807,1808}, bug #225851. +
Arches, please test and mark stable: =media-libs/freetype-1.4_pre20080316-r1 Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"
ppc and ppc64 -r1 done now.
removing arches
Sparc stable for freetype-1.4_pre20080316-r1 , too.
amd64/x86 stable
Both stable for HPPA now.
(In reply to comment #22) > Arches, please test and mark stable: > =media-libs/freetype-1.4_pre20080316-r1 > Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86" > Can we get the GSLA vulnerable/unaffected versions updated so that glsa-check does not keep identifying freetype-1.4_pre20080316-r1 as an issue?
(In reply to comment #29) > Can we get the GSLA vulnerable/unaffected versions updated so that glsa-check > does not keep identifying freetype-1.4_pre20080316-r1 as an issue? Yes, we will. Please note that this will require an updated version of the GLSA to be sent out.
*** Bug 233962 has been marked as a duplicate of this bug. ***
*** Bug 235412 has been marked as a duplicate of this bug. ***
xml fixed (added 1.4_pre20080316-r1 as unaffected). No errata will be released as users were safe anyway. Sorry for the delay.
