Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 377143 (CVE-2011-0226)

Summary: <media-libs/freetype-2.4.6: Code execution vulnerability (CVE-2011-0226)
Product: Gentoo Security Reporter: Ryan Hill (RETIRED) <rhill>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: fonts
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0226
Whiteboard: A2 [glsa]
Package list:
Runtime testing required: ---
Bug Depends on: 377255    
Bug Blocks:    

Description Ryan Hill (RETIRED) gentoo-dev 2011-07-31 07:01:20 UTC 
Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011.

This is an important security update, so I'm asking for stabilization on all archs ASAP.

http://esec-lab.sogeti.com/post/Analysis-of-the-jailbreakme-v3-font-exploit
https://rhn.redhat.com/errata/RHSA-2011-1085.html
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0226
Comment 1 Toralf Förster gentoo-dev 2011-07-31 09:43:32 UTC 
could it be, that somebody removed the stable version 2.4.4 and then the portage tree was pushed out before version 2.4.6 was stabilized ?
Comment 2 Agostino Sarubbo gentoo-dev 2011-07-31 09:58:38 UTC 
Should be assigned to security.

amd64 ok.
Comment 3 Ryan Hill (RETIRED) gentoo-dev 2011-07-31 10:03:16 UTC 
Oops.
Comment 4 Jeroen Roovers (RETIRED) gentoo-dev 2011-07-31 15:46:00 UTC 
Stabilise what? Normally you'd go:

Arch teams, please test and mark stable:
=media-libs/freetype-2.4.6
Target KEYWORDS="alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"
Comment 5 Rafał Mużyło 2011-08-01 15:29:03 UTC 
Should bug 377255 (due to this bug, basically a version bump straight to stable) be also handles here ?
Comment 6 Ian Delaney (RETIRED) gentoo-dev 2011-08-04 18:33:06 UTC 
amd64 ok.
Comment 7 Jeroen Roovers (RETIRED) gentoo-dev 2011-08-05 00:31:14 UTC 
Stable for HPPA.
Comment 8 Jeff (JD) Horelick (RETIRED) gentoo-dev 2011-08-05 05:41:11 UTC 
Archtested on x86: Everything fine
Comment 9 Markos Chandras (RETIRED) gentoo-dev 2011-08-07 10:18:09 UTC 
amd64 done. Thanks Ian and Agostino
Comment 10 Myckel Habets 2011-08-07 18:24:27 UTC 
(In reply to comment #8)
> Archtested on x86: Everything fine

+1
Comment 11 Thomas Kahle (RETIRED) gentoo-dev 2011-08-08 09:43:14 UTC 
x86 stable. Thanks Myckel & JB
Comment 12 Kacper Kowalik (Xarthisius) (RETIRED) gentoo-dev 2011-08-09 13:21:00 UTC 
ppc/ppc64 stable
Comment 13 Markus Meier gentoo-dev 2011-08-13 17:28:28 UTC 
arm stable
Comment 14 Raúl Porcel (RETIRED) gentoo-dev 2011-08-14 16:11:16 UTC 
alpha/ia64/m68k/s390/sh/sparc stable
Comment 15 Tim Sammut (RETIRED) gentoo-dev 2011-08-17 15:24:52 UTC 
Thanks, everyone. Added to existing GLSA request.
Comment 16 GLSAMaker/CVETool Bot gentoo-dev 2011-10-07 22:13:04 UTC 
CVE-2011-0226 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0226):
  Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as
  used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and
  other products, allows remote attackers to execute arbitrary code or cause a
  denial of service (memory corruption and application crash) via a crafted
  Type 1 font in a PDF document, as exploited in the wild in July 2011.
Comment 17 GLSAMaker/CVETool Bot gentoo-dev 2012-01-23 20:35:53 UTC 
This issue was resolved and addressed in
 GLSA 201201-09 at http://security.gentoo.org/glsa/glsa-201201-09.xml
by GLSA coordinator Sean Amoss (ackle).