Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 377143 (CVE-2011-0226) - <media-libs/freetype-2.4.6: Code execution vulnerability (CVE-2011-0226)
Summary: <media-libs/freetype-2.4.6: Code execution vulnerability (CVE-2011-0226)
Status: RESOLVED FIXED
Alias: CVE-2011-0226
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://web.nvd.nist.gov/view/vuln/det...
Whiteboard: A2 [glsa]
Keywords:
Depends on: 377255
Blocks:
  Show dependency tree
 
Reported: 2011-07-31 07:01 UTC by Ryan Hill (RETIRED)
Modified: 2012-01-23 20:35 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Ryan Hill (RETIRED) gentoo-dev 2011-07-31 07:01:20 UTC
Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011.

This is an important security update, so I'm asking for stabilization on all archs ASAP.

http://esec-lab.sogeti.com/post/Analysis-of-the-jailbreakme-v3-font-exploit
https://rhn.redhat.com/errata/RHSA-2011-1085.html
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0226
Comment 1 Toralf Förster gentoo-dev 2011-07-31 09:43:32 UTC
could it be, that somebody removed the stable version 2.4.4 and then the portage tree was pushed out before version 2.4.6 was stabilized ?
Comment 2 Agostino Sarubbo gentoo-dev 2011-07-31 09:58:38 UTC
Should be assigned to security.

amd64 ok.
Comment 3 Ryan Hill (RETIRED) gentoo-dev 2011-07-31 10:03:16 UTC
Oops.
Comment 4 Jeroen Roovers gentoo-dev 2011-07-31 15:46:00 UTC
Stabilise what? Normally you'd go:

Arch teams, please test and mark stable:
=media-libs/freetype-2.4.6
Target KEYWORDS="alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"
Comment 5 Rafał Mużyło 2011-08-01 15:29:03 UTC
Should bug 377255 (due to this bug, basically a version bump straight to stable) be also handles here ?
Comment 6 Ian Delaney (RETIRED) gentoo-dev 2011-08-04 18:33:06 UTC
amd64 ok.
Comment 7 Jeroen Roovers gentoo-dev 2011-08-05 00:31:14 UTC
Stable for HPPA.
Comment 8 Jeff (JD) Horelick (RETIRED) gentoo-dev 2011-08-05 05:41:11 UTC
Archtested on x86: Everything fine
Comment 9 Markos Chandras (RETIRED) gentoo-dev 2011-08-07 10:18:09 UTC
amd64 done. Thanks Ian and Agostino
Comment 10 Myckel Habets 2011-08-07 18:24:27 UTC
(In reply to comment #8)
> Archtested on x86: Everything fine

+1
Comment 11 Thomas Kahle (RETIRED) gentoo-dev 2011-08-08 09:43:14 UTC
x86 stable. Thanks Myckel & JB
Comment 12 Kacper Kowalik (Xarthisius) (RETIRED) gentoo-dev 2011-08-09 13:21:00 UTC
ppc/ppc64 stable
Comment 13 Markus Meier gentoo-dev 2011-08-13 17:28:28 UTC
arm stable
Comment 14 Raúl Porcel (RETIRED) gentoo-dev 2011-08-14 16:11:16 UTC
alpha/ia64/m68k/s390/sh/sparc stable
Comment 15 Tim Sammut (RETIRED) gentoo-dev 2011-08-17 15:24:52 UTC
Thanks, everyone. Added to existing GLSA request.
Comment 16 GLSAMaker/CVETool Bot gentoo-dev 2011-10-07 22:13:04 UTC
CVE-2011-0226 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0226):
  Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as
  used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and
  other products, allows remote attackers to execute arbitrary code or cause a
  denial of service (memory corruption and application crash) via a crafted
  Type 1 font in a PDF document, as exploited in the wild in July 2011.
Comment 17 GLSAMaker/CVETool Bot gentoo-dev 2012-01-23 20:35:53 UTC
This issue was resolved and addressed in
 GLSA 201201-09 at http://security.gentoo.org/glsa/glsa-201201-09.xml
by GLSA coordinator Sean Amoss (ackle).