[Full-disclosure] [USN-767-1] FreeType vulnerability



===========================================================
Ubuntu Security Notice USN-767-1 April 27, 2009
freetype vulnerability
CVE-2009-0946
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
libfreetype6 2.1.10-1ubuntu2.6

Ubuntu 8.04 LTS:
libfreetype6 2.3.5-1ubuntu4.8.04.2

Ubuntu 8.10:
libfreetype6 2.3.7-2ubuntu1.1

Ubuntu 9.04:
libfreetype6 2.3.9-4ubuntu0.1

After a standard system upgrade you need to restart your session to effect
the necessary changes.

Details follow:

Tavis Ormandy discovered that FreeType did not correctly handle certain
large values in font files. If a user were tricked into using a specially
crafted font file, a remote attacker could execute arbitrary code with user
privileges.


Updated packages for Ubuntu 6.06 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.10-1ubuntu2.6.diff.gz
Size/MD5: 63243 6eced56657e507440d991ed5fb7e0507
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.10-1ubuntu2.6.dsc
Size/MD5: 718 0187b6f8fec0809baf064ea6174385d5
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.10.orig.tar.gz
Size/MD5: 1323617 adf145ce51196ad1b3054d5fb032efe6

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.6_amd64.deb
Size/MD5: 717576 85fd921a50749842a931c2b6f52ee8bf
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.6_amd64.deb
Size/MD5: 440082 e689c28c61a0d4c70cfc8e1823f861ea
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.6_amd64.deb
Size/MD5: 133862 a63df79393b82314d708c1099209ea43
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.6_amd64.udeb
Size/MD5: 251740 bf1479fbacd83ccfdaaf679d13d68e46

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.6_i386.deb
Size/MD5: 677580 09a7c3c7559c93687887106c0916f193
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.6_i386.deb
Size/MD5: 415800 5d17f49104f4e75ccd25aecb856b0f33
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.6_i386.deb
Size/MD5: 117352 a972506957e5e40799eeb76c538a9ce2
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.6_i386.udeb
Size/MD5: 227434 98fedf40c8a2ce5329a8132cd452bc0a

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.6_powerpc.deb
Size/MD5: 708492 68a4995925bcd945e46ecd2927941be0
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.6_powerpc.deb
Size/MD5: 430248 c67e9a322cb3ce40210282af049c20e9
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.6_powerpc.deb
Size/MD5: 134264 0eaf8e8743688d696dc317fc347f8c6b
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.6_powerpc.udeb
Size/MD5: 241536 c8b480f23f465753c9898808ed159daa

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.6_sparc.deb
Size/MD5: 683838 6f59a42cfa33aa7c218cd72230c3b508
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.6_sparc.deb
Size/MD5: 411260 5dc0cc3f380b074c5c58122a44704a4d
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.6_sparc.deb
Size/MD5: 120086 e8e04f15c6b55f38d019c97820169d8a
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.6_sparc.udeb
Size/MD5: 222578 a8b45bf046a9f3c8e5edccf9ee562dde

Updated packages for Ubuntu 8.04 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.5-1ubuntu4.8.04.2.diff.gz
Size/MD5: 34030 5fccbfbd34cf9ec5c20ec19d298575dd
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.5-1ubuntu4.8.04.2.dsc
Size/MD5: 906 b627d379927f29c574fa825fa914caae
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.5.orig.tar.gz
Size/MD5: 1536077 4a5bdbe1ab92f3fe4c4816f9934a5ec2

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.2_amd64.deb
Size/MD5: 694072 d77aedf6ae28d5cf3f78fde6c673ce78
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.2_amd64.deb
Size/MD5: 361534 ebe7428c86ec09817e1751c421072042
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.2_amd64.deb
Size/MD5: 221294 da1213d0ab5b00d5696c4382224763ac
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.2_amd64.udeb
Size/MD5: 258220 6b59878a409bdb52f3a839960f8ca919

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.2_i386.deb
Size/MD5: 663334 be36bc9c6bb6640d7094f350d9e54859
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.2_i386.deb
Size/MD5: 346626 eee8d191e0569d12681d3661aa8cd536
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.2_i386.deb
Size/MD5: 201184 a8b3b1394b00153b564ed91b85fe9fff
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.2_i386.udeb
Size/MD5: 243350 13de39536d6a5ba96728af9e98e9c08a

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.2_lpia.deb
Size/MD5: 665104 2b0fb13ab4d9b35e18f258a2ca9f413f
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.2_lpia.deb
Size/MD5: 346804 f88701a0e6bf9daaea61bf43deb4a706
http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.2_lpia.deb
Size/MD5: 205444 c161aec6bfec144b155fbe884b68f1d2
http://ports.ubuntu.com/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.2_lpia.udeb
Size/MD5: 244250 7bfa8dd521d39b5ca60dde7756116c76

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.2_powerpc.deb
Size/MD5: 687172 57949107ee5153b9855986f2a54fb99d
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.2_powerpc.deb
Size/MD5: 357512 0c0f189d319e2468e2e2ee5ab775cd9a
http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.2_powerpc.deb
Size/MD5: 235464 8d78d9f6a846902f520cdda87b8a9b86
http://ports.ubuntu.com/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.2_powerpc.udeb
Size/MD5: 254372 114f72c3f09ca692032d02b88156d490

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.2_sparc.deb
Size/MD5: 658002 115e0959c5b3ee90c608330a650c73f6
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.2_sparc.deb
Size/MD5: 331430 725e0d228448a4f2472cccdb1cfdd4fc
http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.2_sparc.deb
Size/MD5: 199682 5511ca256126a878c49c2652f8909e2c
http://ports.ubuntu.com/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.2_sparc.udeb
Size/MD5: 227742 1a3ab995c86d12dcc39ebfac0b8eb30d

Updated packages for Ubuntu 8.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.7-2ubuntu1.1.diff.gz
Size/MD5: 34014 9dbf40d8947ad72b6150ea0cadcff023
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.7-2ubuntu1.1.dsc
Size/MD5: 1310 2b1e1d6a830d6780d2f1e991f499faf7
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.7.orig.tar.gz
Size/MD5: 1567540 c1a9f44fde316470176fd6d66af3a0e8

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.7-2ubuntu1.1_amd64.deb
Size/MD5: 714744 272150906be43a5023e331249ac67a39
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.7-2ubuntu1.1_amd64.deb
Size/MD5: 385030 da7e86a8bd2eac0cb6a22edeb439fe66
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.7-2ubuntu1.1_amd64.deb
Size/MD5: 225376 f5070329475d13f727c995c6b288bf98
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.3.7-2ubuntu1.1_amd64.udeb
Size/MD5: 268810 72e878fd0d41ed4e1cb2284b436d5569

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.7-2ubuntu1.1_i386.deb
Size/MD5: 684262 41eeb0f56f7b9de1344e41987b48c82e
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.7-2ubuntu1.1_i386.deb
Size/MD5: 369310 ed330c8529f64e4c3efe447b7262991c
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.7-2ubuntu1.1_i386.deb
Size/MD5: 197738 8d4a605c30bb27877f424d39c0c45b81
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.3.7-2ubuntu1.1_i386.udeb
Size/MD5: 253868 0495a9df858479e8621af8a415e21333

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.7-2ubuntu1.1_lpia.deb
Size/MD5: 686444 d8d8b8d80a7927943073c29783f529f2
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.7-2ubuntu1.1_lpia.deb
Size/MD5: 369464 46f265d23c6b5151453553babbf1272a
http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.7-2ubuntu1.1_lpia.deb
Size/MD5: 200606 c69fe733317c5a27e478d47135f05366
http://ports.ubuntu.com/pool/universe/f/freetype/libfreetype6-udeb_2.3.7-2ubuntu1.1_lpia.udeb
Size/MD5: 254134 e7d0adb3dbd49d9ae3e75012763d10af

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.7-2ubuntu1.1_powerpc.deb
Size/MD5: 707636 38f91efda5d37e0b94d4978db97e3bb3
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.7-2ubuntu1.1_powerpc.deb
Size/MD5: 377142 4ecbf680e3081f51d0c96157453e3366
http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.7-2ubuntu1.1_powerpc.deb
Size/MD5: 226534 3b531d2a4ad444ec18d22eeaedc6efcc
http://ports.ubuntu.com/pool/universe/f/freetype/libfreetype6-udeb_2.3.7-2ubuntu1.1_powerpc.udeb
Size/MD5: 261810 a648a148a0e9ad44ce10d88875c28e52

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.7-2ubuntu1.1_sparc.deb
Size/MD5: 675998 03ece4005fbc4a29402e8247485e2d0c
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.7-2ubuntu1.1_sparc.deb
Size/MD5: 349982 9a4f121b866445be99ef92b88e2f3fe3
http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.7-2ubuntu1.1_sparc.deb
Size/MD5: 200646 d27581465861fcf9a851698d739bf88e
http://ports.ubuntu.com/pool/universe/f/freetype/libfreetype6-udeb_2.3.7-2ubuntu1.1_sparc.udeb
Size/MD5: 235092 6163a0bd37680f8b3df7bdfca188db44

Updated packages for Ubuntu 9.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9-4ubuntu0.1.diff.gz
Size/MD5: 36631 982bfae418763751b6adb4d0b007511b
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9-4ubuntu0.1.dsc
Size/MD5: 1310 f384ff386a01582076f2c2408596ab58
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9.orig.tar.gz
Size/MD5: 1624314 7b2ab681f1a436876ed888041204e478

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.9-4ubuntu0.1_amd64.deb
Size/MD5: 729206 b48fc9907dbad4ed87918d23e7ee1fb8
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.9-4ubuntu0.1_amd64.udeb
Size/MD5: 272746 58638602d26c387c4d2a115c787d15e8
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.9-4ubuntu0.1_amd64.deb
Size/MD5: 406250 378224725aee8445f3cf447bc716a7af
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.9-4ubuntu0.1_amd64.deb
Size/MD5: 226370 bc6debd3635e03350cd6d9bbf765ad3c

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.9-4ubuntu0.1_i386.deb
Size/MD5: 697634 49f0a72a2f6b297f533130d5b35f082c
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.9-4ubuntu0.1_i386.udeb
Size/MD5: 257748 f0286eee94412e898a53ed58697521bf
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.9-4ubuntu0.1_i386.deb
Size/MD5: 391634 a24b1bb441f4901d5cbf6347eabd277c
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.9-4ubuntu0.1_i386.deb
Size/MD5: 198696 d75df0ec8356af1d8792bff2e2456459

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-4ubuntu0.1_lpia.deb
Size/MD5: 698720 c334c49293dcb55d0de7266d5def91ae
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-4ubuntu0.1_lpia.udeb
Size/MD5: 257666 b4a658d726dba4e198a7601ef503c621
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-4ubuntu0.1_lpia.deb
Size/MD5: 392168 fd4c73c8704c8b2b95c7e63aa67228b6
http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-4ubuntu0.1_lpia.deb
Size/MD5: 201526 4e05b9516e4369d6ea7c3486f3411d5a

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-4ubuntu0.1_powerpc.deb
Size/MD5: 719880 d397634553bff1be5704c5e6ee572173
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-4ubuntu0.1_powerpc.udeb
Size/MD5: 265694 4ce19350999978e0e16d98e6c7d4d5c3
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-4ubuntu0.1_powerpc.deb
Size/MD5: 399528 8d3f0bdc81c7d2ad84e8146225c3c69c
http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-4ubuntu0.1_powerpc.deb
Size/MD5: 227754 18e452ce2daf53958e707a721e717239

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-4ubuntu0.1_sparc.deb
Size/MD5: 689200 ee24ef498fb19e18b61b8ddad65bd00a
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-4ubuntu0.1_sparc.udeb
Size/MD5: 238112 23a3f6268a807ca623eb2ac3722c392c
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-4ubuntu0.1_sparc.deb
Size/MD5: 371724 928cff8f549020285bef41b79aa00f49
http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-4ubuntu0.1_sparc.deb
Size/MD5: 201360 812a74c8596405e1bcd8e0d97352cca7


Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/