Slackware Security Advisories
Slackware Logo

News

Security Advisories

FAQ

Book

General Info

Get Slack

Install Help

Configuration

Packages

ChangeLogs

Propaganda

Ports

Other Sites

Support

Contact

Mailing Lists

About

 
From: Slackware Security Team <security@slackware.com>
To: slackware-security@slackware.com
Subject: [slackware-security] freetype (SSA:2007-109-01)
Date: Thu, 19 Apr 2007 19:55:00 -0700 (PDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  freetype (SSA:2007-109-01)

New x11 and/or freetype and fontconfig packages are available for Slackware
10.1, 10.2, 11.0, and -current to fix security issues in freetype.  Freetype
was packaged with X11 prior to Slackware version 11.0.

More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1351


Here are the details from the Slackware 11.0 ChangeLog:
+--------------------------+
patches/packages/freetype-2.3.4-i486-1_slack11.0.tgz:
  Fixed an overflow parsing BDF fonts.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1351
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

HINT:  Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try.  This is another primary FTP site
for Slackware that can be considerably faster than downloading
from ftp.slackware.com.

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated packages for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/x11-6.8.1-i486-6_slack10.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/x11-devel-6.8.1-i486-6_slack10.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/x11-xdmx-6.8.1-i486-6_slack10.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/x11-xnest-6.8.1-i486-6_slack10.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/x11-xvfb-6.8.1-i486-6_slack10.1.tgz

Updated packages for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/x11-6.8.2-i486-9_slack10.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/x11-devel-6.8.2-i486-9_slack10.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/x11-xdmx-6.8.2-i486-9_slack10.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/x11-xnest-6.8.2-i486-9_slack10.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/x11-xvfb-6.8.2-i486-9_slack10.2.tgz

Updated packages for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/fontconfig-2.4.2-i486-1_slack11.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/freetype-2.3.4-i486-1_slack11.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/x11-6.9.0-i486-13_slack11.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/x11-devel-6.9.0-i486-13_slack11.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/x11-xdmx-6.9.0-i486-13_slack11.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/x11-xnest-6.9.0-i486-13_slack11.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/x11-xvfb-6.9.0-i486-13_slack11.0.tgz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/freetype-2.3.4-i486-1.tgz


MD5 signatures:
+-------------+

Slackware 10.1 packages:
f43963a12395187f84a5a893a9b49b08  x11-6.8.1-i486-6_slack10.1.tgz
d50e827c4b6662dcad766a7bd7a21a65  x11-devel-6.8.1-i486-6_slack10.1.tgz
cef7148c39d423ecab3e2ccccd3adb84  x11-xdmx-6.8.1-i486-6_slack10.1.tgz
f14c00ed7581968f0b1f48090ff3b88e  x11-xnest-6.8.1-i486-6_slack10.1.tgz
578877ff6ce1d31ac4260ef6aeee9782  x11-xvfb-6.8.1-i486-6_slack10.1.tgz

Slackware 10.2 packages:
391c07940d6953297bf5c8f34d3e9d08  x11-6.8.2-i486-9_slack10.2.tgz
964ad494c2b38a2b6691d4146edf38f0  x11-devel-6.8.2-i486-9_slack10.2.tgz
e0abb822a02da4189999ed3ec728cc7f  x11-xdmx-6.8.2-i486-9_slack10.2.tgz
355e7d7b950271c9113c041be6987574  x11-xnest-6.8.2-i486-9_slack10.2.tgz
a19ad4440384fe676fb5ba39d781a0ed  x11-xvfb-6.8.2-i486-9_slack10.2.tgz

Slackware 11.0 packages:
54347dc1526ece8d23c43b4b9fb19ece  fontconfig-2.4.2-i486-1_slack11.0.tgz
db824c40a99a28faa622ffa1dd6c147c  freetype-2.3.4-i486-1_slack11.0.tgz
2364ff264047eb9a7055a7d3ed82ffdc  x11-6.9.0-i486-13_slack11.0.tgz
9e177d82b3d9e48ccfca95ac556771ef  x11-devel-6.9.0-i486-13_slack11.0.tgz
0b42fd71db86207b08987316ed567210  x11-xdmx-6.9.0-i486-13_slack11.0.tgz
3bac6d7d422dc015f7d99db93b61a9ca  x11-xnest-6.9.0-i486-13_slack11.0.tgz
a523bce573612986a59aa39214dffc9d  x11-xvfb-6.9.0-i486-13_slack11.0.tgz

Slackware -current package:
e37bde7696812341354b94fef81e4b91  freetype-2.3.4-i486-1.tgz


Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg fontconfig-2.4.2-i486-1_slack11.0.tgz \
  freetype-2.3.4-i486-1_slack11.0.tgz x11-6.9.0-i486-13_slack11.0.tgz \
  x11-devel-6.9.0-i486-13_slack11.0.tgz \
  x11-xdmx-6.9.0-i486-13_slack11.0.tgz \
  x11-xnest-6.9.0-i486-13_slack11.0.tgz \
  x11-xvfb-6.9.0-i486-13_slack11.tgz


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+------------------------------------------------------------------------+
| To leave the slackware-security mailing list:                          |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message:                                                     |
|                                                                        |
|   unsubscribe slackware-security                                       |
|                                                                        |
| You will get a confirmation message back containing instructions to    |
| complete the process.  Please do not reply to this email address.      |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGKApDakRjwEAQIjMRAmhcAKCRrxpsy2WJCyLrKSvDpJMEhm2GBgCfWUZh
5Eapvq6lMB4wEoECwwIb22c=
=lxDx
-----END PGP SIGNATURE-----

Slackware™ is a trademark of Patrick Volkerding.