USN-963-1: FreeType vulnerabilities

Ubuntu Security Notice USN-963-1

20th July, 2010

freetype vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 10.04 LTS
Ubuntu 9.10
Ubuntu 9.04
Ubuntu 8.04 LTS
Ubuntu 6.06 LTS

Software description

freetype

Details

Robert Święcki discovered that FreeType did not correctly handle certain
malformed font files. If a user were tricked into using a specially crafted
font file, a remote attacker could execute arbitrary code with user
privileges.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 10.04 LTS:: libfreetype6 2.3.11-1ubuntu2.1
Ubuntu 9.10:: libfreetype6 2.3.9-5ubuntu0.1
Ubuntu 9.04:: libfreetype6 2.3.9-4ubuntu0.2
Ubuntu 8.04 LTS:: libfreetype6 2.3.5-1ubuntu4.8.04.3
Ubuntu 6.06 LTS:: libfreetype6 2.1.10-1ubuntu2.7

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart your session to make
all the necessary changes.

References

CVE-2010-2498, CVE-2010-2499, CVE-2010-2500, CVE-2010-2519, CVE-2010-2520, CVE-2010-2527