What is the severity of RHSA-2009:1061?

The RHSA-2009:1061 vulnerability has been classified as important.

How do I fix RHSA-2009:1061?

You can fix RHSA-2009:1061 by updating to the FreeType version 2.2.1-21.el5_3.

What software is affected by RHSA-2009:1061?

The affected software includes FreeType and its related packages such as freetype-devel and freetype-demos.

Who discovered the RHSA-2009:1061 vulnerability?

The vulnerability was discovered by Tavis Ormandy from the Google Security Team.

What type of vulnerability is RHSA-2009:1061?

RHSA-2009:1061 is an integer overflow vulnerability in the FreeType font engine.

Vulnerability/
RHSA-2009:1061

22/5/2009

RHSA-2009:1061: Important: freetype security update

First published: Fri May 22 2009(Updated: )

FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. These packages provide the FreeType 2 font engine. Tavis Ormandy of the Google Security Team discovered several integer overflow flaws in the FreeType 2 font engine. If a user loaded a carefully-crafted font file with an application linked against FreeType 2, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2009-0946) Users are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect.

Affected Software	Affected Version	How to fix
redhat/freetype	<2.2.1-21.el5_3	2.2.1-21.el5_3
redhat/freetype	<2.2.1-21.el5_3	2.2.1-21.el5_3
redhat/freetype-demos	<2.2.1-21.el5_3	2.2.1-21.el5_3
redhat/freetype-devel	<2.2.1-21.el5_3	2.2.1-21.el5_3
redhat/freetype-devel	<2.2.1-21.el5_3	2.2.1-21.el5_3
redhat/freetype-demos	<2.2.1-21.el5_3	2.2.1-21.el5_3

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of RHSA-2009:1061?
The RHSA-2009:1061 vulnerability has been classified as important.
How do I fix RHSA-2009:1061?
You can fix RHSA-2009:1061 by updating to the FreeType version 2.2.1-21.el5_3.
What software is affected by RHSA-2009:1061?
The affected software includes FreeType and its related packages such as freetype-devel and freetype-demos.
Who discovered the RHSA-2009:1061 vulnerability?
The vulnerability was discovered by Tavis Ormandy from the Google Security Team.
What type of vulnerability is RHSA-2009:1061?
RHSA-2009:1061 is an integer overflow vulnerability in the FreeType font engine.

agent/severity
agent/type
agent/softwarecombine
agent/first-publish-date
agent/last-modified-date
agent/references
agent/title
agent/remedy
agent/description
collector/redhat-errata
source/Red Hat
anchor-id/RHSA-2009:1061
agent/software-canonical-lookup
agent/event
agent/trending
agent/tags
agent/source
package-manager/redhat

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.