RHSA-2010:0607: Important: freetype security update

First published: Thu Aug 05 2010(Updated: )

FreeType is a free, high-quality, portable font engine that can open and<br>manage font files. It also loads, hints, and renders individual glyphs<br>efficiently. The freetype packages for Red Hat Enterprise Linux 3 and 4<br>provide both the FreeType 1 and FreeType 2 font engines. The freetype<br>packages for Red Hat Enterprise Linux 5 provide only the FreeType 2 font<br>engine.<br>Two stack overflow flaws were found in the way the FreeType font engine<br>processed certain Compact Font Format (CFF) character strings (opcodes). If<br>a user loaded a specially-crafted font file with an application linked<br>against FreeType, it could cause the application to crash or, possibly,<br>execute arbitrary code with the privileges of the user running the<br>application. (CVE-2010-1797)<br>Red Hat would like to thank Braden Thomas of the Apple Product Security<br>team for reporting these issues.<br>Note: CVE-2010-1797 only affects the FreeType 2 font engine.<br>Users are advised to upgrade to these updated packages, which contain a<br>backported patch to correct these issues. The X server must be restarted<br>(log out, then log back in) for this update to take effect.<br>

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/description
• agent/event
• agent/first-publish-date
• agent/last-modified-date
• agent/references
• agent/remedy
• agent/severity
• agent/softwarecombine
• agent/tags
• agent/title
• agent/type
• collector/redhat-errata
• source/Red Hat
• anchor-id/RHSA-2010:0607
• agent/software-canonical-lookup
• package-manager/redhat