受影响系统:
FreeType FreeType < 2.4.2
不受影响系统:
FreeType FreeType 2.4.2
描述:
FreeType是一个流行的字体函数库。
FreeType的ftmulti demo程序中的ftmulti.c文件存在多个缓冲区溢出漏洞。如果用户使用demo应用加载了特制的字体文件,就会导致应用崩溃或以运行应用用户的权限执行任意代码。
<*来源:Marek Kašík
链接:https://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=617342
http://www.debian.org/security/2010/dsa-2105
https://www.redhat.com/support/errata/RHSA-2010-0577.html
https://www.redhat.com/support/errata/RHSA-2010-0578.html
*>
建议:
厂商补丁:
Debian
——
Debian已经为此发布了一个安全公告(DSA-2105-1)以及相应补丁:
DSA-2105-1:New freetype packages fix several vulnerabilities
链接:http://www.debian.org/security/2010/dsa-2105
补丁下载:
Source archives:
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny3.diff.gz
Size/MD5 checksum: 39230 95a3841e7258573ca2d3e0075b8e7f73
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7.orig.tar.gz
Size/MD5 checksum: 1567540 c1a9f44fde316470176fd6d66af3a0e8
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny3.dsc
Size/MD5 checksum: 1219 2a2bf3d4568d92e2a48ebcda38140e73
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_alpha.deb
Size/MD5 checksum: 775278 2f2ca060588fc33b6d7baae02201dbd2
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_alpha.deb
Size/MD5 checksum: 412188 ad9537e93ed3fb61f9348470940f3ce5
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_alpha.udeb
Size/MD5 checksum: 296592 e689b1c4b6bd7779e44d1cd641be9622
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_alpha.deb
Size/MD5 checksum: 253786 287a98ca57139d4dee8041eba2881e3b
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_amd64.deb
Size/MD5 checksum: 713260 f1d4002e7b6d185ff9f46bc25d67c4c9
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_amd64.deb
Size/MD5 checksum: 223170 cb00f76d826be115243faa9dfd0b8a91
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_amd64.udeb
Size/MD5 checksum: 269796 40762e686138c27ac92b20174e67012e
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_amd64.deb
Size/MD5 checksum: 385848 0294d7e3e1d6b37532f98344a9849cde
arm architecture (ARM)
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_arm.deb
Size/MD5 checksum: 686154 fbe32c7124ba2ce093b31f46736e002b
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_arm.deb
Size/MD5 checksum: 357158 0d793d543a33cfa192098234c925d639
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_arm.udeb
Size/MD5 checksum: 242196 1cfc9f7dc6a7cd0843aa234bab35b69e
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_arm.deb
Size/MD5 checksum: 205120 39ab4dfbc19c8a63affc493e0b5aaf2d
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_armel.deb
Size/MD5 checksum: 684568 325686fbc2fba7687da424ada57b9419
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_armel.deb
Size/MD5 checksum: 209992 69f6a68fb90658ec74dfd7cc7cc0b766
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_armel.udeb
Size/MD5 checksum: 236564 a48afca5c6798d16b140b3362dfac0ca
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_armel.deb
Size/MD5 checksum: 353814 76960109910d6de2f74ec0e345f00854
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_i386.udeb
Size/MD5 checksum: 254452 a34af74eda0feb2b763cfc6f5b8330c1
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_i386.deb
Size/MD5 checksum: 371586 ec294ffffeb9ddec389e3e988d880534
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_i386.deb
Size/MD5 checksum: 198558 3283ad058d37eed8bca46df743c6a915
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_i386.deb
Size/MD5 checksum: 684624 014d335b35ed41022adb628796a0c122
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_ia64.deb
Size/MD5 checksum: 332160 2dbb364f09414e4b0e0f59d9e91d1edc
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_ia64.deb
Size/MD5 checksum: 876692 2f6d3421d6c8424523388347c5640666
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_ia64.deb
Size/MD5 checksum: 531496 5dd7755f63271f597b64c3f513e8e7f1
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_ia64.udeb
Size/MD5 checksum: 415934 ea2ba16157b3504d8b9c8f251b69b16f
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_mips.deb
Size/MD5 checksum: 717022 9ee8c246af10f4bf7cdf5cdc54010dd6
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_mips.deb
Size/MD5 checksum: 213212 3641ad81738e8935c5df2b648383c8e0
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_mips.deb
Size/MD5 checksum: 369018 18559e273ffcea5614e71ab32b95ef47
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_mips.udeb
Size/MD5 checksum: 253924 1be1e224f27a780beb6799d55fa74663
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_mipsel.deb
Size/MD5 checksum: 369772 6181d98166fe1f004fb033f2665ce4af
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_mipsel.deb
Size/MD5 checksum: 214802 6edbec67ff79e96921d1fe4bf57b0fce
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_mipsel.deb
Size/MD5 checksum: 712502 4a99ccc68b1913f88901c5e0686fea4f
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_mipsel.udeb
Size/MD5 checksum: 254212 e30825a94175fd78a561b8365392cbad
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_powerpc.udeb
Size/MD5 checksum: 262804 d35ced8ba625f39dc7a04e3e61e0d49d
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_powerpc.deb
Size/MD5 checksum: 233882 6e294c19dd0109ee80fe6cd401b6a185
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_powerpc.deb
Size/MD5 checksum: 378612 c96a180e7132c543396486b14107cdad
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_powerpc.deb
Size/MD5 checksum: 708212 9602a7786b2ebffd1d75d443901574c5
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_s390.deb
Size/MD5 checksum: 225190 393c9515f7cd89bcd8b0c38d6d6dd7ac
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_s390.deb
Size/MD5 checksum: 384160 4e20bc56e5fc65fb08529d8765d28850
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_s390.deb
Size/MD5 checksum: 698798 f589b6b8882d998bb7b89fa1dfa40b3a
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_s390.udeb
Size/MD5 checksum: 268272 7b6511b9ad657aa165e906a4fcbfee11
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_sparc.deb
Size/MD5 checksum: 200078 29c1833cbde5b4da5c2e35aaf856ab58
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_sparc.udeb
Size/MD5 checksum: 235424 e64a8fc3b744253b22161e31fbb6e92a
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_sparc.deb
Size/MD5 checksum: 352544 a7f480889460b104bbab16fd8d8da2d5
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_sparc.deb
Size/MD5 checksum: 676520 6d0f57a5bd6457a9b9b85271c7001531
补丁安装方法:
1. 手工安装补丁包:
首先,使用下面的命令来下载补丁软件:
# wget url (url是补丁下载链接地址)
然后,使用下面的命令来安装补丁:
# dpkg -i file.deb (file是相应的补丁名)
2. 使用apt-get自动安装补丁包:
首先,使用下面的命令更新内部数据库:
# apt-get update
然后,使用下面的命令安装更新软件包:
# apt-get upgrade
RedHat
——
RedHat已经为此发布了一个安全公告(RHSA-2010:0578-01)以及相应补丁:
RHSA-2010:0578-01:Important: freetype security update
链接:https://www.redhat.com/support/errata/RHSA-2010-0578.html
FreeType
——–
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://freetype.sourceforge.net/index2.html#release-freetype-2.4.2
0 条评论。