Advisories:rPSA-2006-0100

From rPath Wiki

rPath Security Advisory 2006-0100-2

Published: 2006-06-12

Updated

1. 2006-08-07 Refreshed security patch resolves attempted division by zero

Products

• rPath Linux 1

Rating

Major

Exposure Level Classification

User Non-deterministic Weakness

Updated Versions

• freetype=conary.rpath.com@rpl:1/2.1.10-5-0.1

rPath Issue Tracking System

• RPL-429

References

• CVE-2006-0747
• CVE-2006-1861
• CVE-2006-2661

Description

Previous versions of the freetype library contain multiple integer

overflow weaknesses which allow remote providers of font files

(which may include fonts embedded in documents such as PDF files)

to cause applications to crash, and may possibly also allow them

to execute arbitrary code as the user accessing the files.

7 August 2006 Update: Previous versions of this update caused

some software that uses the freetype library to attempt to divide

by zero when attempting to use some truetype fonts. This is not

thought to have created any additional security risk, but did

keep a few programs from executing correctly. This update

resolves the attempted division by zero errors.

Copyright 2006 rPath, Inc. This file is distributed under the terms of the MIT License. A copy is available at http://www.rpath.com/permanent/mit-license.html