Welcome 微信登录
编程资源 图片资源库 蚂蚁家优选 PDF转换器

首页 / 操作系统 / Linux / FreeType 2.4.0更新修复多个安全漏洞

发布日期:2010-07-13
更新日期:2010-07-16受影响系统:
FreeType FreeType < 2.4.0
不受影响系统:
FreeType FreeType 2.4.0
描述:
--------------------------------------------------------------------------------
BUGTRAQ  ID: 41663
CVE ID: CVE-2010-2497,CVE-2010-2498,CVE-2010-2499,CVE-2010-2500,CVE-2010-2519,CVE-2010-2520FreeType是一个流行的字体函数库。FreeType及其truetype字节码支持在处理某些字体文件和字体轮廓时存在堆溢出、整数溢出和无效内存释放漏洞,用户受骗打开了特制字体就可能导致拒绝服务或执行任意代码。<*来源:Robert Swiecki (robert@swiecki.net)
 
  链接:http://secunia.com/advisories/40586/
        https://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=613160
        https://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=613154
        https://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=613162
        https://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=613167
        https://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=613198
        https://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=613194
        http://www.debian.org/security/2010/dsa-2070
*>建议:
--------------------------------------------------------------------------------
厂商补丁:Debian
------
Debian已经为此发布了一个安全公告(DSA-2070-1)以及相应补丁:
DSA-2070-1:New freetype packages fix several vulnerabilities
链接:http://www.debian.org/security/2010/dsa-2070补丁下载:Source archives:http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny2.dsc
Size/MD5 checksum:     1219 a5930e5dfa3757bed045a67b7ef0e3e2
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7.orig.tar.gz
Size/MD5 checksum:  1567540 c1a9f44fde316470176fd6d66af3a0e8
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny2.diff.gz
Size/MD5 checksum:    36156 f1cb13247588b40f8f6c9d232df7efdealpha architecture (DEC Alpha)http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_alpha.deb
Size/MD5 checksum:   775180 d9d1a2680550113aab5a5aa23998458e
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_alpha.deb
Size/MD5 checksum:   411954 63d800f83bd77f18b9307cd77b5cfd1d
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_alpha.deb
Size/MD5 checksum:   253784 b95be0af80d58e4e0818dd9b66447d9e
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_alpha.udeb
Size/MD5 checksum:   296564 6e080492ee03692588c5953b36bade6damd64 architecture (AMD x86_64 (AMD64))http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_amd64.udeb
Size/MD5 checksum:   269680 4c9e6efc6c36f0867c74dde033b97ac8
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_amd64.deb
Size/MD5 checksum:   223010 5b9c55fc8ef35251ccdc3c1d22b13edd
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_amd64.deb
Size/MD5 checksum:   713084 b5933f78399f7d690f786fb7f04d1eca
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_amd64.deb
Size/MD5 checksum:   385600 741877f101eef1dd6f77aead47ddbba1arm architecture (ARM)http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_arm.deb
Size/MD5 checksum:   205134 624b8b38b6cea2d569c70a18a5f78934
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_arm.udeb
Size/MD5 checksum:   242180 d7c5020f9cb5417378b80571bc2eccd4
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_arm.deb
Size/MD5 checksum:   686080 a12f9cb0b5f76071ed204cfdcc571cd5
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_arm.deb
Size/MD5 checksum:   356996 ff79207089cce445fa6d0514156f12cfarmel architecture (ARM EABI)http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_armel.deb
Size/MD5 checksum:   684278 7654ae1ba45138f11c53da2acce6055c
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_armel.deb
Size/MD5 checksum:   210040 2d05fa53273572a89c81c9085a291fee
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_armel.udeb
Size/MD5 checksum:   236524 727d731977efad369b51fdc28d42bade
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_armel.deb
Size/MD5 checksum:   353412 0bd84857e81e20c777cfaa5cf75532f2hppa architecture (HP PA RISC)http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_hppa.deb
Size/MD5 checksum:   390130 633e25d7f8c8c618d9bae093ccb82ce3
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_hppa.deb
Size/MD5 checksum:   226818 cddac3930a33e08d60652f33c9a74951
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_hppa.deb
Size/MD5 checksum:   724826 9b77d359086e5379ded04c10e2acd20e
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_hppa.udeb
Size/MD5 checksum:   273756 4e144120db5dcbf29368b95a783e55cai386 architecture (Intel ia32)http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_i386.deb
Size/MD5 checksum:   198154 db88552ea82caf3939e7b0cf50aaacd6
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_i386.deb
Size/MD5 checksum:   369100 303fa098f2a6ae9b96dda6911f0bd7fb
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_i386.deb
Size/MD5 checksum:   681856 df21b1a3835e262d844f60f9da27b279
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_i386.udeb
Size/MD5 checksum:   254120 bfb155340e5d588d06f09901b508661bia64 architecture (Intel ia64)http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_ia64.deb
Size/MD5 checksum:   530172 3eb3af7df07000f3f77046c21476d336
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_ia64.udeb
Size/MD5 checksum:   415500 a7790020bc8e89e29d22ba21de275386
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_ia64.deb
Size/MD5 checksum:   331586 c0c579a4f47c6239c33cf1b139850d1c
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_ia64.deb
Size/MD5 checksum:   876158 52006540c63793635d2dcac9f8179dbfmips architecture (MIPS (Big Endian))http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_mips.deb
Size/MD5 checksum:   716244 e62cde7460caa83b189326abbe6a5347
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_mips.deb
Size/MD5 checksum:   370118 606f0b24f3694f40eb5331e8d74c4f3b
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_mips.deb
Size/MD5 checksum:   215180 33b08b6b36a20501276e657c3613701e
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_mips.udeb
Size/MD5 checksum:   253874 fe4977d926f17b3cbc338ea9926fec40mipsel architecture (MIPS (Little Endian))http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_mipsel.udeb
Size/MD5 checksum:   254212 58be71c203785b01889176e8b028afac
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_mipsel.deb
Size/MD5 checksum:   215322 f376b04c5b8450a03b7299a86cc4a586
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_mipsel.deb
Size/MD5 checksum:   369756 412a79e35817f664f76dcaab0df63a59
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_mipsel.deb
Size/MD5 checksum:   716552 3bc89b0f776eaaf3fcd5ec8f6373b599powerpc architecture (PowerPC)http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_powerpc.deb
Size/MD5 checksum:   379634 a6f5c6e8ff755639559e55973ec1074d
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_powerpc.deb
Size/MD5 checksum:   708420 6596bcb33887463503ad0507b216e4ed
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_powerpc.deb
Size/MD5 checksum:   233050 40ee5ec08547be283b808d3afd5f97ba
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_powerpc.udeb
Size/MD5 checksum:   262690 ed1fff07f9e2f763ca481b2f8599e4afs390 architecture (IBM S/390)http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_s390.deb
Size/MD5 checksum:   383824 3fbd3dc038b0ac35b961a964cb1147e6
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_s390.deb
Size/MD5 checksum:   225144 04291aff7589607427d175721aafe8c3
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_s390.udeb
Size/MD5 checksum:   268070 d565627ddbf45d36920a27b8f42c1f55
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_s390.deb
Size/MD5 checksum:   698596 f161a20932cbdbb2ccf4d3a30a555231sparc architecture (Sun SPARC/UltraSPARC)http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_sparc.deb
Size/MD5 checksum:   351162 9f308ff70921739fffbbfe9fca486a87
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_sparc.deb
Size/MD5 checksum:   679330 4bee549927cdfc3b52fc62a5f16b3d49
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_sparc.udeb
Size/MD5 checksum:   235344 ed806b039d7d8868ae9f7c89fe794629
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_sparc.deb
Size/MD5 checksum:   200794 49a26fa64c57498279481a4786919055补丁安装方法:1. 手工安装补丁包:  首先,使用下面的命令来下载补丁软件:
  # wget url  (url是补丁下载链接地址)  然后,使用下面的命令来安装补丁: 
  # dpkg -i file.deb (file是相应的补丁名)2. 使用apt-get自动安装补丁包:   首先,使用下面的命令更新内部数据库:
   # apt-get update
  
   然后,使用下面的命令安装更新软件包:
   # apt-get upgradeFreeType
--------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:http://sourceforge.net/projects/freetype/files/freetype2/2.4.0/freetype-2.4.0.tar.bz2/downloadApache Tomcat Transfer-Encoding头处理拒绝服务和信息泄露漏洞ISC BIND 9 RRSIG记录类型远程拒绝服务漏洞相关资讯      漏洞 
  • 快递官网漏洞泄露 1400 万用户信息  (08/12/2014 08:37:42)
  • 要389目录服务器访问绕过漏洞  (10/01/2012 09:18:08)
  • ASUS Net4Switch "ipswcom.dll"   (03/02/2012 09:32:42)
  • 软件漏洞是一笔大买卖!  (10/06/2012 08:28:32)
  • PHPCMS V9.1.13任意文件包含漏洞分  (08/01/2012 07:23:17)
  • Open Handset Alliance Android   (03/01/2012 06:59:34)
本文评论 查看全部评论 (0)
表情: 姓名: 字数


评论声明
  • 尊重网上道德,遵守中华人民共和国的各项有关法律法规
  • 承担一切因您的行为而直接或间接导致的民事或刑事法律责任
  • 本站管理人员有权保留或删除其管辖留言中的任意内容
  • 本站有权在网站内转载或引用您的评论
  • 参与本评论即表明您已经阅读并接受上述条款
版权所有©石家庄振强科技有限公司2024 冀ICP备08103738号-5 网站地图