Mailinglist Archive: opensuse-security-announce (22 mails)

< Previous Next >
[security-announce] SUSE-SU-2012:0553-1: important: Security update for freetype2
SUSE Security Update: Security update for freetype2
______________________________________________________________________________

Announcement ID: SUSE-SU-2012:0553-1
Rating: important
References: #619562 #628213 #629447 #633938 #633943 #635692
#647375 #709851 #728044 #730124 #750937 #750938
#750939 #750940 #750941 #750943 #750945 #750946
#750947 #750948 #750949 #750950 #750951 #750952
#750953 #750955
Cross-References: CVE-2010-1797 CVE-2010-2497 CVE-2010-2498
CVE-2010-2499 CVE-2010-2500 CVE-2010-2519
CVE-2010-2520 CVE-2010-2527 CVE-2010-2541
CVE-2010-2805 CVE-2010-3053 CVE-2010-3054
CVE-2010-3311 CVE-2010-3814 CVE-2010-3855
CVE-2011-2895 CVE-2011-3256 CVE-2011-3439
CVE-2012-1126 CVE-2012-1127 CVE-2012-1129
CVE-2012-1130 CVE-2012-1131 CVE-2012-1132
CVE-2012-1133 CVE-2012-1134 CVE-2012-1135
CVE-2012-1136 CVE-2012-1137 CVE-2012-1138
CVE-2012-1139 CVE-2012-1141 CVE-2012-1142
CVE-2012-1143
Affected Products:
SUSE Linux Enterprise Server 10 SP2
______________________________________________________________________________

An update that fixes 34 vulnerabilities is now available.

Description:


Specially crafted font files could have caused buffer
overflows in freetype, which could have been exploited for
remote code execution.

Security Issue references:

* CVE-2012-1141
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1141
>
* CVE-2012-1132
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1132
>
* CVE-2012-1138
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1138
>
* CVE-2012-1139
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1139
>
* CVE-2011-2895
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2895
>
* CVE-2012-1130
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1130
>
* CVE-2010-3311
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3311
>
* CVE-2012-1134
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1134
>
* CVE-2010-2805
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2805
>
* CVE-2010-3814
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3814
>
* CVE-2012-1127
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1127
>
* CVE-2012-1126
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1126
>
* CVE-2010-1797
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1797
>
* CVE-2010-3855
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3855
>
* CVE-2010-2497
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2497
>
* CVE-2012-1142
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1142
>
* CVE-2010-3053
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3053
>
* CVE-2012-1133
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1133
>
* CVE-2012-1137
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1137
>
* CVE-2011-3439
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3439
>
* CVE-2012-1136
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1136
>
* CVE-2012-1143
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1143
>
* CVE-2011-3256
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3256
>
* CVE-2012-1129
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1129
>
* CVE-2012-1131
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1131
>
* CVE-2010-3054
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3054
>
* CVE-2012-1135
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1135
>
* CVE-2010-2498
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2498
>
* CVE-2010-2499
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2499
>
* CVE-2010-2500
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2500
>
* CVE-2010-2519
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2519
>
* CVE-2010-2520
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2520
>
* CVE-2010-2527
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2527
>
* CVE-2010-2541
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2541
>



Package List:

- SUSE Linux Enterprise Server 10 SP2 (i586 s390x x86_64):

freetype2-2.1.10-18.22.21.25
freetype2-devel-2.1.10-18.22.21.25
ft2demos-2.1.10-19.18.21.7

- SUSE Linux Enterprise Server 10 SP2 (s390x x86_64):

freetype2-32bit-2.1.10-18.22.21.25
freetype2-devel-32bit-2.1.10-18.22.21.25


References:

http://support.novell.com/security/cve/CVE-2010-1797.html
http://support.novell.com/security/cve/CVE-2010-2497.html
http://support.novell.com/security/cve/CVE-2010-2498.html
http://support.novell.com/security/cve/CVE-2010-2499.html
http://support.novell.com/security/cve/CVE-2010-2500.html
http://support.novell.com/security/cve/CVE-2010-2519.html
http://support.novell.com/security/cve/CVE-2010-2520.html
http://support.novell.com/security/cve/CVE-2010-2527.html
http://support.novell.com/security/cve/CVE-2010-2541.html
http://support.novell.com/security/cve/CVE-2010-2805.html
http://support.novell.com/security/cve/CVE-2010-3053.html
http://support.novell.com/security/cve/CVE-2010-3054.html
http://support.novell.com/security/cve/CVE-2010-3311.html
http://support.novell.com/security/cve/CVE-2010-3814.html
http://support.novell.com/security/cve/CVE-2010-3855.html
http://support.novell.com/security/cve/CVE-2011-2895.html
http://support.novell.com/security/cve/CVE-2011-3256.html
http://support.novell.com/security/cve/CVE-2011-3439.html
http://support.novell.com/security/cve/CVE-2012-1126.html
http://support.novell.com/security/cve/CVE-2012-1127.html
http://support.novell.com/security/cve/CVE-2012-1129.html
http://support.novell.com/security/cve/CVE-2012-1130.html
http://support.novell.com/security/cve/CVE-2012-1131.html
http://support.novell.com/security/cve/CVE-2012-1132.html
http://support.novell.com/security/cve/CVE-2012-1133.html
http://support.novell.com/security/cve/CVE-2012-1134.html
http://support.novell.com/security/cve/CVE-2012-1135.html
http://support.novell.com/security/cve/CVE-2012-1136.html
http://support.novell.com/security/cve/CVE-2012-1137.html
http://support.novell.com/security/cve/CVE-2012-1138.html
http://support.novell.com/security/cve/CVE-2012-1139.html
http://support.novell.com/security/cve/CVE-2012-1141.html
http://support.novell.com/security/cve/CVE-2012-1142.html
http://support.novell.com/security/cve/CVE-2012-1143.html
https://bugzilla.novell.com/619562
https://bugzilla.novell.com/628213
https://bugzilla.novell.com/629447
https://bugzilla.novell.com/633938
https://bugzilla.novell.com/633943
https://bugzilla.novell.com/635692
https://bugzilla.novell.com/647375
https://bugzilla.novell.com/709851
https://bugzilla.novell.com/728044
https://bugzilla.novell.com/730124
https://bugzilla.novell.com/750937
https://bugzilla.novell.com/750938
https://bugzilla.novell.com/750939
https://bugzilla.novell.com/750940
https://bugzilla.novell.com/750941
https://bugzilla.novell.com/750943
https://bugzilla.novell.com/750945
https://bugzilla.novell.com/750946
https://bugzilla.novell.com/750947
https://bugzilla.novell.com/750948
https://bugzilla.novell.com/750949
https://bugzilla.novell.com/750950
https://bugzilla.novell.com/750951
https://bugzilla.novell.com/750952
https://bugzilla.novell.com/750953
https://bugzilla.novell.com/750955

http://download.novell.com/patch/finder/?keywords=7476e36b394db4aa52c01037bbfd62ee

--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security-announce+help@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages