The Mandriva Security Team published a new security update for Mandriva Linux. Here the announcement:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2007:081-1
http://www.mandriva.com/security/
_______________________________________________________________________
Package : freetype2
Date : April 10, 2007
Affected: 2007.1
_______________________________________________________________________
Problem Description:
iDefense integer overflows in the way freetype handled various font
files. A malicious local user could exploit these issues to potentially
execute arbitrary code.
Updated packages have been patched to correct this issue.
Update:
Packages for Mandriva Linux 2007.1 are now available.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1351
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.1:
b6d65fcc62754bd1400e90efa49e6679 2007.1/i586/libfreetype6-2.3.1-3.1mdv2007.1.i586.rpm
142d11543d5db9880c9db97b99595559 2007.1/i586/libfreetype6-devel-2.3.1-3.1mdv2007.1.i586.rpm
bfc535d187f868751ed2460f3de01e53 2007.1/i586/libfreetype6-static-devel-2.3.1-3.1mdv2007.1.i586.rpm
81a51e662770f7d91ff92b6ae53211af 2007.1/SRPMS/freetype2-2.3.1-3.1mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
3323e12c0ac539c7bc6b7f6ead647f7e 2007.1/x86_64/lib64freetype6-2.3.1-3.1mdv2007.1.x86_64.rpm
c9c6db8da9895b96eb074ffb09f2383e 2007.1/x86_64/lib64freetype6-devel-2.3.1-3.1mdv2007.1.x86_64.rpm
87f48e86ee449bbba06fd0159c6c34af 2007.1/x86_64/lib64freetype6-static-devel-2.3.1-3.1mdv2007.1.x86_64.rpm
81a51e662770f7d91ff92b6ae53211af 2007.1/SRPMS/freetype2-2.3.1-3.1mdv2007.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGG9yumqjQ0CJFipgRAj2LAKDxahKXOhYOpS6JZ1he0FMxfbuQJgCgif5j
Hfcfrg4ZKpE/LPNAxnuUE0E=
=hw7N
-----END PGP SIGNATURE-----