Security Alert: Red hat / CentOS Linux Freetype Various Security Issues
Red hat issued important security update for freetype package that that fix various security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. Multiple flaws were discovered in FreeType's Printer Font Binary (PFB) font-file format parser. If a user loaded a carefully crafted font-file with a program linked against FreeType, it could cause the application to crash, or possibly execute arbitrary code
The FreeType engine is a free and portable font rendering engine, developed to provide advanced font support for a variety of platforms and environments. FreeType is a library which can open and manages font files as well as efficiently load, hint and render individual glyphs. FreeType is not a font server or a complete text-rendering library.
How do I fix this issue?
Simply type the following command at a shell promot:
# yum update
Sample output:
Loading "rhnplugin" plugin Loading "security" plugin rhel-x86_64-server-vt-5 100% |=========================| 1.2 kB 00:00 rhel-x86_64-server-5 100% |=========================| 1.2 kB 00:00 Skipping security plugin, no data Setting up Update Process Resolving Dependencies Skipping security plugin, no data --> Running transaction check ---> Package freetype.i386 0:2.2.1-20.el5_2 set to be updated ---> Package freetype.x86_64 0:2.2.1-20.el5_2 set to be updated --> Finished Dependency Resolution Dependencies Resolved ============================================================================= Package Arch Version Repository Size ============================================================================= Updating: freetype i386 2.2.1-20.el5_2 rhel-x86_64-server-5 313 k freetype x86_64 2.2.1-20.el5_2 rhel-x86_64-server-5 311 k Transaction Summary ============================================================================= Install 0 Package(s) Update 2 Package(s) Remove 0 Package(s) Total download size: 624 k Is this ok [y/N]: y Downloading Packages: (1/2): freetype-2.2.1-20. 100% |=========================| 311 kB 00:00 (2/2): freetype-2.2.1-20. 100% |=========================| 313 kB 00:00 Running rpm_check_debug Running Transaction Test Finished Transaction Test Transaction Test Succeeded Running Transaction Updating : freetype ######################### [1/4] Updating : freetype ######################### [2/4] Cleanup : freetype ######################### [3/4] Cleanup : freetype ######################### [4/4] Updated: freetype.i386 0:2.2.1-20.el5_2 freetype.x86_64 0:2.2.1-20.el5_2
You may also be interested in other helpful articles:
- Linux: Howto install truetype (freetype) and Msttcorefonts fonts
- Postfix Mail Server Security Update [moderate security impact]
- Firefox 1.5.0.7 released and available for download
- Download of the day: Firefox 2.0.0.2
- Security Update for Red Hat Linux Kernel
Leave a Reply
We encourage your comments, and suggestions. But please stay on topic, be polite, and avoid spam. Thank you very much for stopping by our site!
Tags: arbitrary code, bug, CentOS, CVE-2008-1806, CVE-2008-1807, CVE-2008-1808, enterprise linux, Linux, red hat enterprise, rhel, rpm, Security, security issue, Update
Recent Comments
Today ~ 15 Comments
Today ~ 51 Comments
Today ~ 4 Comments
Today ~ 14 Comments
Today ~ 8 Comments