Security Alert: Red hat / CentOS Linux Freetype Various Security Issues

in Categories CentOS, Links, Linux distribution, News, RedHat/Fedora Linux, Security Alert last updated May 21, 2008

Red hat issued important security update for freetype package that that fix various security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. Multiple flaws were discovered in FreeType’s Printer Font Binary (PFB) font-file format parser. If a user loaded a carefully crafted font-file with a program linked against FreeType, it could cause the application to crash, or possibly execute arbitrary code

The FreeType engine is a free and portable font rendering engine, developed to provide advanced font support for a variety of platforms and environments. FreeType is a library which can open and manages font files as well as efficiently load, hint and render individual glyphs. FreeType is not a font server or a complete text-rendering library.

How do I fix this issue?

Simply type the following command at a shell promot:
# yum update
Sample output:

Loading "rhnplugin" plugin
Loading "security" plugin
rhel-x86_64-server-vt-5   100% |=========================| 1.2 kB    00:00
rhel-x86_64-server-5      100% |=========================| 1.2 kB    00:00
Skipping security plugin, no data
Setting up Update Process
Resolving Dependencies
Skipping security plugin, no data
--> Running transaction check
---> Package freetype.i386 0:2.2.1-20.el5_2 set to be updated
---> Package freetype.x86_64 0:2.2.1-20.el5_2 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

=============================================================================
 Package                 Arch       Version          Repository        Size
=============================================================================
Updating:
 freetype                i386       2.2.1-20.el5_2   rhel-x86_64-server-5  313 k
 freetype                x86_64     2.2.1-20.el5_2   rhel-x86_64-server-5  311 k

Transaction Summary
=============================================================================
Install      0 Package(s)
Update       2 Package(s)
Remove       0 Package(s)

Total download size: 624 k
Is this ok [y/N]: y
Downloading Packages:
(1/2): freetype-2.2.1-20. 100% |=========================| 311 kB    00:00
(2/2): freetype-2.2.1-20. 100% |=========================| 313 kB    00:00
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Updating  : freetype                     ######################### [1/4]
  Updating  : freetype                     ######################### [2/4]
  Cleanup   : freetype                     ######################### [3/4]
  Cleanup   : freetype                     ######################### [4/4]

Updated: freetype.i386 0:2.2.1-20.el5_2 freetype.x86_64 0:2.2.1-20.el5_2

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.

Share this on (or read 0 comments/add one below):