496623565 On Jan 15, 2012 4:26 AM, "Yves-Alexis Perez" <[email protected]> wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > - ------------------------------------------------------------------------- > Debian Security Advisory DSA-2388-1 [email protected] > http://www.debian.org/security/ Yves-Alexis Perez > January 14, 2012 http://www.debian.org/security/faq > - ------------------------------------------------------------------------- > > Package : t1lib > Vulnerability : several > Problem type : local > Debian-specific: no > CVE ID : CVE-2010-2642 CVE-2011-0433 CVE-2011-0764 CVE-2011-1552 > CVE-2011-1553 CVE-2011-1554 > Debian Bug : 652996 > > Several vulnerabilities were discovered in t1lib, a Postscript Type 1 > font rasterizer library, some of which might lead to code execution > through the opening of files embedding bad fonts. > > CVE-2010-2642 > A heap-based buffer overflow in the AFM font metrics parser > potentially leads to the execution of arbitrary code. > > CVE-2011-0433 > Another heap-based buffer overflow in the AFM font metrics > parser potentially leads to the execution of arbitrary code. > > CVE-2011-0764 > An invalid pointer dereference allows execution of arbitrary > code using crafted Type 1 fonts. > > CVE-2011-1552 > Another invalid pointer dereference results in an application > crash, triggered by crafted Type 1 fonts. > > CVE-2011-1553 > A use-after-free vulnerability results in an application > crash, triggered by crafted Type 1 fonts. > > CVE-2011-1554 > An off-by-one error results in an invalid memory read and > application crash, triggered by crafted Type 1 fonts. > > For the oldstable distribution (lenny), this problem has been fixed in > version 5.1.2-3+lenny1. > > For the stable distribution (squeeze), this problem has been fixed in > version 5.1.2-3+squeeze1. > > For the testing distribution (wheezy), this problem has been fixed in > version 5.1.2-3.3. > > For the unstable distribution (sid), this problem has been fixed in > version 5.1.2-3.3. > > We recommend that you upgrade your t1lib packages. > > Further information about Debian Security Advisories, how to apply > these updates to your system and frequently asked questions can be > found at: http://www.debian.org/security/ > > Mailing list: [email protected] > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > > iQEcBAEBAgAGBQJPEqtaAAoJEL97/wQC1SS++s4H/1V+Q5spiTcrjuLqFrwyljqz > YtEtm2jVuZKNJwXmntLA3hpyO6cAbw7yZVfimcJagGb7Vc8PkeCR4L+U7Hl7FGk2 > 4QELdzlMYeM7bJdchBmrmrv0Jd7jhqAek4MMO2gMJyaNxDwnjvWpjWtf1wYzPlJ5 > 3kopGxF0nKf47IsFd6fFwu5mkCl+RwhG5b0JVuyPYqxr2ir64iS3rcMIxCS3yBOc > IgYhNwNW+WQaJP5MwXelLnzkKJJGmugk9SrLaazVlIRGOXu34RZfziByxbQQQCF6 > jGKm2L9ZcWfkDBHsoldEyP1J3WQLNUEqyxzLEib78D/28jEiuAu0GWNCkE+sO78= > =uEYD > -----END PGP SIGNATURE----- > > > -- > To UNSUBSCRIBE, email to [email protected] > with a subject of "unsubscribe". Trouble? Contact > [email protected] > Archive: http://lists.debian.org/[email protected] > >
