Ubuntu Security Notice USN-963-1 July 20, 2010
freetype vulnerabilities
CVE-2010-2498, CVE-2010-2499, CVE-2010-2500, CVE-2010-2519,
CVE-2010-2520, CVE-2010-2527
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 9.04
Ubuntu 9.10
Ubuntu 10.04 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
libfreetype6 2.1.10-1ubuntu2.7
Ubuntu 8.04 LTS:
libfreetype6 2.3.5-1ubuntu4.8.04.3
Ubuntu 9.04:
libfreetype6 2.3.9-4ubuntu0.2
Ubuntu 9.10:
libfreetype6 2.3.9-5ubuntu0.1
Ubuntu 10.04 LTS:
libfreetype6 2.3.11-1ubuntu2.1
After a standard system update you need to restart your session to make
all the necessary changes.
Details follow:
Robert ÅwiÄcki discovered that FreeType did not correctly handle certain
malformed font files. If a user were tricked into using a specially crafted
font file, a remote attacker could execute arbitrary code with user
privileges.