Ubuntu Security Notice USN-972-1 August 17, 2010
freetype vulnerabilities
CVE-2010-1797, CVE-2010-2541, CVE-2010-2805, CVE-2010-2806,
CVE-2010-2807, CVE-2010-2808
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 9.04
Ubuntu 9.10
Ubuntu 10.04 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
libfreetype6 2.1.10-1ubuntu2.8
Ubuntu 8.04 LTS:
libfreetype6 2.3.5-1ubuntu4.8.04.4
Ubuntu 9.04:
libfreetype6 2.3.9-4ubuntu0.3
Ubuntu 9.10:
libfreetype6 2.3.9-5ubuntu0.2
Ubuntu 10.04 LTS:
libfreetype6 2.3.11-1ubuntu2.2
After a standard system update you need to restart your session to make
all the necessary changes.
Details follow:
It was discovered that FreeType did not correctly handle certain malformed
font files. If a user were tricked into using a specially crafted font
file, a remote attacker could cause FreeType to crash or possibly execute
arbitrary code with user privileges.