Bug 3171

Summary: CVE-2011-3256: FreeType FT_Bitmap_New integer overflow to buffer overflow, FreeType TT_Vary_Get_Glyph_Deltas improper input validation
Product: Mageia Reporter: Nicolas Vigier <boklm>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: Normal CC: davidwhodgins, dmorganec, fundawang, sysadmin-bugs, tmb
Version: 1Keywords: validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: freetype CVE:
Status comment:

Description Nicolas Vigier 2011-10-24 22:45:03 CEST 
From redhat bugzilla :
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3256

Common Vulnerabilities and Exposures assigned an identifier CVE-2011-3256 to
the following vulnerability:

FreeType in CoreGraphics in Apple iOS before 5 allows remote attackers to
execute arbitrary code or cause a denial of service (memory corruption) via a
crafted font.

References:
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3256
[2] http://support.apple.com/kb/HT4999
[3] http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html

Relevant upstream patch:
[4]
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=9c98fbf634a83c6ea286395f0e788956eafd5aeb

Corrected in v2.4.7 upstream release:
[5] http://sourceforge.net/projects/freetype/files/freetype2/2.4.7/README/view
[6] http://freetype.sourceforge.net/index2.html#release-freetype-2.4.7
Comment 1 Manuel Hiebel 2011-10-25 12:23:34 CEST 
As there is no maintainer of this package I add the commiters in CC.

CC: (none) => anssi.hannula, fundawang, mageia, tmb

Comment 2 Manuel Hiebel 2011-10-26 12:37:04 CEST 
I see an update in testing, is the package ready for the QA ?

http://www.mageia.org/wiki/doku.php?id=updates_policy#roles
Comment 3 Funda Wang 2011-10-26 14:35:16 CEST 
(In reply to comment #2)
> I see an update in testing, is the package ready for the QA ?
Yes, please test it
D Morgan 2011-10-26 14:40:14 CEST

CC: (none) => dmorganec
Assignee: bugsquad => qa-bugs

Manuel Hiebel 2011-10-26 14:56:42 CEST

CC: anssi.hannula, mageia, tmb => (none)

Comment 4 Nicolas Vigier 2011-10-26 15:47:04 CEST 
Both versions from core and nonfree need to be tested.
Comment 5 Dave Hodgins 2011-10-27 01:06:07 CEST 
Testing complete on i586 for the srpms
freetype2-2.4.4-5.3.mga1.src.rpm
freetype2-2.4.4-5.3.mga1.tainted.src.rpm

Testing done with xpdf.

CC: (none) => davidwhodgins

Comment 6 claire robinson 2011-10-28 11:00:32 CEST 
Tested OK x86_64 xpdf

Update validated.

Advisory
-------------------
Common Vulnerabilities and Exposures assigned an identifier CVE-2011-3256 to
the following vulnerability:

FreeType in CoreGraphics in Apple iOS before 5 allows remote attackers to
execute arbitrary code or cause a denial of service (memory corruption) via a
crafted font.

References:
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3256
[2] http://support.apple.com/kb/HT4999
[3] http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html
-------------------

SRPM's
------

freetype2-2.4.4-5.3.mga1.src.rpm
freetype2-2.4.4-5.3.mga1.tainted.src.rpm

Could sysadmin please push from core & tainted testing to updates.

Thankyou!

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 7 Thomas Backlund 2011-10-28 11:17:11 CEST 
Update pushed.

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED