3171 – CVE-2011-3256: FreeType FT_Bitmap_New integer overflow to buffer overflow, FreeType TT_Vary_Get_Glyph_Deltas improper input validation

Bug 3171 - CVE-2011-3256: FreeType FT_Bitmap_New integer overflow to buffer overflow, FreeType TT_Vary_Get_Glyph_Deltas improper input validation

Summary: CVE-2011-3256: FreeType FT_Bitmap_New integer overflow to buffer overflow, Fr...

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	1
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:

URL:
Whiteboard:
Keywords:	validated_update

Depends on:
Blocks:

Reported:	2011-10-24 22:45 CEST by Nicolas Vigier
Modified:	2011-10-28 11:17 CEST (History)
CC List:	5 users (show)

See Also:
Source RPM:	freetype
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Vigier 2011-10-24 22:45:03 CEST

From redhat bugzilla :
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3256

Common Vulnerabilities and Exposures assigned an identifier CVE-2011-3256 to
the following vulnerability:

FreeType in CoreGraphics in Apple iOS before 5 allows remote attackers to
execute arbitrary code or cause a denial of service (memory corruption) via a
crafted font.

References:
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3256
[2] http://support.apple.com/kb/HT4999
[3] http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html

Relevant upstream patch:
[4]
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=9c98fbf634a83c6ea286395f0e788956eafd5aeb

Corrected in v2.4.7 upstream release:
[5] http://sourceforge.net/projects/freetype/files/freetype2/2.4.7/README/view
[6] http://freetype.sourceforge.net/index2.html#release-freetype-2.4.7

Comment 1 Manuel Hiebel 2011-10-25 12:23:34 CEST

As there is no maintainer of this package I add the commiters in CC.

CC: (none) => anssi.hannula, fundawang, mageia, tmb

Comment 2 Manuel Hiebel 2011-10-26 12:37:04 CEST

I see an update in testing, is the package ready for the QA ?

http://www.mageia.org/wiki/doku.php?id=updates_policy#roles

Comment 3 Funda Wang 2011-10-26 14:35:16 CEST

(In reply to comment #2)
> I see an update in testing, is the package ready for the QA ?
Yes, please test it

D Morgan 2011-10-26 14:40:14 CEST

CC: (none) => dmorganec
Assignee: bugsquad => qa-bugs

Manuel Hiebel 2011-10-26 14:56:42 CEST

CC: anssi.hannula, mageia, tmb => (none)

Comment 4 Nicolas Vigier 2011-10-26 15:47:04 CEST

Both versions from core and nonfree need to be tested.

Comment 5 Dave Hodgins 2011-10-27 01:06:07 CEST

Testing complete on i586 for the srpms
freetype2-2.4.4-5.3.mga1.src.rpm
freetype2-2.4.4-5.3.mga1.tainted.src.rpm

Testing done with xpdf.

CC: (none) => davidwhodgins

Comment 6 claire robinson 2011-10-28 11:00:32 CEST

Tested OK x86_64 xpdf

Update validated.

Advisory
-------------------
Common Vulnerabilities and Exposures assigned an identifier CVE-2011-3256 to
the following vulnerability:

FreeType in CoreGraphics in Apple iOS before 5 allows remote attackers to
execute arbitrary code or cause a denial of service (memory corruption) via a
crafted font.

References:
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3256
[2] http://support.apple.com/kb/HT4999
[3] http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html
-------------------

SRPM's
------

freetype2-2.4.4-5.3.mga1.src.rpm
freetype2-2.4.4-5.3.mga1.tainted.src.rpm

Could sysadmin please push from core & tainted testing to updates.

Thankyou!

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 7 Thomas Backlund 2011-10-28 11:17:11 CEST

Update pushed.

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.