Date: Mon, 23 Jun 2008 18:09:14 -0700 (PDT) From: Nick Barkas <snb@threerings.net> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/124917: [patch] security/vuxml add vulnerabilities for freetype2 < 2.3.6 Message-ID: <20080624010914.28A2961DF9@smtp.earth.threerings.net> Resent-Message-ID: <200806240110.m5O1A23L019536@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 124917 >Category: ports >Synopsis: [patch] security/vuxml add vulnerabilities for freetype2 < 2.3.6 >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Tue Jun 24 01:10:01 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Nick Barkas >Release: FreeBSD 6.3-RELEASE-p2 i386 >Organization: Three Rings Design >Environment: System: FreeBSD mail1.earth.threerings.net 6.3-RELEASE-p2 FreeBSD 6.3-RELEASE-p2 #3: Sat May 31 19:44:03 PDT 2008 root@mail1.earth.threerings.net:/usr/obj/usr/src/sys/SMP i386 >Description: FreeType below 2.3.6 has multiple vulnerabilities. This patch adds a VuXML entry to document those. >How-To-Repeat: >Fix: --- vuxml.patch begins here --- --- vuln.xml.orig 2008-06-22 14:08:08.000000000 -0700 +++ vuln.xml 2008-06-23 18:02:59.000000000 -0700 @@ -34,6 +34,58 @@ --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="8ae3e5bb-4186-11dd-8a7c-00304835b4b2"> + <topic>FreeType 2 -- Multiple Vulnerabilities</topic> + <affects> + <package> + <name>freetype2</name> + <range><lt>2.3.6</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <blockquote cite="http://secunia.com/advisories/30600">; + <ul> + <li>An integer overflow error exists in the processing of PFB font + files. This can be exploited to cause a heap-based buffer overflow + via a PFB file containing a specially crafted "Private" dictionary + table.</li> + <li>An error in the processing of PFB font files can be exploited to + trigger the "free()" of memory areas that are not allocated on the + heap.</li> + <li>An off-by-one error exists in the processing of PFB font files. + This can be exploited to cause a one-byte heap-based buffer + overflow via a specially crafted PFB file.</li> + <li>An off-by-one error exists in the implementation of the "SHC" + instruction while processing TTF files. This can be exploited to + cause a one-byte heap-based buffer overflow via a specially + crafted TTF file.</li> + </ul> + <p>Successful exploitation of the vulnerabilities may allow execution + of arbitrary code.</p> + </blockquote> + </body> + </description> + <references> + <bid>29637</bid> + <bid>29639</bid> + <bid>29640</bid> + <bid>29641</bid> + <cvename>CVE-2008-1806</cvename> + <cvename>CVE-2008-1807</cvename> + <cvename>CVE-2008-1808</cvename> + <url>http://secunia.com/advisories/30600</url>; + <url>http://sourceforge.net/project/shownotes.php?release_id=605780</url>; + <url>http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=715</url>; + <url>http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=716</url>; + <url>http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=717</url>; + </references> + <dates> + <discovery>2008-06-10</discovery> + <entry>2008-06-23</entry> + </dates> + </vuln> + <vuln vid="ee6fa2bd-406a-11dd-936a-0015af872849"> <topic>php -- input validation error in posix_access function</topic> <affects> --- vuxml.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080624010914.28A2961DF9>