========================================================================== Ubuntu Security Notice USN-1267-1 November 18, 2011 freetype vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS Summary: FreeType could be made to crash or run programs as your login if it opened a specially crafted font file. Software Description: - freetype: FreeType 2 is a font engine library Details: It was discovered that FreeType did not correctly handle certain malformed Type 1 font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. (CVE-2011-3256) It was discovered that FreeType did not correctly handle certain malformed CID-keyed PostScript font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. (CVE-2011-3439) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: libfreetype6 2.4.4-2ubuntu1.1 Ubuntu 11.04: libfreetype6 2.4.4-1ubuntu2.2 Ubuntu 10.10: libfreetype6 2.4.2-2ubuntu0.3 Ubuntu 10.04 LTS: libfreetype6 2.3.11-1ubuntu2.5 Ubuntu 8.04 LTS: libfreetype6 2.3.5-1ubuntu4.8.04.7 After a standard system update you need to restart your session to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1267-1 CVE-2011-3256, CVE-2011-3439 Package Information: https://launchpad.net/ubuntu/+source/freetype/2.4.4-2ubuntu1.1 https://launchpad.net/ubuntu/+source/freetype/2.4.4-1ubuntu2.2 https://launchpad.net/ubuntu/+source/freetype/2.4.2-2ubuntu0.3 https://launchpad.net/ubuntu/+source/freetype/2.3.11-1ubuntu2.5 https://launchpad.net/ubuntu/+source/freetype/2.3.5-1ubuntu4.8.04.7