Risks
Slackware Security Advisory - freetype (SSA:2013-015-01)
[slackware-security] freetype (SSA:2013-015-01)
New freetype packages are available for Slackware 12.1, 12.2, 13.0, 13.1,
13.37, 14.0, and -current to fix security issues.
Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/freetype-2.4.11-i486-1_slack14.0.txz: Upgraded.
This release fixes several security bugs that could cause freetype to
crash or run programs upon opening a specially crafted file.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5668
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5669
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5670
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 12.1:
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/freetype-2.4.11
-i486-1_slack12.1.tgz
Updated package for Slackware 12.2:
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/freetype-2.4.11
-i486-1_slack12.2.tgz
Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/freetype-2.4.11
-i486-1_slack13.0.txz
Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/freetype-2.4.
11-x86_64-1_slack13.0.txz
Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/freetype-2.4.11
-i486-1_slack13.1.txz
Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/freetype-2.4.
11-x86_64-1_slack13.1.txz
Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/freetype-2.4.1
1-i486-1_slack13.37.txz
Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/freetype-2.4
.11-x86_64-1_slack13.37.txz
Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/freetype-2.4.11
-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/freetype-2.4.
11-x86_64-1_slack14.0.txz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/freetype-2.4.11-i
486-1.txz
Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/freetype-2.4.
11-x86_64-1.txz
MD5 signatures:
+-------------+
Slackware 12.1 package:
4d5295c13a8a4499d0adf3999b3de868 freetype-2.4.11-i486-1_slack12.1.tgz
Slackware 12.2 package:
fd6d0cb912feb28ca1e4ef5afaf4e374 freetype-2.4.11-i486-1_slack12.2.tgz
Slackware 13.0 package:
2d36e3d0feabecf05377265bba7fb212 freetype-2.4.11-i486-1_slack13.0.txz
Slackware x86_64 13.0 package:
396fbce466003efe9943b727c3fc8781 freetype-2.4.11-x86_64-1_slack13.0.txz
Slackware 13.1 package:
9e3a839ad4e10824f5e3c4d4ab929787 freetype-2.4.11-i486-1_slack13.1.txz
Slackware x86_64 13.1 package:
e4f445a443e2c35349f2862c69ac094e freetype-2.4.11-x86_64-1_slack13.1.txz
Slackware 13.37 package:
9eae4d85099556bd0cf83b2421e751cd freetype-2.4.11-i486-1_slack13.37.txz
Slackware x86_64 13.37 package:
0480a082207c0cd323c3937ac36e043a freetype-2.4.11-x86_64-1_slack13.37.txz
Slackware 14.0 package:
5a105c177d2efc56ad13cac3a4e8da10 freetype-2.4.11-i486-1_slack14.0.txz
Slackware x86_64 14.0 package:
e07e161d4b9018cc8b8d5cbb98c8b2c5 freetype-2.4.11-x86_64-1_slack14.0.txz
Slackware -current package:
10fa0b771447a25afe289f0e5f4785f6 l/freetype-2.4.11-i486-1.txz
Slackware x86_64 -current package:
d560da3a4928881d89d19ccdafd94e25 l/freetype-2.4.11-x86_64-1.txz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg freetype-2.4.11-i486-1_slack14.0.txz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
Spotlight
Is it time to professionalize information security?
Posted on 23 May 2013. | The issue of whether or not information security professionals should be licensed to practice has already been the topic of many a passionate debate.
Review: Logging and Log Management
Posted on 22 May 2013. | Every security practitioner should be aware of the overwhelming advantages of logging and perusing logs for discovering system intrusions. But logging and log management comes with its own set of difficulties.
Experts highlight top data breach vulnerabilities
Posted on 22 May 2013. | Hidden vulnerabilities lie in everyday activities that can expose personal information and lead to data breach, including buying gas with a credit card or wearing a pacemaker.
A closer look at Mega cloud storage
Posted on 21 May 2013. | Once a novelty, nowadays many cloud storage services are fighting for their piece of the market in the virtual world. Mega offers 50GB of free space with great pricing on Pro accounts.
The CSO perspective on healthcare security and compliance
Posted on 20 May 2013. | Randall Gamby is the CSO of the Medicaid Information Service Center of New York. In this interview he discusses healthcare security and compliance challenges and offers a variety of tips.
Daily digest
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
Weekly newsletter
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
