USN-767-1: FreeType vulnerability

27 April 2009

FreeType vulnerability

Releases

Packages

  • freetype -

Details

Tavis Ormandy discovered that FreeType did not correctly handle certain
large values in font files. If a user were tricked into using a specially
crafted font file, a remote attacker could execute arbitrary code with user
privileges.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 9.04
Ubuntu 8.10
Ubuntu 8.04
Ubuntu 6.06

After a standard system upgrade you need to restart your session to effect
the necessary changes.

References