首页 -> 安全研究
安全研究
安全漏洞
FreeType LWFN文件处理远程缓冲区溢出漏洞
发布日期:2006-05-19
更新日期:2006-11-17
受影响系统:
FreeType FreeType < 2.2.1不受影响系统:
VMWare ESX Server 2.5.4
VMWare ESX Server 2.5.3
VMWare ESX Server 2.1.3
VMWare ESX Server 2.0.2
FreeType FreeType 2.2.1描述:
BUGTRAQ ID: 18034
CVE(CAN) ID: CVE-2006-1861,CVE-2006-3467
FreeType是一个流行的字体函数库。
FreeType在处理PCF字体时存在整数溢出,远程攻击者可能利用此漏洞在用户机器上执行任意指令。
如果用户受骗使用链接到FreeType的应用程序加载了特制的字体文件的话,就会导致拒绝服务或执行任意代码。
<*来源:Chris Evans (chris@ferret.lmh.ox.ac.uk)
链接:http://secunia.com/advisories/22907/
http://secunia.com/advisories/22875/
http://www.debian.org/security/2006/dsa-1193
http://www.debian.org/security/2006/dsa-1178
http://www.auscert.org.au/render.html?it=6500
http://lwn.net/Alerts/196519
http://lwn.net/Alerts/196520
ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U.asc
http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-26-102714-1
https://www.redhat.com/support/errata/RHSA-2009-0329.html
https://www.redhat.com/support/errata/RHSA-2009-1062.html
http://www.gentoo.org/security/en/glsa/glsa-201006-01.xml
*>
建议:
厂商补丁:
Debian
------
Debian已经为此发布了一个安全公告(DSA-1178-1)以及相应补丁:
DSA-1178-1:New freetype packages fix execution of arbitrary code
链接:http://www.debian.org/security/2005/dsa-1178
补丁下载:
Source archives:
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.1.7-6.dsc
Size/MD5 checksum: 754 76dbe18b57a53fac328a1f8e00f54bd0
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.1.7-6.diff.gz
Size/MD5 checksum: 57568 860e9383bba7d853ce6f758c239e89ed
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.1.7.orig.tar.gz
Size/MD5 checksum: 1245623 991ff86e88b075ba363e876f4ea58680
Alpha architecture:
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-6_alpha.deb
Size/MD5 checksum: 88180 697811d9160b950b3d73682701f14e3c
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-6_alpha.deb
Size/MD5 checksum: 422838 635b31efebdb8fb192f7ee717a5e79f1
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-6_alpha.deb
Size/MD5 checksum: 784368 3d90ddefa034bae14101e1f9057efda7
AMD64 architecture:
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-6_amd64.deb
Size/MD5 checksum: 76242 73b70a41effc140791d6b58cf8d3a103
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-6_amd64.deb
Size/MD5 checksum: 390236 6b1c46c525b13bf78e6aa6adfe876300
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-6_amd64.deb
Size/MD5 checksum: 723742 e8cfab359664bd05c9606e21b632c9d6
ARM architecture:
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-6_arm.deb
Size/MD5 checksum: 58734 5535bb49abfbdb3a9add023c2f21fe07
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-6_arm.deb
Size/MD5 checksum: 352880 7dcc3438f6e69b8956244f3946038897
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-6_arm.deb
Size/MD5 checksum: 714518 6cae07f317c33b3f2f5de4e6209b3154
HP Precision architecture:
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-6_hppa.deb
Size/MD5 checksum: 80772 94c00e9be0020ec69779bb2961dedcc2
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-6_hppa.deb
Size/MD5 checksum: 407420 32967b0b193f09fdbfcf1a0f55cff736
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-6_hppa.deb
Size/MD5 checksum: 734434 7cb208545154507cf3462af986575e35
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-6_i386.deb
Size/MD5 checksum: 63190 5c65822f534a53c3f88c72cc32253f37
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-6_i386.deb
Size/MD5 checksum: 364858 555ba61fec5d41a3759f08bc330b9dff
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-6_i386.deb
Size/MD5 checksum: 695074 81249aa29df653e228162b59f55da8a3
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-6_ia64.deb
Size/MD5 checksum: 102616 8cfcca90b20054ab717d669c1109166c
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-6_ia64.deb
Size/MD5 checksum: 493792 eea2110b00ae876e0621365278628865
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-6_ia64.deb
Size/MD5 checksum: 844018 2351fd3f7be66cea09bb68ae99407805
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-6_m68k.deb
Size/MD5 checksum: 43862 a0ad63b48cef0fcd6d620e9eea56dcfd
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-6_m68k.deb
Size/MD5 checksum: 359672 e66cdcceff0149866934d8330a10be7f
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-6_m68k.deb
Size/MD5 checksum: 678786 2c12367dd397823d71c58ecc4db0f4a5
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-6_mips.deb
Size/MD5 checksum: 91804 d14ecf530fa28216f71937d98baaaab6
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-6_mips.deb
Size/MD5 checksum: 384572 5dde54f093153caa592e20757e478199
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-6_mips.deb
Size/MD5 checksum: 742438 d0bcd379d23db5f38f7718f4337d3227
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-6_mipsel.deb
Size/MD5 checksum: 91522 9c36563692b17dcfc1a98c3e8d7e97ab
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-6_mipsel.deb
Size/MD5 checksum: 376512 ceed1298a93acb941d3c0af2c282764e
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-6_mipsel.deb
Size/MD5 checksum: 735774 fd948760267718e195c78dd2e24215f2
PowerPC architecture:
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-6_powerpc.deb
Size/MD5 checksum: 81976 8fcc45ef341f6c9eb0e62f0b33f0b00a
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-6_powerpc.deb
Size/MD5 checksum: 379578 eaf219ba8b48fcce91c5118188c0b418
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-6_powerpc.deb
Size/MD5 checksum: 730094 a6d4471fdd1f7ad1f5f625b35d1f79ed
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-6_s390.deb
Size/MD5 checksum: 76228 ac7a5773d28f83d09d0e0918916e8ddf
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-6_s390.deb
Size/MD5 checksum: 400188 d93224537dea195ad6d642d6b1bd0cfd
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-6_s390.deb
Size/MD5 checksum: 752482 ca8df04a75ef0a814b5cad469b9ad024
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-6_sparc.deb
Size/MD5 checksum: 68420 1cd0b5cc3fcb62ac0ef639467fba9ebc
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-6_sparc.deb
Size/MD5 checksum: 364098 95e28187528ecd25b87a6ad7475c056b
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-6_sparc.deb
Size/MD5 checksum: 699966 8cf12c5209c6ff1d703166a638e5775d
补丁安装方法:
1. 手工安装补丁包:
首先,使用下面的命令来下载补丁软件:
# wget url (url是补丁下载链接地址)
然后,使用下面的命令来安装补丁:
# dpkg -i file.deb (file是相应的补丁名)
2. 使用apt-get自动安装补丁包:
首先,使用下面的命令更新内部数据库:
# apt-get update
然后,使用下面的命令安装更新软件包:
# apt-get upgrade
RedHat
------
RedHat已经为此发布了一个安全公告(RHSA-2009:1062-01)以及相应补丁:
RHSA-2009:1062-01:Important: freetype security update
链接:https://www.redhat.com/support/errata/RHSA-2009-1062.html
SGI
---
SGI已经为此发布了一个安全公告(20060701-01-U)以及相应补丁:
20060701-01-U:SGI Advanced Linux Environment 3 Security Update #60
链接:ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U.asc
Sun
---
Sun已经为此发布了一个安全公告(Sun-Alert-102714)以及相应补丁:
Sun-Alert-102714:Security Vulnerability With Integer Multiplication Within libXfont Affects Solaris X11 Servers
链接:http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-26-102714-1
VMWare
------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://www.vmware.com/download/esx/esx-253-200610-patch.html
http://www.vmware.com/download/esx/esx-254-200610-patch.html
http://www.vmware.com/download/esx/esx-213-200610-patch.html
http://www.vmware.com/download/esx/esx-202-200610-patch.html
Gentoo
------
Gentoo已经为此发布了一个安全公告(GLSA 201006-01)以及相应补丁:
GLSA 201006-01:FreeType 1: User-assisted execution of arbitrary code
链接:http://www.gentoo.org/security/en/glsa/glsa-201006-01.xml
FreeType
--------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://prdownloads.sourceforge.net/freetype/freetype-2.2.1.tar.bz2?download
浏览次数:3437
严重程度:0(网友投票)
绿盟科技给您安全的保障