[sflack-security] freetype (SFSA:2007-109-01)

[sflack-security]  freetype (SFSA:2007-109-01)

New x11 and/or freetype and fontconfig packages are available for
Sflack 11.0, and -current to fix security issues in freetype.
Freetype was packaged with X11 prior to Sflack version 11.0.

More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1351


Here are the details from the Sflack 11.0 ChangeLog:
+--------------------------+
patches/packages/freetype-2.3.4-x86_64-1_sflack11.0.tgz:
Fixed an overflow parsing BDF fonts.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1351
(* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+
Also see the "Get Sflack" section on http://sflack.com for
additional mirror sites near you.

Updated packages for Sflack 11.0:
ftp://ftp.sflack.com/pub/sflack/sflack-11.0/patches/packages/fontconfig-2.4.2-x86_64-1_sflack11.0.tgz
ftp://ftp.sflack.com/pub/sflack/sflack-11.0/patches/packages/freetype-2.3.4-x86_64-1_sflack11.0.tgz
ftp://ftp.sflack.com/pub/sflack/sflack-11.0/patches/packages/x11-7.1-x86_64-3_sflack11.0.tgz
ftp://ftp.sflack.com/pub/sflack/sflack-11.0/patches/packages/x11-devel-7.1-x86_64-3_sflack11.0.tgz
ftp://ftp.sflack.com/pub/sflack/sflack-11.0/patches/packages/x11-xdmx-7.1-x86_64-3_sflack11.0.tgz
ftp://ftp.sflack.com/pub/sflack/sflack-11.0/patches/packages/x11-xnest-7.1-x86_64-3_sflack11.0.tgz
ftp://ftp.sflack.com/pub/sflack/sflack-11.0/patches/packages/x11-xvfb-7.1-x86_64-3_sflack11.0.tgz

Updated package for Sflack -current:
ftp://ftp.sflack.com/pub/sflack/sflack-current/slackware/l/freetype-2.3.4-x86_64-1.tgz


MD5 signatures:
+-------------+
Sflack 11.0 packages:
c1c5b8b10a7f751b8424902c2ea4c448 fontconfig-2.4.2-x86_64-1_sflack11.0.tgz
57685b28062b07a84b1a5f97ad3ec02d freetype-2.3.4-x86_64-1_sflack11.0.tgz
d338e3793691bfe7d54b57792412183a x11-7.1-x86_64-3_sflack11.0.tgz
52122e5f3b3e33d3d4850840d129ba77 x11-devel-7.1-x86_64-3_sflack11.0.tgz
3d315e5bbac4a2a8999d45f0876c6c88 x11-xdmx-7.1-x86_64-3_sflack11.0.tgz
20c2ad2a7b7142a0d6f3ae41bae0c68d x11-xnest-7.1-x86_64-3_sflack11.0.tgz
63175566c24bb907128e1cd230eac513 x11-xvfb-7.1-x86_64-3_sflack11.0.tgz

Sflack -current package:
e37bde7696812341354b94fef81e4b91 freetype-2.3.4-x86_64-1.tgz


Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg fontconfig-2.4.2-x86_64-1_sflack11.0.tgz
freetype-2.3.4-x86_64-1_sflack11.0.tgz x11-7.1-x86_64-3_sflack11.0.tgz
x11-devel-7.1-x86_64-3_sflack11.0.tgz
x11-xdmx-7.1-x86_64-3_sflack11.0.tgz
x11-xnest-7.1-x86_64-3_sflack11.0.tgz
x11-xvfb-7.1-x86_64-3_sflack11.tgz


+-----+

Sflack Linux Security Team
http://sflack.com/gpg-key
security a sflack.com