[SECURITY] Fedora 7 Update: t1lib-5.1.1-3.fc7
updates at fedoraproject.org
updates at fedoraproject.org
Fri Sep 28 21:21:43 UTC 2007
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-2343
2007-09-28 21:21:40.573461
--------------------------------------------------------------------------------
Name : t1lib
Product : Fedora 7
Version : 5.1.1
Release : 3.fc7
URL : ftp://sunsite.unc.edu/pub/Linux/libs/graphics
Summary : PostScript Type 1 font rasterizer
Description :
T1lib is a rasterizer library for Adobe Type 1 Fonts. It supports
rotation and transformation, kerning underlining and antialiasing. It
does not depend on X11, but does provides some special functions for
X11.
AFM-files can be generated from Type 1 font files and font subsetting
is possible.
--------------------------------------------------------------------------------
Update Information:
This is most likely not exploitable on Fedora, due to FORTIFY_SOURCE protection, as the overflow is strcat() call which is protected.
This update has a patch that avoids the call where the overflow would occur.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 27 2007 José Matos <jamatos[AT]fc.up.pt> - 5.1.1-3
- Apply patch to fix CVE-2007-4033
* Tue Aug 28 2007 José Matos <jamatos[AT]fc.up.pt> - 5.1.1-2
- License fix, rebuild for devel (F8).
* Thu Jun 7 2007 José Matos <jamatos[AT]fc.up.pt> - 5.1.1-1
- Update to 5.1.1.
- Remove t1lib-5.1.0-destdir.patch (applied upstream).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #303021 - CVE-2007-4033 Buffer overflow in t1lib triggerable by long filename string
https://bugzilla.redhat.com/show_bug.cgi?id=303021
[ 2 ] CVE-2007-4033
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4033
--------------------------------------------------------------------------------
Updated packages:
81bdcde6dbf9b9e4130544fd2493434671c1fee2 t1lib-debuginfo-5.1.1-3.fc7.ppc64.rpm
c64f11e4f89f6b065ec0a6d236e9e2df4cc03c60 t1lib-devel-5.1.1-3.fc7.ppc64.rpm
b2d8aca754e8ac5d1345b509a24e0b47780dc221 t1lib-5.1.1-3.fc7.ppc64.rpm
4175603f9f32a2c5a2bcf3f528225e4c64a1f10b t1lib-devel-5.1.1-3.fc7.i386.rpm
6547e77817fe39768d94ebba3b704109ac741ca4 t1lib-debuginfo-5.1.1-3.fc7.i386.rpm
6bdca51e734f299be7b4073f8416c9851c5ee7f5 t1lib-5.1.1-3.fc7.i386.rpm
a643ae032988f1d53406f90f5456df5cd6a6496a t1lib-devel-5.1.1-3.fc7.x86_64.rpm
8d4d24ad8845891523022444b15b9a8c9b8ab6a5 t1lib-debuginfo-5.1.1-3.fc7.x86_64.rpm
8f430463ca8d524a87afa181338dc71fc80fb18f t1lib-5.1.1-3.fc7.x86_64.rpm
756e1c529f5906ea7703ba04acf53996e40b5bfb t1lib-devel-5.1.1-3.fc7.ppc.rpm
a21ab52ec28700e51cc9c23760604ce00cba54af t1lib-debuginfo-5.1.1-3.fc7.ppc.rpm
ebdb0c258c02e084d1f4da873c0d3a85464c560b t1lib-5.1.1-3.fc7.ppc.rpm
23be7d55b85d68cdcd9cfeca3a297caca8b217aa t1lib-5.1.1-3.fc7.src.rpm
This update can be installed with the "yum" update program. Use
su -c 'yum update t1lib'
at the command line. For more information, refer to "Managing Software
with yum", available at http://docs.fedoraproject.org/yum/.
--------------------------------------------------------------------------------
More information about the Fedora-package-announce
mailing list