[SECURITY] Fedora 7 Update: t1lib-5.1.1-3.fc7

updates at fedoraproject.org updates at fedoraproject.org
Fri Sep 28 21:21:43 UTC 2007 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-2343
2007-09-28 21:21:40.573461
--------------------------------------------------------------------------------

Name        : t1lib
Product     : Fedora 7
Version     : 5.1.1
Release     : 3.fc7
URL         : ftp://sunsite.unc.edu/pub/Linux/libs/graphics
Summary     : PostScript Type 1 font rasterizer
Description :
T1lib is a rasterizer library for Adobe Type 1 Fonts. It supports
rotation and transformation, kerning underlining and antialiasing. It
does not depend on X11, but does provides some special functions for
X11.

AFM-files can be generated from Type 1 font files and font subsetting
is possible.

--------------------------------------------------------------------------------
Update Information:

This is most likely not exploitable on Fedora, due to FORTIFY_SOURCE protection, as the overflow is strcat() call which is protected.

This update has a patch that avoids the call where the overflow would occur.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Sep 27 2007 José Matos <jamatos[AT]fc.up.pt> - 5.1.1-3
- Apply patch to fix CVE-2007-4033
* Tue Aug 28 2007 José Matos <jamatos[AT]fc.up.pt> - 5.1.1-2
- License fix, rebuild for devel (F8).
* Thu Jun  7 2007 José Matos <jamatos[AT]fc.up.pt> - 5.1.1-1
- Update to 5.1.1.
- Remove t1lib-5.1.0-destdir.patch (applied upstream).
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #303021 - CVE-2007-4033 Buffer overflow in t1lib triggerable by long filename string
        https://bugzilla.redhat.com/show_bug.cgi?id=303021
  [ 2 ] CVE-2007-4033
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4033
--------------------------------------------------------------------------------
Updated packages:

81bdcde6dbf9b9e4130544fd2493434671c1fee2 t1lib-debuginfo-5.1.1-3.fc7.ppc64.rpm
c64f11e4f89f6b065ec0a6d236e9e2df4cc03c60 t1lib-devel-5.1.1-3.fc7.ppc64.rpm
b2d8aca754e8ac5d1345b509a24e0b47780dc221 t1lib-5.1.1-3.fc7.ppc64.rpm
4175603f9f32a2c5a2bcf3f528225e4c64a1f10b t1lib-devel-5.1.1-3.fc7.i386.rpm
6547e77817fe39768d94ebba3b704109ac741ca4 t1lib-debuginfo-5.1.1-3.fc7.i386.rpm
6bdca51e734f299be7b4073f8416c9851c5ee7f5 t1lib-5.1.1-3.fc7.i386.rpm
a643ae032988f1d53406f90f5456df5cd6a6496a t1lib-devel-5.1.1-3.fc7.x86_64.rpm
8d4d24ad8845891523022444b15b9a8c9b8ab6a5 t1lib-debuginfo-5.1.1-3.fc7.x86_64.rpm
8f430463ca8d524a87afa181338dc71fc80fb18f t1lib-5.1.1-3.fc7.x86_64.rpm
756e1c529f5906ea7703ba04acf53996e40b5bfb t1lib-devel-5.1.1-3.fc7.ppc.rpm
a21ab52ec28700e51cc9c23760604ce00cba54af t1lib-debuginfo-5.1.1-3.fc7.ppc.rpm
ebdb0c258c02e084d1f4da873c0d3a85464c560b t1lib-5.1.1-3.fc7.ppc.rpm
23be7d55b85d68cdcd9cfeca3a297caca8b217aa t1lib-5.1.1-3.fc7.src.rpm

This update can be installed with the "yum" update program.  Use 
su -c 'yum update t1lib' 
at the command line.  For more information, refer to "Managing Software
with yum", available at http://docs.fedoraproject.org/yum/.
--------------------------------------------------------------------------------

More information about the Fedora-package-announce mailing list