Note: This is an archival copy of Security Sun Alert 200100 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000084.1.
Solaris 9 Operating System
Solaris 10 Operating System
Solaris 8 Operating System
Date of Workaround Release
Date of Resolved Release
Several security vulnerabilities in the FreeType 2 type engine may allow a local unprivileged user to be able to execute arbitrary commands with the privileges of an application using FreeType 2 as a font service. These vulnerabilities may also allow a remote unprivileged user to either cause applications using FreeType 2 as a font service to crash (which is a Denial of Service (DoS)) or to execute arbitrary commands with the privileges of a local user.
More information about the FreeType 2 software font engine is available here:
These issues are also referenced here:
These issues can occur in the following releases:
To determine if FreeType 2 is installed on a system, the following command can be run:
% pkginfo SUNWfreetype2 system SUNWfreetype2 FreeType2 Font library
There are no predictable symptoms that would indicate the described issues have been exploited.
There is no workaround for this issue. Please see the Resolution section below.
These issues are addressed in the following releases:
This solution has no attachment