Note: This is an archival copy of Security Sun Alert 200100 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000084.1.
Article ID : 1000084.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2007-01-30
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Security Vulnerabilities (Integer Overflows and a Denial of Service) in the FreeType 2 Font Engine



Category
Security

Release Phase
Resolved

Product
Solaris 9 Operating System
Solaris 10 Operating System
Solaris 8 Operating System

Bug Id
6425531, 6466790

Date of Workaround Release
26-JAN-2007

Date of Resolved Release
31-JAN-2007

Impact

Several security vulnerabilities in the FreeType 2 type engine may allow a local unprivileged user to be able to execute arbitrary commands with the privileges of an application using FreeType 2 as a font service. These vulnerabilities may also allow a remote unprivileged user to either cause applications using FreeType 2 as a font service to crash (which is a Denial of Service (DoS)) or to execute arbitrary commands with the privileges of a local user.

More information about the FreeType 2 software font engine is available here:

http://savannah.nongnu.org/projects/freetype/

These issues are also referenced here:

CVE-2006-2661 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2661

CVE-2006-1861 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1861

CVE-2006-0747 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0747

CVE-2006-3467 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3467


Contributing Factors

These issues can occur in the following releases:

SPARC Platform

  • Solaris 8 without patch 124420-01
  • Solaris 9 without patch 116105-06
  • Solaris 10 without patch 119812-02

x86 Platform

  • Solaris 8 without patch 124421-01
  • Solaris 9 without patch 116106-05
  • Solaris 10 without patch 119813-03

To determine if FreeType 2 is installed on a system, the following command can be run:

    % pkginfo SUNWfreetype2
    system SUNWfreetype2 FreeType2 Font library

Symptoms

There are no predictable symptoms that would indicate the described issues have been exploited.


Workaround

There is no workaround for this issue. Please see the Resolution section below.


Resolution

These issues are addressed in the following releases:

SPARC Platform

  • Solaris 8 with patch 124420-01 or later
  • Solaris 9 with patch 116105-06 or later
  • Solaris 10 with patch 119812-02 or later

x86 Platform

  • Solaris 8 with patch 124421-01 or later
  • Solaris 9 with patch 116106-05 or later
  • Solaris 10 with patch 119813-03 or later


Modification History
Date: 29-JAN-2007

29-Jan-2007:

  • Updated Relief/Workaround section

Date: 31-JAN-2007

31-Jan-2007:

  • Updated Contributing Factors and Resolution sections
  • State: Resolved


References

119812-02
119813-03
116105-06
116106-05
124420-01
124421-01




Attachments
This solution has no attachment