Tavis Ormandy discovered several integer overflows in FreeType, a library to process and access font files, resulting in heap- or stack-based buffer overflows leading to application crashes or the execution of arbitrary code via a crafted font file. For the oldstable distribution (etch), this problem has been fixed in version 2.2.1-5+etch4. For the stable distribution (lenny), this problem has been fixed in version 2.3.7-2+lenny1. For the testing distribution (squeeze), this problem will be fixed soon. For the unstable distribution (sid), this problem has been fixed in version 2.3.9-4.1. We recommend that you upgrade your freetype packages.
Tavis Ormandy discovered several integer overflows in FreeType, a library to process and access font files, resulting in heap- or stack-based buffer overflows leading to application crashes or the execution of arbitrary code via a crafted font file.
For the oldstable distribution (etch), this problem has been fixed in version 2.2.1-5+etch4.
For the stable distribution (lenny), this problem has been fixed in version 2.3.7-2+lenny1.
For the testing distribution (squeeze), this problem will be fixed soon.
For the unstable distribution (sid), this problem has been fixed in version 2.3.9-4.1.
We recommend that you upgrade your freetype packages.
MD5 checksums of the listed files are available in the original advisory.