Security Vulnerabilities (Integer Overflows and a Denial of Service) in the FreeType 2 Font Engine


Category :Security
Release Phase :Resolved
Product :Solaris 9 Operating System
Solaris 10 Operating System
Solaris 8 Operating System  
Bug Id :6425531, 6466790  
Date of Workaround Release :26-JAN-2007 
Date of Resolved Release :31-JAN-2007 


Impact

Several security vulnerabilities in the FreeType 2 type engine may allow a local unprivileged user to be able to execute arbitrary commands with the privileges of an application using FreeType 2 as a font service. These vulnerabilities may also allow a remote unprivileged user to either cause applications using FreeType 2 as a font service to crash (which is a Denial of Service (DoS)) or to execute arbitrary commands with the privileges of a local user.

More information about the FreeType 2 software font engine is available here:

http://savannah.nongnu.org/projects/freetype/

These issues are also referenced here:

CVE-2006-2661 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2661

CVE-2006-1861 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1861

CVE-2006-0747 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0747

CVE-2006-3467 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3467


Contributing Factors

These issues can occur in the following releases:

SPARC Platform

x86 Platform

To determine if FreeType 2 is installed on a system, the following command can be run:

    % pkginfo SUNWfreetype2
    system SUNWfreetype2 FreeType2 Font library

Symptoms

There are no predictable symptoms that would indicate the described issues have been exploited.


Workaround

There is no workaround for this issue. Please see the Resolution section below.


Resolution

These issues are addressed in the following releases:

SPARC Platform

x86 Platform




Modification History


Date: 29-JAN-2007

29-Jan-2007:

  • Updated Relief/Workaround section

Date: 31-JAN-2007

31-Jan-2007:

  • Updated Contributing Factors and Resolution sections
  • State: Resolved



Attachments
This solution has no attachment
 
Sun support customers:
more support information is available after you sign in.
 
»   Login
»   Register
»   Lost UserName/Password
 
Login Required

You must login and have a valid contract to access Sun's Premium content which includes:

  • Sun Alerts
  • Bugs
  • Patches
  • Solutions
  • White Papers
  • Documentation
  • Support Knowledge

Login Required

You must login and have a valid contract to access Sun's contracted features

Access Legend:

(Login to access)   Sun Contracted Content
(Login to access)   Sun Contracted Feature

Please make use of SunSolve Feedback application by selecting the floating [+] to provide feedback about this specific document.

Search
Article Details
Article ID : 200100
Article Type : Sun Alert
Last reviewed : 2007-01-31
Audience : PUBLIC
Keywords :
Provide feedback  (help)
Page Tools
»  Print This Page
»  Email This Article
»  Bookmark This Article
Security Support
»   Security Center
»   Report Security Vulnerabilities
»   Security PGP Key
»   Sun Alert Notifications - RSS Feeds
»   Sun Alert Notifications - eNewsletter
»   Solaris Fingerprint Database
 
SunSolve Navigation
»   Forums for contracted customers
»   Licenses
»   Log a Service Request
»   Patches and Updates
»   Product Download Center
»   SunSystem Handbook
»   SunSolve Japan
SunSolve Feedback, Help and Updates
»   Blog
»   Community
»   Feedback
»   Help
»   Learn about SunSolve
»   Twitter
Contact About Sun News & Events Employment Site Map Privacy Terms of Use Trademarks Copyright Sun Microsystems, Inc. | SunSolve Version 7.4.0 #1