22 May 2007, 12:41

Security hole in FreeType

Manipulated True Type fonts could cause an integer overflow in the FreeType library, leading to subsequent arbitrary code execution. Applications such as web browsers that are linked to the library may either crash when trying to integrate manipulated TTF files or execute arbitrary code with user privileges.

The FreeType developers have already fixed this bug in the function TT_Load_Simple_Glyph() from the file ttgload.c in the version control system. So far, Linux distributors have not provided updated FreeType packages. Users are advised to install them immediately as soon as they are available.

Channels

Services

Security hole in FreeType

Also on The H:

Content Security Policy halts XSS in its tracks

Skype's ominous link checking: Facts and speculation

Password protection for everyone

Two clicks for more privacy

What's new in SUSE Linux Enterprise 11 SP3

What's new in Fedora 19

What's new in Linux 3.10

Free Software post-PRISM

Kernel Log: Coming in 3.10 (Part 4) - Drivers

The trouble with "Business Source"

Kernel Log: Coming in 3.10 (Part 3) - Infrastructure

Whatever happened to Google?

Java EE 7 at a glance

Continuous database migration with Liquibase and Flyway

Unit testing with Node.js

Ruby 2.0 - the 20th birthday present

Linux Mint 15: A better Ubuntu for the desktop

What's new in Linux 3.9

Replacing Google Reader

Attacking TrueCrypt

The H

The H Open

The H Security

The H Developer

The H Internet Toolkit