受影响系统：

FreeType FreeType < 2.2.1

不受影响系统：

FreeType FreeType 2.2.1

描述：

---

BUGTRAQ  ID: 18034
CVE(CAN) ID: CVE-2006-1861,CVE-2006-3467
FreeType是一个流行的字体函数库。
FreeType在处理PCF字体时存在整数溢出，远程攻击者可能利用此漏洞在用户机器上执行任意指令。
如果用户受骗使用链接到FreeType的应用程序加载了特制的字体文件的话，就会导致拒绝服务或执行任意代码。
<*来源：Chris Evans （chris@ferret.lmh.ox.ac.uk）

链接：http://secunia.com/advisories/22907/
http://www.debian.org/security/2005/dsa-1193
http://www.debian.org/security/2005/dsa-1178
http://www.auscert.org.au/render.html?it=6500
http://lwn.net/Alerts/196519
http://lwn.net/Alerts/196520
ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U.asc
http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-26-102714-1
*>
建议：

---

厂商补丁：
Debian
------
Debian已经为此发布了一个安全公告（DSA-1178-1）以及相应补丁:
DSA-1178-1：New freetype packages fix execution of arbitrary code
链接：http://www.debian.org/security/2005/dsa-1178
补丁下载：
Source archives:
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.1.7-6.dsc
Size/MD5 checksum:      754 76dbe18b57a53fac328a1f8e00f54bd0
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.1.7-6.diff.gz
Size/MD5 checksum:    57568 860e9383bba7d853ce6f758c239e89ed
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.1.7.orig.tar.gz
Size/MD5 checksum:  1245623 991ff86e88b075ba363e876f4ea58680
Alpha architecture:
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-6_alpha.deb
Size/MD5 checksum:    88180 697811d9160b950b3d73682701f14e3c
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-6_alpha.deb
Size/MD5 checksum:   422838 635b31efebdb8fb192f7ee717a5e79f1
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-6_alpha.deb
Size/MD5 checksum:   784368 3d90ddefa034bae14101e1f9057efda7
AMD64 architecture:
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-6_amd64.deb
Size/MD5 checksum:    76242 73b70a41effc140791d6b58cf8d3a103
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-6_amd64.deb
Size/MD5 checksum:   390236 6b1c46c525b13bf78e6aa6adfe876300
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-6_amd64.deb
Size/MD5 checksum:   723742 e8cfab359664bd05c9606e21b632c9d6
ARM architecture:
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-6_arm.deb
Size/MD5 checksum:    58734 5535bb49abfbdb3a9add023c2f21fe07
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-6_arm.deb
Size/MD5 checksum:   352880 7dcc3438f6e69b8956244f3946038897
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-6_arm.deb
Size/MD5 checksum:   714518 6cae07f317c33b3f2f5de4e6209b3154
HP Precision architecture:
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-6_hppa.deb
Size/MD5 checksum:    80772 94c00e9be0020ec69779bb2961dedcc2
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-6_hppa.deb
Size/MD5 checksum:   407420 32967b0b193f09fdbfcf1a0f55cff736
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-6_hppa.deb
Size/MD5 checksum:   734434 7cb208545154507cf3462af986575e35
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-6_i386.deb
Size/MD5 checksum:    63190 5c65822f534a53c3f88c72cc32253f37
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-6_i386.deb
Size/MD5 checksum:   364858 555ba61fec5d41a3759f08bc330b9dff
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-6_i386.deb
Size/MD5 checksum:   695074 81249aa29df653e228162b59f55da8a3
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-6_ia64.deb
Size/MD5 checksum:   102616 8cfcca90b20054ab717d669c1109166c
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-6_ia64.deb
Size/MD5 checksum:   493792 eea2110b00ae876e0621365278628865
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-6_ia64.deb
Size/MD5 checksum:   844018 2351fd3f7be66cea09bb68ae99407805
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-6_m68k.deb
Size/MD5 checksum:    43862 a0ad63b48cef0fcd6d620e9eea56dcfd
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-6_m68k.deb
Size/MD5 checksum:   359672 e66cdcceff0149866934d8330a10be7f
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-6_m68k.deb
Size/MD5 checksum:   678786 2c12367dd397823d71c58ecc4db0f4a5
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-6_mips.deb
Size/MD5 checksum:    91804 d14ecf530fa28216f71937d98baaaab6
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-6_mips.deb
Size/MD5 checksum:   384572 5dde54f093153caa592e20757e478199
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-6_mips.deb
Size/MD5 checksum:   742438 d0bcd379d23db5f38f7718f4337d3227
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-6_mipsel.deb
Size/MD5 checksum:    91522 9c36563692b17dcfc1a98c3e8d7e97ab
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-6_mipsel.deb
Size/MD5 checksum:   376512 ceed1298a93acb941d3c0af2c282764e
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-6_mipsel.deb
Size/MD5 checksum:   735774 fd948760267718e195c78dd2e24215f2
PowerPC architecture:
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-6_powerpc.deb
Size/MD5 checksum:    81976 8fcc45ef341f6c9eb0e62f0b33f0b00a
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-6_powerpc.deb
Size/MD5 checksum:   379578 eaf219ba8b48fcce91c5118188c0b418
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-6_powerpc.deb
Size/MD5 checksum:   730094 a6d4471fdd1f7ad1f5f625b35d1f79ed
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-6_s390.deb
Size/MD5 checksum:    76228 ac7a5773d28f83d09d0e0918916e8ddf
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-6_s390.deb
Size/MD5 checksum:   400188 d93224537dea195ad6d642d6b1bd0cfd
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-6_s390.deb
Size/MD5 checksum:   752482 ca8df04a75ef0a814b5cad469b9ad024
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-6_sparc.deb
Size/MD5 checksum:    68420 1cd0b5cc3fcb62ac0ef639467fba9ebc
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-6_sparc.deb
Size/MD5 checksum:   364098 95e28187528ecd25b87a6ad7475c056b
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-6_sparc.deb
Size/MD5 checksum:   699966 8cf12c5209c6ff1d703166a638e5775d
补丁安装方法：
1. 手工安装补丁包：
首先，使用下面的命令来下载补丁软件：
# wget url  (url是补丁下载链接地址)
然后，使用下面的命令来安装补丁：  
# dpkg -i file.deb (file是相应的补丁名)
2. 使用apt-get自动安装补丁包：
首先，使用下面的命令更新内部数据库：
# apt-get update

然后，使用下面的命令安装更新软件包：
# apt-get upgrade
RedHat
------
RedHat已经为此发布了一个安全公告（RHSA-2006:0635-01）以及相应补丁:
RHSA-2006:0635-01：Important: XFree86 security update
链接：http://lwn.net/Alerts/196520
SGI
---
SGI已经为此发布了一个安全公告（20060701-01-U）以及相应补丁:
20060701-01-U：SGI Advanced Linux Environment 3 Security Update #60
链接：ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U.asc
Sun
---
Sun已经为此发布了一个安全公告（Sun-Alert-102714）以及相应补丁:
Sun-Alert-102714：Security Vulnerability With Integer Multiplication Within libXfont Affects Solaris X11 Servers
链接：http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-26-102714-1
FreeType
--------
目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：
http://prdownloads.sourceforge.net/freetype/freetype-2.2.1.tar.bz2?download

责任编辑 赵毅 zhaoyi#51cto.com TEL:（010）68476636-8001