news 28 Posted June 25, 2012 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] freetype (SSA:2012-176-01) New freetype packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues. Here are the details from the Slackware 13.37 ChangeLog: +--------------------------+ Since freetype-2.4.8 many fixes were made to better handle invalid fonts. Many of them are vulnerabilities (see CVE-2012-1126 up to CVE-2012-1144 and SA48320) so all users should upgrade. (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 11.0: ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/freetype-2.4.10-i486-1_slack11.0.tgz Updated package for Slackware 12.0: ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/freetype-2.4.10-i486-1_slack12.0.tgz Updated package for Slackware 12.1: ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/freetype-2.4.10-i486-1_slack12.1.tgz Updated package for Slackware 12.2: ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/freetype-2.4.10-i486-1_slack12.2.tgz Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/freetype-2.4.10-i486-1_slack13.0.txz Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/freetype-2.4.10-x86_64-1_slack13.0.txz Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/freetype-2.4.10-i486-1_slack13.1.txz Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/freetype-2.4.10-x86_64-1_slack13.1.txz Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/freetype-2.4.10-i486-1_slack13.37.txz Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/freetype-2.4.10-x86_64-1_slack13.37.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/freetype-2.4.10-i486-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/freetype-2.4.10-x86_64-1.txz MD5 signatures: +-------------+ Slackware 11.0 package: 740e8dcfabaeff661ab42316495ab324 freetype-2.4.10-i486-1_slack11.0.tgz Slackware 12.0 package: 254ec70c308b104f79810b3a3b5bb79a freetype-2.4.10-i486-1_slack12.0.tgz Slackware 12.1 package: 58e6699ef9b09abbbc0c17b8793357d9 freetype-2.4.10-i486-1_slack12.1.tgz Slackware 12.2 package: e4a4ba0aad57006f03e5e6f81f0e3a8d freetype-2.4.10-i486-1_slack12.2.tgz Slackware 13.0 package: c6f2ab74f96c9bb03e2abe3b0e031283 freetype-2.4.10-i486-1_slack13.0.txz Slackware x86_64 13.0 package: b1a0ad100d3cb146055e8752a8be1452 freetype-2.4.10-x86_64-1_slack13.0.txz Slackware 13.1 package: f13024720917072696ca5ba2f6e98763 freetype-2.4.10-i486-1_slack13.1.txz Slackware x86_64 13.1 package: cebc333382fc66e5fbd6097ac55db359 freetype-2.4.10-x86_64-1_slack13.1.txz Slackware 13.37 package: 01ae6eee15c5971c154fe3766c1b031a freetype-2.4.10-i486-1_slack13.37.txz Slackware x86_64 13.37 package: 47519986902baeec97e3fdfa39d3a629 freetype-2.4.10-x86_64-1_slack13.37.txz Slackware -current package: b292822ba1322020d6f35639ba5890d4 l/freetype-2.4.10-i486-1.txz Slackware x86_64 -current package: d012790aad587a2a4fc8fce1f4597199 l/freetype-2.4.10-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg freetype-2.4.10-i486-1_slack13.37.txz +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security ( -at -) slackware.com +------------------------------------------------------------------------+ Share this post Link to post