漏洞描述
FreeType是一个流行的字体函数库。
FreeType 2.4.9之前版本在实现上存在多个堆缓冲区溢出漏洞、栈缓冲区溢出漏洞和拒绝服务漏洞,远程攻击者可利用这些漏洞执行任意代码或造成拒绝服务。
解决方法
以下是各Linux/Unix发行版系统针对此漏洞发布的安全公告,可以参考对应系统的安全公告修复该漏洞:
Ubuntu
----------------
USN-1403-1: [USN-1403-1] FreeType vulnerabilities
链接: https://www.ubuntu.com/usn/usn-1403-1
Red Hat Enterprise Linux
----------------
链接: https://access.redhat.com/security/cve/CVE-2012-1134
CentOS
----------------
CESA-2012:0467: CESA-2012:0467 Important CentOS 5 freetype Update
链接: https://lists.centos.org/pipermail/centos-announce/2012-April/018559.html
CESA-2012:0467: CESA-2012:0467 Important CentOS 6 freetype Update
链接: https://lists.centos.org/pipermail/centos-announce/2012-April/018563.html
Gentoo
----------------
GLSA-201204-04: FreeType: Multiple vulnerabilities
链接: https://security.gentoo.org/glsa/201204-04
FreeBSD
----------------
380e8c56-8e32-11e1-9580-4061862b8c22: mozilla -- multiple vulnerabilities
链接: http://vuxml.freebsd.org/freebsd/380e8c56-8e32-11e1-9580-4061862b8c22.html
462e2d6c-8017-11e1-a571-bcaec565249c: freetype -- multiple vulnerabilities
链接: http://vuxml.freebsd.org/freebsd/462e2d6c-8017-11e1-a571-bcaec565249c.html
openSUSE
----------------
openSUSE-SU-2012:0489-1: openSUSE Security Update: freetype2 update
链接: https://lists.opensuse.org/opensuse-security-announce/2012-04/msg00004.html
SUSE
----------------
链接: https://www.suse.com/security/cve/CVE-2012-1134/
Oracle Linux
----------------
链接: https://linux.oracle.com/cve/CVE-2012-1134.html
Debian
----------------
DSA-2428: DSA-2428-1 freetype -- several vulnerabilities
链接: https://www.debian.org/security/2012/dsa-2428