Mandrake Security Advisory MDVSA-2009:243-1 (freetype2)

The remote host is missing an update to freetype2 announced via advisory MDVSA-2009:243-1.
To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c. This update corrects the problem. Update: Correct a problem in the 2009.1 update of the lzw handling code. Affected: 2009.1