Please Install the Updated Packages.

FreeType is a free, high-quality, portable font engine that can open and manage font files, as well as efficiently load, hint and render individual glyphs. Multiple flaws were discovered in FreeType's Printer Font Binary (PFB) and TrueType Font (TTF) font-file format parsers. If a user loaded a carefully crafted font-file with a program linked against FreeType, it could cause the application to crash, or possibly execute arbitrary code. (CVE-2008-1806, CVE-2008-1807, CVE-2008-1808) Note: the flaw in FreeType's TrueType Font (TTF) font-file format parser, covered by CVE-2008-1808, only affected the FreeType 1 library (libttf), shipped in the freetype packages in Red Hat Enterprise Linux 2.1. The FreeType 2 library (libfreetype) is not affected, as it is not compiled with TTF Byte Code Interpreter (BCI) support. Users of freetype should upgrade to these updated packages, which contain backported patches to resolve these issues.

freetype on Red Hat Enterprise Linux AS (Advanced Server) version 2.1, Red Hat Enterprise Linux ES version 2.1, Red Hat Enterprise Linux WS version 2.1

• https://www.redhat.com/archives/rhsa-announce/2008-June/msg00017.html

---

Updated on 2015-03-25