[oss-security] CVE request and info: freetype flaw to jailbreak iphone

From: Vincent Danen <vdanen_at_nospam>
Date: Sat Jul 16 2011 - 18:53:52 GMT
To: oss-security@lists.openwall.com

I'm not sure if this has received a CVE name or not (if it did, it was
likely assigned to iOS specifically and not freetype).

It looks like the flaw used to jailbreak the iphone was in freetype's
PS type1 font handling.

I've taken a quick look, but am by no means a C guy, but the code paths
are different in freetype 2.2.x and it looks as thought 2.3.11 at least
(so perhaps all of 2.3.x?) is affected. The Secunia report indicates
2.4.5 and possibly older versions.

References:

https://bugzilla.redhat.com/show_bug.cgi?id=722701
http://secunia.com/advisories/45167
http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00014.html
http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00015.html

-- Vincent Danen / Red Hat Security Response Team

This message: [ Message body ]
Next message: Stefan Fritsch: "Re: [oss-security] Apache symlink issue: can documented behavior be a security problem and hence get a CVE?"
Previous message: halfdog: "Re: [oss-security] Apache symlink issue: can documented behavior be a security problem and hence get a CVE?"
Next in thread: Geoffrey Keating: "Re: [oss-security] CVE request and info: freetype flaw to jailbreak iphone"
Reply: Geoffrey Keating: "Re: [oss-security] CVE request and info: freetype flaw to jailbreak iphone"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]