Referenced CVEs:
CVE-2008-1806, CVE-2008-1807, CVE-2008-1808
Description:
=========================================================== Ubuntu Security Notice USN-643-1 September 11, 2008freetype vulnerabilitiesCVE-2008-1806, CVE-2008-1807, CVE-2008-1808===========================================================A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 7.04Ubuntu 7.10Ubuntu 8.04 LTSThis advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS: libfreetype6 2.1.10-1ubuntu2.5Ubuntu 7.04: libfreetype6 2.2.1-5ubuntu1.2Ubuntu 7.10: libfreetype6 2.3.5-1ubuntu4.7.10.1Ubuntu 8.04 LTS: libfreetype6 2.3.5-1ubuntu4.8.04.1After a standard system upgrade you need to restart your session toeffect the necessary changes.Details follow:Multiple flaws were discovered in the PFB and TTF font handling codein freetype. If a user were tricked into using a specially craftedfont file, a remote attacker could execute arbitrary code with userprivileges or cause the application linked against freetype to crash,leading to a denial of service.
More...
