Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2010-0737)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.122314

Categoría: Oracle Linux Local Security Checks

Título: Oracle: Security Advisory (ELSA-2010-0737)

Resumen: The remote host is missing an update for the 'freetype' package(s) announced via the ELSA-2010-0737 advisory.

Descripción: Summary:
The remote host is missing an update for the 'freetype' package(s) announced via the ELSA-2010-0737 advisory.

Vulnerability Insight:
[2.2.1-28]
- Modify freetype-2.2.1-CVE-2010-3054.patch
- Resolves: #638142

[2.2.1-27]
- Add freetype-2.2.1-CVE-2010-2806.patch
(Protect against negative string_size. Fix comparison.)
- Add freetype-2.2.1-CVE-2010-3311.patch
(Don't seek behind end of stream.)
- Add freetype-2.2.1-CVE-2010-3054.patch
(Protect against nested 'seac' calls.)
- Add freetype-2.2.1-CVE-2010-2808.patch
(Check the total length of collected POST segments.)
- Resolves: #638142

Affected Software/OS:
'freetype' package(s) on Oracle Linux 4, Oracle Linux 5.

Solution:
Please install the updated package(s).

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-2806
40816
http://secunia.com/advisories/40816
40982
http://secunia.com/advisories/40982
42285
http://www.securityfocus.com/bid/42285
42314
http://secunia.com/advisories/42314
42317
http://secunia.com/advisories/42317
ADV-2010-2018
http://www.vupen.com/english/advisories/2010/2018
ADV-2010-2106
http://www.vupen.com/english/advisories/2010/2106
ADV-2010-3045
http://www.vupen.com/english/advisories/2010/3045
ADV-2010-3046
http://www.vupen.com/english/advisories/2010/3046
APPLE-SA-2010-11-10-1
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
APPLE-SA-2010-11-22-1
http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html
RHSA-2010:0736
https://rhn.redhat.com/errata/RHSA-2010-0736.html
RHSA-2010:0737
https://rhn.redhat.com/errata/RHSA-2010-0737.html
RHSA-2010:0864
http://www.redhat.com/support/errata/RHSA-2010-0864.html
USN-972-1
http://www.ubuntu.com/usn/USN-972-1
[oss-security] 20100806 Re: CVE Request -- FreeType -- Memory corruption flaw by processing certain LWFN fonts + three more
http://marc.info/?l=oss-security&m=128111955616772&w=2
http://freetype.sourceforge.net/index2.html#release-freetype-2.4.2
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=c06da1ad34663da7b6fc39b030dc3ae185b96557
http://sourceforge.net/projects/freetype/files/freetype2/2.4.2/NEWS/view
http://support.apple.com/kb/HT4435
http://support.apple.com/kb/HT4456
http://support.apple.com/kb/HT4457
https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019
https://bugzilla.redhat.com/show_bug.cgi?id=621980
https://savannah.nongnu.org/bugs/?30656
Common Vulnerability Exposure (CVE) ID: CVE-2010-2808
[oss-security] 20100806 CVE Request -- FreeType -- Memory corruption flaw by processing certain LWFN fonts
http://marc.info/?l=oss-security&m=128110167119337&w=2
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=81f3472c0ba7b8f6466e2e214fa8c1c17fade975
https://bugzilla.redhat.com/show_bug.cgi?id=621907
https://savannah.nongnu.org/bugs/?30658
Common Vulnerability Exposure (CVE) ID: CVE-2010-3054
BugTraq ID: 42621
http://www.securityfocus.com/bid/42621
RedHat Security Advisories: RHSA-2010:0736
RedHat Security Advisories: RHSA-2010:0737
http://secunia.com/advisories/48951
SuSE Security Announcement: SUSE-SR:2010:019 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
Common Vulnerability Exposure (CVE) ID: CVE-2010-3311
43700
http://www.securityfocus.com/bid/43700
48951
DSA-2116
http://www.debian.org/security/2010/dsa-2116
MDVSA-2010:201
http://www.mandriva.com/security/advisories?name=MDVSA-2010:201
SUSE-SR:2010:019
USN-1013-1
http://www.ubuntu.com/usn/USN-1013-1
https://bugzilla.redhat.com/show_bug.cgi?id=623625

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.122314
Categoría:	Oracle Linux Local Security Checks
Título:	Oracle: Security Advisory (ELSA-2010-0737)
Resumen:	The remote host is missing an update for the 'freetype' package(s) announced via the ELSA-2010-0737 advisory.
Descripción:	Summary: The remote host is missing an update for the 'freetype' package(s) announced via the ELSA-2010-0737 advisory. Vulnerability Insight: [2.2.1-28] - Modify freetype-2.2.1-CVE-2010-3054.patch - Resolves: #638142 [2.2.1-27] - Add freetype-2.2.1-CVE-2010-2806.patch (Protect against negative string_size. Fix comparison.) - Add freetype-2.2.1-CVE-2010-3311.patch (Don't seek behind end of stream.) - Add freetype-2.2.1-CVE-2010-3054.patch (Protect against nested 'seac' calls.) - Add freetype-2.2.1-CVE-2010-2808.patch (Check the total length of collected POST segments.) - Resolves: #638142 Affected Software/OS: 'freetype' package(s) on Oracle Linux 4, Oracle Linux 5. Solution: Please install the updated package(s). CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2806 40816 http://secunia.com/advisories/40816 40982 http://secunia.com/advisories/40982 42285 http://www.securityfocus.com/bid/42285 42314 http://secunia.com/advisories/42314 42317 http://secunia.com/advisories/42317 ADV-2010-2018 http://www.vupen.com/english/advisories/2010/2018 ADV-2010-2106 http://www.vupen.com/english/advisories/2010/2106 ADV-2010-3045 http://www.vupen.com/english/advisories/2010/3045 ADV-2010-3046 http://www.vupen.com/english/advisories/2010/3046 APPLE-SA-2010-11-10-1 http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html APPLE-SA-2010-11-22-1 http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html RHSA-2010:0736 https://rhn.redhat.com/errata/RHSA-2010-0736.html RHSA-2010:0737 https://rhn.redhat.com/errata/RHSA-2010-0737.html RHSA-2010:0864 http://www.redhat.com/support/errata/RHSA-2010-0864.html USN-972-1 http://www.ubuntu.com/usn/USN-972-1 [oss-security] 20100806 Re: CVE Request -- FreeType -- Memory corruption flaw by processing certain LWFN fonts + three more http://marc.info/?l=oss-security&m=128111955616772&w=2 http://freetype.sourceforge.net/index2.html#release-freetype-2.4.2 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=c06da1ad34663da7b6fc39b030dc3ae185b96557 http://sourceforge.net/projects/freetype/files/freetype2/2.4.2/NEWS/view http://support.apple.com/kb/HT4435 http://support.apple.com/kb/HT4456 http://support.apple.com/kb/HT4457 https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019 https://bugzilla.redhat.com/show_bug.cgi?id=621980 https://savannah.nongnu.org/bugs/?30656 Common Vulnerability Exposure (CVE) ID: CVE-2010-2808 [oss-security] 20100806 CVE Request -- FreeType -- Memory corruption flaw by processing certain LWFN fonts http://marc.info/?l=oss-security&m=128110167119337&w=2 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=81f3472c0ba7b8f6466e2e214fa8c1c17fade975 https://bugzilla.redhat.com/show_bug.cgi?id=621907 https://savannah.nongnu.org/bugs/?30658 Common Vulnerability Exposure (CVE) ID: CVE-2010-3054 BugTraq ID: 42621 http://www.securityfocus.com/bid/42621 RedHat Security Advisories: RHSA-2010:0736 RedHat Security Advisories: RHSA-2010:0737 http://secunia.com/advisories/48951 SuSE Security Announcement: SUSE-SR:2010:019 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html Common Vulnerability Exposure (CVE) ID: CVE-2010-3311 43700 http://www.securityfocus.com/bid/43700 48951 DSA-2116 http://www.debian.org/security/2010/dsa-2116 MDVSA-2010:201 http://www.mandriva.com/security/advisories?name=MDVSA-2010:201 SUSE-SR:2010:019 USN-1013-1 http://www.ubuntu.com/usn/USN-1013-1 https://bugzilla.redhat.com/show_bug.cgi?id=623625
Copyright	Copyright (C) 2015 Greenbone AG