ID de Prueba:	1.3.6.1.4.1.25623.1.0.123157
Categoría:	Oracle Linux Local Security Checks
Título:	Oracle: Security Advisory (ELSA-2015-0696)
Resumen:	The remote host is missing an update for the 'freetype' package(s) announced via the ELSA-2015-0696 advisory.
Descripción:	Summary: The remote host is missing an update for the 'freetype' package(s) announced via the ELSA-2015-0696 advisory. Vulnerability Insight: [2.3.11-15.el6_6.1] - Fixes CVE-2014-9657 - Check minimum size of record_size. - Fixes CVE-2014-9658 - Use correct value for minimum table length test. - Fixes CVE-2014-9675 - New macro that checks one character more than strncmp. - Fixes CVE-2014-9660 - Check _BDF_GLYPH_BITS. - Fixes CVE-2014-9661 - Initialize face->ttf_size. - Always set face->ttf_size directly. - Exclusively use the truetype font driver for loading the font contained in the sfnts array. - Fixes CVE-2014-9663 - Fix order of validity tests. - Fixes CVE-2014-9664 - Add another boundary testing. - Fix boundary testing. - Fixes CVE-2014-9667 - Protect against addition overflow. - Fixes CVE-2014-9669 - Protect against overflow in additions and multiplications. - Fixes CVE-2014-9670 - Add sanity checks for row and column values. - Fixes CVE-2014-9671 - Check size and offset values. - Fixes CVE-2014-9673 - Fix integer overflow by a broken POST table in resource-fork. - Fixes CVE-2014-9674 - Fix integer overflow by a broken POST table in resource-fork. - Additional overflow check in the summation of POST fragment lengths. - Work around behaviour of X11s pcfWriteFont and pcfReadFont functions - Resolves: #1197737 [2.3.11-15] - Fix CVE-2012-5669 (Use correct array size for checking glyph_enc) - Resolves: #903543 Affected Software/OS: 'freetype' package(s) on Oracle Linux 6, Oracle Linux 7. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-9657 BugTraq ID: 72986 http://www.securityfocus.com/bid/72986 Debian Security Information: DSA-3188 (Google Search) http://www.debian.org/security/2015/dsa-3188 http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html https://security.gentoo.org/glsa/201503-05 http://www.mandriva.com/security/advisories?name=MDVSA-2015:055 http://code.google.com/p/google-security-research/issues/detail?id=195 RedHat Security Advisories: RHSA-2015:0696 http://rhn.redhat.com/errata/RHSA-2015-0696.html SuSE Security Announcement: openSUSE-SU-2015:0627 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html http://www.ubuntu.com/usn/USN-2510-1 http://www.ubuntu.com/usn/USN-2739-1 Common Vulnerability Exposure (CVE) ID: CVE-2014-9658 http://code.google.com/p/google-security-research/issues/detail?id=194 Common Vulnerability Exposure (CVE) ID: CVE-2014-9660 http://code.google.com/p/google-security-research/issues/detail?id=188 Common Vulnerability Exposure (CVE) ID: CVE-2014-9661 http://code.google.com/p/google-security-research/issues/detail?id=187 http://packetstormsecurity.com/files/134396/FreeType-2.5.3-Type42-Parsing-Use-After-Free.html Common Vulnerability Exposure (CVE) ID: CVE-2014-9663 http://code.google.com/p/google-security-research/issues/detail?id=184 Common Vulnerability Exposure (CVE) ID: CVE-2014-9664 http://code.google.com/p/google-security-research/issues/detail?id=183 Common Vulnerability Exposure (CVE) ID: CVE-2014-9667 http://code.google.com/p/google-security-research/issues/detail?id=166 Common Vulnerability Exposure (CVE) ID: CVE-2014-9669 http://code.google.com/p/google-security-research/issues/detail?id=163 Common Vulnerability Exposure (CVE) ID: CVE-2014-9670 http://code.google.com/p/google-security-research/issues/detail?id=158 Common Vulnerability Exposure (CVE) ID: CVE-2014-9671 http://code.google.com/p/google-security-research/issues/detail?id=157 Common Vulnerability Exposure (CVE) ID: CVE-2014-9673 http://code.google.com/p/google-security-research/issues/detail?id=154 Common Vulnerability Exposure (CVE) ID: CVE-2014-9674 Debian Security Information: DSA-3461 (Google Search) http://www.debian.org/security/2016/dsa-3461 http://code.google.com/p/google-security-research/issues/detail?id=153 Common Vulnerability Exposure (CVE) ID: CVE-2014-9675 http://code.google.com/p/google-security-research/issues/detail?id=151
Copyright	Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.