Mandrake Local Security Checks : Mandriva Security Advisory MDVSA-2010:149 (freetype2)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.68264

Categoría: Mandrake Local Security Checks

Título: Mandriva Security Advisory MDVSA-2010:149 (freetype2)

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing an update to freetype2
announced via advisory MDVSA-2010:149.

A vulnerability has been discovered and corrected in freetype2:

Multiple stack overflow flaws have been reported in the way FreeType
font rendering engine processed certain CFF opcodes. An attacker
could use these flaws to create a specially-crafted font file that,
when opened, would cause an application linked against libfreetype
to crash, or, possibly execute arbitrary code (CVE-2010-1797).

Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct this issue.

Affected: 2008.0, 2009.0, 2009.1, 2010.0, 2010.1, Corporate 4.0,
Enterprise Server 5.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2010:149

Risk factor : Critical

CVSS Score:
9.3

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-1797
http://lists.apple.com/archives/security-announce/2010//Aug/msg00000.html
http://lists.apple.com/archives/security-announce/2010//Aug/msg00001.html
BugTraq ID: 42151
http://www.securityfocus.com/bid/42151
http://www.exploit-db.com/exploits/14538
http://www.f-secure.com/weblog/archives/00002002.html
http://osvdb.org/66828
http://secunia.com/advisories/40807
http://secunia.com/advisories/40816
http://secunia.com/advisories/40982
http://secunia.com/advisories/48951
http://www.ubuntu.com/usn/USN-972-1
http://www.vupen.com/english/advisories/2010/2018
http://www.vupen.com/english/advisories/2010/2106
XForce ISS Database: appleios-pdf-code-execution(60856)
https://exchange.xforce.ibmcloud.com/vulnerabilities/60856

Copyright Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.68264
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2010:149 (freetype2)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to freetype2 announced via advisory MDVSA-2010:149. A vulnerability has been discovered and corrected in freetype2: Multiple stack overflow flaws have been reported in the way FreeType font rendering engine processed certain CFF opcodes. An attacker could use these flaws to create a specially-crafted font file that, when opened, would cause an application linked against libfreetype to crash, or, possibly execute arbitrary code (CVE-2010-1797). Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct this issue. Affected: 2008.0, 2009.0, 2009.1, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2010:149 Risk factor : Critical CVSS Score: 9.3
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-1797 http://lists.apple.com/archives/security-announce/2010//Aug/msg00000.html http://lists.apple.com/archives/security-announce/2010//Aug/msg00001.html BugTraq ID: 42151 http://www.securityfocus.com/bid/42151 http://www.exploit-db.com/exploits/14538 http://www.f-secure.com/weblog/archives/00002002.html http://osvdb.org/66828 http://secunia.com/advisories/40807 http://secunia.com/advisories/40816 http://secunia.com/advisories/40982 http://secunia.com/advisories/48951 http://www.ubuntu.com/usn/USN-972-1 http://www.vupen.com/english/advisories/2010/2018 http://www.vupen.com/english/advisories/2010/2106 XForce ISS Database: appleios-pdf-code-execution(60856) https://exchange.xforce.ibmcloud.com/vulnerabilities/60856
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com