ID de Prueba:	1.3.6.1.4.1.25623.1.0.68336
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2010:201 (freetype2)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to freetype2 announced via advisory MDVSA-2010:201. A vulnerability was discovered and corrected in freetype2: Marc Schoenefeld found an input stream position error in the way FreeType font rendering engine processed input file streams. If a user loaded a specially-crafted font file with an application linked against FreeType and relevant font glyphs were subsequently rendered with the X FreeType library (libXft), it could cause the application to crash or, possibly execute arbitrary code (integer overflow leading to heap-based buffer overflow in the libXft library) with the privileges of the user running the application. Different vulnerability than CVE-2010-1797 (CVE-2010-3311). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct this issue. Affected: 2009.0, 2009.1, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2010:201 Risk factor : Critical CVSS Score: 9.3
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-1797 http://lists.apple.com/archives/security-announce/2010//Aug/msg00000.html http://lists.apple.com/archives/security-announce/2010//Aug/msg00001.html BugTraq ID: 42151 http://www.securityfocus.com/bid/42151 http://www.exploit-db.com/exploits/14538 http://www.f-secure.com/weblog/archives/00002002.html http://osvdb.org/66828 http://secunia.com/advisories/40807 http://secunia.com/advisories/40816 http://secunia.com/advisories/40982 http://secunia.com/advisories/48951 http://www.ubuntu.com/usn/USN-972-1 http://www.vupen.com/english/advisories/2010/2018 http://www.vupen.com/english/advisories/2010/2106 XForce ISS Database: appleios-pdf-code-execution(60856) https://exchange.xforce.ibmcloud.com/vulnerabilities/60856 Common Vulnerability Exposure (CVE) ID: CVE-2010-3311 43700 http://www.securityfocus.com/bid/43700 48951 DSA-2116 http://www.debian.org/security/2010/dsa-2116 MDVSA-2010:201 http://www.mandriva.com/security/advisories?name=MDVSA-2010:201 RHSA-2010:0736 https://rhn.redhat.com/errata/RHSA-2010-0736.html RHSA-2010:0737 https://rhn.redhat.com/errata/RHSA-2010-0737.html RHSA-2010:0864 http://www.redhat.com/support/errata/RHSA-2010-0864.html SUSE-SR:2010:019 http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html USN-1013-1 http://www.ubuntu.com/usn/USN-1013-1 https://bugzilla.redhat.com/show_bug.cgi?id=623625
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.