Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.56947
Category:Mandrake Local Security Checks
Title:Mandrake Security Advisory MDKSA-2006:099 (freetype2)
Summary:NOSUMMARY
Description:Description:

The remote host is missing an update to freetype2
announced via advisory MDKSA-2006:099.

Integer underflow in Freetype before 2.2 allows remote attackers to cause
a denial of service (crash) via a font file with an odd number of blue
values, which causes the underflow when decrementing by 2 in a context
that assumes an even number of values. (CVE-2006-0747)

Multiple integer overflows in FreeType before 2.2 allow remote attackers to
cause a denial of service (crash) and possibly execute arbitrary code via
attack vectors related to (1) bdf/bdflib.c, (2) sfnt/ttcmap.c,
(3) cff/cffgload.c, and (4) the read_lwfn function and a crafted LWFN file
in base/ftmac.c. (CVE-2006-1861)

Ftutil.c in Freetype before 2.2 allows remote attackers to cause a denial
of service (crash) via a crafted font file that triggers a null dereference.
(CVE-2006-2661)

In addition, a patch is applied to 2.1.10 in Mandriva 2006 to fix a serious
bug in ttkern.c that caused some programs to go into an infinite loop when
dealing with fonts that don't have a properly sorted kerning sub-table.
This patch is not applicable to the earlier Mandriva releases.

Packages have been patched to correct this issue.

Affected: 10.2, 2006.0, Corporate 3.0, Multi Network Firewall 2.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2006:099

Risk factor : High

CVSS Score:
7.5

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-0747
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
BugTraq ID: 18326
http://www.securityfocus.com/bid/18326
Bugtraq: 20060612 rPSA-2006-0100-1 freetype (Google Search)
http://www.securityfocus.com/archive/1/436836/100/0/threaded
Cert/CC Advisory: TA09-133A
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
Debian Security Information: DSA-1095 (Google Search)
http://www.debian.org/security/2006/dsa-1095
http://www.mandriva.com/security/advisories?name=MDKSA-2006:099
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9508
http://www.redhat.com/support/errata/RHSA-2006-0500.html
http://securitytracker.com/id?1016522
http://secunia.com/advisories/20525
http://secunia.com/advisories/20591
http://secunia.com/advisories/20638
http://secunia.com/advisories/20791
http://secunia.com/advisories/21062
http://secunia.com/advisories/21135
http://secunia.com/advisories/21385
http://secunia.com/advisories/21701
http://secunia.com/advisories/23939
http://secunia.com/advisories/35074
SGI Security Advisory: 20060701-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102705-1
SuSE Security Announcement: SUSE-SA:2006:037 (Google Search)
http://lists.suse.com/archive/suse-security-announce/2006-Jun/0012.html
https://usn.ubuntu.com/291-1/
http://www.vupen.com/english/advisories/2007/0381
http://www.vupen.com/english/advisories/2009/1297
Common Vulnerability Exposure (CVE) ID: CVE-2006-1861
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
BugTraq ID: 18034
http://www.securityfocus.com/bid/18034
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01316.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01401.html
http://security.gentoo.org/glsa/glsa-200607-02.xml
http://www.gentoo.org/security/en/glsa/glsa-200710-09.xml
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9124
http://www.redhat.com/support/errata/RHSA-2009-0329.html
http://www.redhat.com/support/errata/RHSA-2009-1062.html
http://secunia.com/advisories/20100
http://secunia.com/advisories/21000
http://secunia.com/advisories/27162
http://secunia.com/advisories/27167
http://secunia.com/advisories/27271
http://secunia.com/advisories/33937
http://secunia.com/advisories/35200
http://secunia.com/advisories/35204
http://secunia.com/advisories/35233
SuSE Security Announcement: SUSE-SR:2007:021 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html
http://www.vupen.com/english/advisories/2006/1868
XForce ISS Database: freetype-lwfn-overflow(26553)
https://exchange.xforce.ibmcloud.com/vulnerabilities/26553
Common Vulnerability Exposure (CVE) ID: CVE-2006-2661
BugTraq ID: 18329
http://www.securityfocus.com/bid/18329
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=183676
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11692
http://securitytracker.com/id?1016520
CopyrightCopyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.