English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 92446 CVE descriptions
and 51095 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.64018
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2009:0329
Summary:Redhat Security Advisory RHSA-2009:0329
Description:Description:
The remote host is missing updates to FreeType announced in
advisory RHSA-2009:0329.

Tavis Ormandy of the Google Security Team discovered several integer
overflow flaws in the FreeType 2 font engine. If a user loaded a
carefully-crafted font file with an application linked against FreeType 2,
it could cause the application to crash or, possibly, execute arbitrary
code with the privileges of the user running the application.
(CVE-2009-0946)

Chris Evans discovered multiple integer overflow flaws in the FreeType font
engine. If a user loaded a carefully-crafted font file with an application
linked against FreeType, it could cause the application to crash or,
possibly, execute arbitrary code with the privileges of the user running
the application. (CVE-2006-1861)

An integer overflow flaw was found in the way the FreeType font engine
processed TrueType® Font (TTF) files. If a user loaded a carefully-crafted
font file with an application linked against FreeType, it could cause the
application to crash or, possibly, execute arbitrary code with the
privileges of the user running the application. (CVE-2007-2754)

A flaw was discovered in the FreeType TTF font-file format parser when the
TrueType virtual machine Byte Code Interpreter (BCI) is enabled. If a user
loaded a carefully-crafted font file with an application linked against
FreeType, it could cause the application to crash or, possibly, execute
arbitrary code with the privileges of the user running the application.
(CVE-2008-1808)

The CVE-2008-1808 flaw did not affect the freetype packages as distributed
in Red Hat Enterprise Linux 3 and 4, as they are not compiled with TrueType
BCI support. A fix for this flaw has been included in this update as users
may choose to recompile the freetype packages in order to enable TrueType
BCI support. Red Hat does not, however, provide support for modified and
recompiled packages.

Note: For the FreeType 2 font engine, the CVE-2006-1861, CVE-2007-2754,
and CVE-2008-1808 flaws were addressed via RHSA-2006:0500, RHSA-2007:0403,
and RHSA-2008:0556 respectively. This update provides corresponding
updates for the FreeType 1 font engine, included in the freetype packages
distributed in Red Hat Enterprise Linux 3 and 4.

Users are advised to upgrade to these updated packages, which contain
backported patches to correct these issues. The X server must be restarted
(log out, then log back in) for this update to take effect.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2009-0329.html
http://www.redhat.com/security/updates/classification/#important
http://www.redhat.com/support/policy/soc/production/

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-1861
Bugtraq: 20060612 rPSA-2006-0100-1 freetype (Google Search)
http://www.securityfocus.com/archive/1/archive/1/436836/100/0/threaded
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
Debian Security Information: DSA-1095 (Google Search)
http://www.debian.org/security/2006/dsa-1095
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01316.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01401.html
http://security.gentoo.org/glsa/glsa-200607-02.xml
http://www.gentoo.org/security/en/glsa/glsa-200710-09.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:099
http://www.redhat.com/support/errata/RHSA-2006-0500.html
http://www.redhat.com/support/errata/RHSA-2009-0329.html
http://www.redhat.com/support/errata/RHSA-2009-1062.html
SGI Security Advisory: 20060701-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102705-1
SuSE Security Announcement: SUSE-SA:2006:037 (Google Search)
http://lists.suse.com/archive/suse-security-announce/2006-Jun/0012.html
SuSE Security Announcement: SUSE-SR:2007:021 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html
http://www.ubuntulinux.org/support/documentation/usn/usn-291-1
BugTraq ID: 18034
http://www.securityfocus.com/bid/18034
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9124
http://secunia.com/advisories/35200
http://secunia.com/advisories/35204
http://secunia.com/advisories/35233
http://www.vupen.com/english/advisories/2006/1868
http://www.vupen.com/english/advisories/2007/0381
http://securitytracker.com/id?1016522
http://secunia.com/advisories/20100
http://secunia.com/advisories/20525
http://secunia.com/advisories/20591
http://secunia.com/advisories/20638
http://secunia.com/advisories/20791
http://secunia.com/advisories/21000
http://secunia.com/advisories/21062
http://secunia.com/advisories/21135
http://secunia.com/advisories/21385
http://secunia.com/advisories/21701
http://secunia.com/advisories/23939
http://secunia.com/advisories/27162
http://secunia.com/advisories/27167
http://secunia.com/advisories/27271
http://secunia.com/advisories/33937
XForce ISS Database: freetype-lwfn-overflow(26553)
http://xforce.iss.net/xforce/xfdb/26553
Common Vulnerability Exposure (CVE) ID: CVE-2007-2754
Bugtraq: 20070524 FLEA-2007-0020-1: freetype (Google Search)
http://www.securityfocus.com/archive/1/archive/1/469463/100/200/threaded
Bugtraq: 20070613 FLEA-2007-0025-1: openoffice.org (Google Search)
http://www.securityfocus.com/archive/1/archive/1/471286/30/6180/threaded
http://lists.gnu.org/archive/html/freetype-devel/2007-04/msg00041.html
http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
Debian Security Information: DSA-1302 (Google Search)
http://www.debian.org/security/2007/dsa-1302
Debian Security Information: DSA-1334 (Google Search)
http://www.debian.org/security/2007/dsa-1334
http://www.gentoo.org/security/en/glsa/glsa-200705-22.xml
http://www.gentoo.org/security/en/glsa/glsa-200707-02.xml
http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:121
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.018.html
http://www.redhat.com/support/errata/RHSA-2007-0403.html
SGI Security Advisory: 20070602-01-P
ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102967-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103171-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200033-1
SuSE Security Announcement: SUSE-SA:2007:041 (Google Search)
http://www.novell.com/linux/security/advisories/2007_41_freetype2.html
http://www.trustix.org/errata/2007/0019/
http://www.ubuntu.com/usn/usn-466-1
Cert/CC Advisory: TA09-133A
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
BugTraq ID: 24074
http://www.securityfocus.com/bid/24074
http://osvdb.org/36509
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11325
http://secunia.com/advisories/35074
http://www.vupen.com/english/advisories/2007/1894
http://www.vupen.com/english/advisories/2007/2229
http://www.vupen.com/english/advisories/2008/0049
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5532
http://www.securitytracker.com/id?1018088
http://secunia.com/advisories/25350
http://secunia.com/advisories/25386
http://secunia.com/advisories/25353
http://secunia.com/advisories/25463
http://secunia.com/advisories/25483
http://secunia.com/advisories/25612
http://secunia.com/advisories/25609
http://secunia.com/advisories/25654
http://secunia.com/advisories/25705
http://secunia.com/advisories/25894
http://secunia.com/advisories/25905
http://secunia.com/advisories/25808
http://secunia.com/advisories/26129
http://secunia.com/advisories/26305
http://secunia.com/advisories/28298
http://secunia.com/advisories/30161
http://www.vupen.com/english/advisories/2009/1297
Common Vulnerability Exposure (CVE) ID: CVE-2008-1808
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=717
Bugtraq: 20080814 rPSA-2008-0255-1 freetype (Google Search)
http://www.securityfocus.com/archive/1/archive/1/495497/100/0/threaded
Bugtraq: 20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues. (Google Search)
http://www.securityfocus.com/archive/1/archive/1/495869/100/0/threaded
http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html
http://sourceforge.net/project/shownotes.php?group_id=3157&release_id=605780
http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html
http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00717.html
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00721.html
http://security.gentoo.org/glsa/glsa-200806-10.xml
http://security.gentoo.org/glsa/glsa-201209-25.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:121
http://www.redhat.com/support/errata/RHSA-2008-0556.html
http://www.redhat.com/support/errata/RHSA-2008-0558.html
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239006-1
SuSE Security Announcement: SUSE-SR:2008:014 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
http://www.ubuntu.com/usn/usn-643-1
BugTraq ID: 29637
http://www.securityfocus.com/bid/29637
BugTraq ID: 29639
http://www.securityfocus.com/bid/29639
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11188
http://www.vupen.com/english/advisories/2008/1794
http://www.vupen.com/english/advisories/2008/1876/references
http://www.vupen.com/english/advisories/2008/2423
http://www.vupen.com/english/advisories/2008/2466
http://www.vupen.com/english/advisories/2008/2558
http://www.vupen.com/english/advisories/2008/2525
http://securitytracker.com/id?1020240
http://secunia.com/advisories/30600
http://secunia.com/advisories/30740
http://secunia.com/advisories/30766
http://secunia.com/advisories/30721
http://secunia.com/advisories/30821
http://secunia.com/advisories/30819
http://secunia.com/advisories/30967
http://secunia.com/advisories/31707
http://secunia.com/advisories/31709
http://secunia.com/advisories/31711
http://secunia.com/advisories/31712
http://secunia.com/advisories/31856
http://secunia.com/advisories/31900
http://secunia.com/advisories/31823
http://secunia.com/advisories/31577
http://secunia.com/advisories/31479
Common Vulnerability Exposure (CVE) ID: CVE-2009-0946
http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
Debian Security Information: DSA-1784 (Google Search)
http://www.debian.org/security/2009/dsa-1784
http://security.gentoo.org/glsa/glsa-200905-05.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:243
http://www.redhat.com/support/errata/RHSA-2009-1061.html
http://sunsolve.sun.com/search/document.do?assetkey=1-66-270268-1
SuSE Security Announcement: SUSE-SR:2009:010 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
http://www.ubuntu.com/usn/USN-767-1
BugTraq ID: 34550
http://www.securityfocus.com/bid/34550
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10149
http://secunia.com/advisories/34723
http://secunia.com/advisories/34913
http://secunia.com/advisories/34967
http://secunia.com/advisories/35065
http://secunia.com/advisories/35198
http://secunia.com/advisories/35210
http://secunia.com/advisories/35379
http://www.vupen.com/english/advisories/2009/1058
http://www.vupen.com/english/advisories/2009/1522
http://www.vupen.com/english/advisories/2009/1621
CopyrightCopyright (c) 2009 E-Soft Inc. http://www.securityspace.com

This is only one of 51095 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2016 E-Soft Inc. All rights reserved.