[SECURITY] Fedora 12 Update: freetype-2.3.11-7.fc12

2010-11-21T21:56:42

Description

The FreeType engine is a free and portable font rendering engine, developed to provide advanced font support for a variety of platforms and environments. FreeType is a library which can open and manages font files as well as efficiently load, hint and render individual glyphs. FreeType is not a font server or a complete text-rendering library.

Affected Package

OS	OS Version	Package Name	Package Version
Fedora	12	freetype	2.3.11

{"id": "FEDORA:CAB2111090C", "vendorId": null, "type": "fedora", "bulletinFamily": "unix", "title": "[SECURITY] Fedora 12 Update: freetype-2.3.11-7.fc12", "description": "The FreeType engine is a free and portable font rendering engine, developed to provide advanced font support for a variety of platforms and environments. FreeType is a library which can open and manages font files as well as efficiently load, hint and render individual glyphs. FreeType is not a font server or a complete text-rendering library. ", "published": "2010-11-21T21:56:42", "modified": "2010-11-21T21:56:42", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": true}, "cvss3": {}, "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/X23ZWGDBCOJU34OQE3XEKJ7YASMHSZTZ/", "reporter": "Fedora", "references": [], "cvelist": ["CVE-2010-1797", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2500", "CVE-2010-2519", "CVE-2010-2520", "CVE-2010-2527", "CVE-2010-2541", "CVE-2010-2805", "CVE-2010-2806", "CVE-2010-2808", "CVE-2010-3311", "CVE-2010-3855"], "immutableFields": [], "lastseen": "2020-12-21T08:17:50", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "centos", "idList": ["CESA-2010:0577", "CESA-2010:0578", "CESA-2010:0607", "CESA-2010:0736", "CESA-2010:0737", "CESA-2010:0889"]}, {"type": "cert", "idList": ["VU:275247"]}, {"type": "cve", "idList": ["CVE-2010-1797", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2500", "CVE-2010-2519", "CVE-2010-2520", "CVE-2010-2527", "CVE-2010-2541", "CVE-2010-2805", "CVE-2010-2806", "CVE-2010-2808", "CVE-2010-2972", "CVE-2010-3311", "CVE-2010-3855"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2070-1:50712", "DEBIAN:DSA-2105-1:02BB1", "DEBIAN:DSA-2105-1:33FFA", "DEBIAN:DSA-2116-1:79D65", "DEBIAN:DSA-2116-1:F1C4F", "DEBIAN:DSA-2155-1:1AC92"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2010-1797", "DEBIANCVE:CVE-2010-2498", "DEBIANCVE:CVE-2010-2499", "DEBIANCVE:CVE-2010-2500", "DEBIANCVE:CVE-2010-2519", "DEBIANCVE:CVE-2010-2520", "DEBIANCVE:CVE-2010-2527", "DEBIANCVE:CVE-2010-2541", "DEBIANCVE:CVE-2010-2805", "DEBIANCVE:CVE-2010-2806", "DEBIANCVE:CVE-2010-2808", "DEBIANCVE:CVE-2010-3311", "DEBIANCVE:CVE-2010-3855"]}, {"type": "exploitdb", "idList": ["EDB-ID:14727"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:9EDBF6F0A3807FA198113B320C20BA8A"]}, {"type": "fedora", "idList": ["FEDORA:0DCDA110ECC", "FEDORA:33CDB110894", "FEDORA:3F648110911", "FEDORA:4E3F6110FC9", "FEDORA:633B721592", "FEDORA:8F0851107BE", "FEDORA:E4C4C110E5F"]}, {"type": "gentoo", "idList": ["GLSA-201201-09"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/APPLE-OSX-AIRPORT-CVE-2010-3855/", "MSF:ILITIES/CENTOS_LINUX-CVE-2010-1797/", "MSF:ILITIES/LINUXRPM-RHSA-2010-0607/", "MSF:ILITIES/LINUXRPM-RHSA-2010-0622/", "MSF:ILITIES/SUSE-CVE-2010-1797/"]}, {"type": "n0where", "idList": ["N0WHERE:31614"]}, {"type": "nessus", "idList": ["5705.PRM", "5715.PRM", "5814.PRM", "5826.PRM", "5986.PRM", "800791.PRM", "800796.PRM", "CENTOS_RHSA-2010-0577.NASL", "CENTOS_RHSA-2010-0578.NASL", "CENTOS_RHSA-2010-0607.NASL", "CENTOS_RHSA-2010-0736.NASL", "CENTOS_RHSA-2010-0737.NASL", "CENTOS_RHSA-2010-0889.NASL", "DEBIAN_DSA-2070.NASL", "DEBIAN_DSA-2105.NASL", "DEBIAN_DSA-2116.NASL", "DEBIAN_DSA-2155.NASL", "FEDORA_2010-15705.NASL", "FEDORA_2010-15785.NASL", "FEDORA_2010-15878.NASL", "FEDORA_2010-17728.NASL", "FEDORA_2010-17742.NASL", "FEDORA_2010-17755.NASL", "FOXIT_READER_4_1_1_0805.NASL", "GENTOO_GLSA-201201-09.NASL", "MACOSX_10_6_5.NASL", "MACOSX_10_6_7.NASL", "MACOSX_SECUPD2010-007.NASL", "MACOSX_SECUPD2011-001.NASL", "MANDRIVA_MDVSA-2010-137.NASL", "MANDRIVA_MDVSA-2010-149.NASL", "MANDRIVA_MDVSA-2010-156.NASL", "MANDRIVA_MDVSA-2010-157.NASL", "MANDRIVA_MDVSA-2010-201.NASL", "MANDRIVA_MDVSA-2010-236.NASL", "ORACLELINUX_ELSA-2010-0577.NASL", "ORACLELINUX_ELSA-2010-0578.NASL", "ORACLELINUX_ELSA-2010-0607.NASL", "ORACLELINUX_ELSA-2010-0736.NASL", "ORACLELINUX_ELSA-2010-0737.NASL", "ORACLELINUX_ELSA-2010-0889.NASL", "REDHAT-RHSA-2010-0577.NASL", "REDHAT-RHSA-2010-0578.NASL", "REDHAT-RHSA-2010-0607.NASL", "REDHAT-RHSA-2010-0736.NASL", "REDHAT-RHSA-2010-0737.NASL", "REDHAT-RHSA-2010-0864.NASL", "REDHAT-RHSA-2010-0889.NASL", "SL_20100730_FREETYPE_FOR_SL4.NASL", "SL_20100730_FREETYPE_ON_SL3.NASL", "SL_20100805_FREETYPE_ON_SL3_X.NASL", "SL_20101004_FREETYPE_ON_SL3_X.NASL", "SL_20101110_FREETYPE_ON_SL6_X.NASL", "SL_20101116_FREETYPE_ON_SL4_X.NASL", "SUSE9_12630.NASL", "SUSE9_12656.NASL", "SUSE_11_1_FREETYPE2-100812.NASL", "SUSE_11_1_FREETYPE2-101013.NASL", "SUSE_11_2_FREETYPE2-100812.NASL", "SUSE_11_2_FREETYPE2-101013.NASL", "SUSE_11_2_FREETYPE2-110303.NASL", "SUSE_11_3_FREETYPE2-101013.NASL", "SUSE_11_3_FREETYPE2-110303.NASL", "SUSE_11_3_LIBFREETYPE6-100812.NASL", "SUSE_11_FREETYPE2-100812.NASL", "SUSE_11_FREETYPE2-100927.NASL", "SUSE_11_FREETYPE2-110304.NASL", "SUSE_FREETYPE2-7121.NASL", "SUSE_FREETYPE2-7168.NASL", "SUSE_FREETYPE2-7366.NASL", "SUSE_FREETYPE2-7399.NASL", "UBUNTU_USN-1013-1.NASL", "UBUNTU_USN-963-1.NASL", "UBUNTU_USN-972-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310122297", "OPENVAS:1361412562310122314", "OPENVAS:1361412562310122333", "OPENVAS:1361412562310122337", "OPENVAS:136141256231067706", "OPENVAS:136141256231068991", "OPENVAS:136141256231070810", "OPENVAS:1361412562310801425", "OPENVAS:1361412562310802144", "OPENVAS:1361412562310831123", "OPENVAS:1361412562310831133", "OPENVAS:1361412562310831135", "OPENVAS:1361412562310831204", "OPENVAS:1361412562310831253", "OPENVAS:1361412562310840461", "OPENVAS:1361412562310840480", "OPENVAS:1361412562310840532", "OPENVAS:1361412562310862471", "OPENVAS:1361412562310862528", "OPENVAS:1361412562310862560", "OPENVAS:1361412562310862563", "OPENVAS:1361412562310862621", "OPENVAS:1361412562310862642", "OPENVAS:1361412562310863470", "OPENVAS:1361412562310863649", "OPENVAS:1361412562310870300", "OPENVAS:1361412562310870301", "OPENVAS:1361412562310870305", "OPENVAS:1361412562310870330", "OPENVAS:1361412562310870339", "OPENVAS:1361412562310870361", "OPENVAS:1361412562310880403", "OPENVAS:1361412562310880406", "OPENVAS:1361412562310880433", "OPENVAS:1361412562310880435", "OPENVAS:1361412562310880454", "OPENVAS:1361412562310880564", "OPENVAS:1361412562310880568", "OPENVAS:1361412562310880576", "OPENVAS:1361412562310880590", "OPENVAS:1361412562310901142", "OPENVAS:1361412562310901143", "OPENVAS:1361412562310902470", "OPENVAS:67706", "OPENVAS:68991", "OPENVAS:70810", "OPENVAS:802144", "OPENVAS:831123", "OPENVAS:831133", "OPENVAS:831135", "OPENVAS:831204", "OPENVAS:831253", "OPENVAS:840461", "OPENVAS:840480", "OPENVAS:840532", "OPENVAS:862471", "OPENVAS:862528", "OPENVAS:862560", "OPENVAS:862563", "OPENVAS:862621", "OPENVAS:862642", "OPENVAS:863470", "OPENVAS:863649", "OPENVAS:870300", "OPENVAS:870301", "OPENVAS:870305", "OPENVAS:870330", "OPENVAS:870339", "OPENVAS:870361", "OPENVAS:880403", "OPENVAS:880406", "OPENVAS:880433", "OPENVAS:880435", "OPENVAS:880454", "OPENVAS:880564", "OPENVAS:880568", "OPENVAS:880576", "OPENVAS:880590", "OPENVAS:901142", "OPENVAS:901143", "OPENVAS:902470"]}, {"type": "oraclelinux", "idList": ["ELSA-2010-0577", "ELSA-2010-0578", "ELSA-2010-0607", "ELSA-2010-0736", "ELSA-2010-0737", "ELSA-2010-0889", "ELSA-2013-0216"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:93045"]}, {"type": "redhat", "idList": ["RHSA-2010:0577", "RHSA-2010:0578", "RHSA-2010:0607", "RHSA-2010:0622", "RHSA-2010:0736", "RHSA-2010:0737", "RHSA-2010:0864", "RHSA-2010:0889"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:24241", "SECURITYVULNS:DOC:24546", "SECURITYVULNS:DOC:24855", "SECURITYVULNS:DOC:25118", "SECURITYVULNS:DOC:25153", "SECURITYVULNS:DOC:25605", "SECURITYVULNS:DOC:25963", "SECURITYVULNS:DOC:26662", "SECURITYVULNS:DOC:26663", "SECURITYVULNS:VULN:11001", "SECURITYVULNS:VULN:11518", "SECURITYVULNS:VULN:11796"]}, {"type": "seebug", "idList": ["SSV:20066", "SSV:69655"]}, {"type": "suse", "idList": ["SUSE-SU-2012:0553-1"]}, {"type": "threatpost", "idList": ["THREATPOST:6C04680CB8CC19D20B6973416D99AD93"]}, {"type": "ubuntu", "idList": ["USN-1013-1", "USN-963-1", "USN-972-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2010-1797", "UB:CVE-2010-2498", "UB:CVE-2010-2499", "UB:CVE-2010-2500", "UB:CVE-2010-2519", "UB:CVE-2010-2520", "UB:CVE-2010-2527", "UB:CVE-2010-2541", "UB:CVE-2010-2805", "UB:CVE-2010-2806", "UB:CVE-2010-2808", "UB:CVE-2010-3311", "UB:CVE-2010-3855"]}]}, "score": {"value": 7.2, "vector": "NONE"}, "backreferences": {"references": [{"type": "centos", "idList": ["CESA-2010:0577", "CESA-2010:0578", "CESA-2010:0607", "CESA-2010:0736", "CESA-2010:0737", "CESA-2010:0889"]}, {"type": "cert", "idList": ["VU:275247"]}, {"type": "cve", "idList": ["CVE-2010-1797", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2500", "CVE-2010-2519", "CVE-2010-2520", "CVE-2010-2527", "CVE-2010-2541", "CVE-2010-2805", "CVE-2010-2806", "CVE-2010-2808", "CVE-2010-3311", "CVE-2010-3855"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2070-1:50712"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2010-2520"]}, {"type": "exploitdb", "idList": ["EDB-ID:14727"]}, {"type": "fedora", "idList": ["FEDORA:633B721592", "FEDORA:8F0851107BE"]}, {"type": "gentoo", "idList": ["GLSA-201201-09"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/APPLE-OSX-AIRPORT-CVE-2010-3855/"]}, {"type": "n0where", "idList": ["N0WHERE:31614"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2010-0577.NASL", "ORACLELINUX_ELSA-2010-0577.NASL", "SL_20100730_FREETYPE_ON_SL3.NASL", "UBUNTU_USN-1013-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310831123", "OPENVAS:1361412562310831253", "OPENVAS:1361412562310862528", "OPENVAS:1361412562310870339", "OPENVAS:1361412562310880435", "OPENVAS:1361412562310880590", "OPENVAS:862560"]}, {"type": "oraclelinux", "idList": ["ELSA-2010-0577", "ELSA-2010-0578", "ELSA-2010-0607", "ELSA-2010-0736", "ELSA-2010-0737", "ELSA-2010-0889"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:93045"]}, {"type": "redhat", "idList": ["RHSA-2010:0578", "RHSA-2010:0607", "RHSA-2010:0737", "RHSA-2010:0864"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:25605"]}, {"type": "seebug", "idList": ["SSV:69655"]}, {"type": "ubuntu", "idList": ["USN-1013-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2010-2520"]}]}, "exploitation": null, "vulnersScore": 7.2}, "_state": {"dependencies": 0, "score": 0}, "_internal": {}, "affectedPackage": [{"OS": "Fedora", "OSVersion": "12", "arch": "any", "packageName": "freetype", "packageVersion": "2.3.11", "packageFilename": "UNKNOWN", "operator": "lt"}]}

{"nessus": [{"lastseen": "2022-03-27T15:31:04", "description": "- Mon Nov 15 2010 Marek Kasik <mkasik at redhat.com> 2.3.11-7\n\n - Add freetype-2.3.11-CVE-2010-3855.patch (Protect against invalid `runcnt' values.)\n\n - Resolves: #651764\n\n - Mon Oct 4 2010 Marek Kasik <mkasik at redhat.com> 2.3.11-6\n\n - Add freetype-2.3.11-CVE-2010-2805.patch (Fix comparison.)\n\n - Add freetype-2.3.11-CVE-2010-2806.patch (Protect against negative string_size. Fix comparison.)\n\n - Add freetype-2.3.11-CVE-2010-2808.patch (Check the total length of collected POST segments.)\n\n - Add freetype-2.3.11-CVE-2010-3311.patch (Don't seek behind end of stream.)\n\n - Resolves: #638522\n\n - Mon Oct 4 2010 Marek Kasik <mkasik at redhat.com> 2.3.11-5\n\n - Add freetype-2.3.11-CVE-2010-1797.patch (Check stack after execution of operations too. Skip the evaluations of the values in decoder, if cff_decoder_parse_charstrings() returns any error.)\n\n - Resolves: #621627\n\n - Fri Oct 1 2010 Marek Kasik <mkasik at redhat.com> 2.3.11-4\n\n - Add freetype-2.3.11-CVE-2010-2498.patch (Assure that `end_point' is not larger than `glyph->num_points')\n\n - Add freetype-2.3.11-CVE-2010-2499.patch (Check the buffer size during gathering PFB fragments)\n\n - Add freetype-2.3.11-CVE-2010-2500.patch (Use smaller threshold values for `width' and `height')\n\n - Add freetype-2.3.11-CVE-2010-2519.patch (Check `rlen' the length of fragment declared in the POST fragment header)\n\n - Add freetype-2.3.11-CVE-2010-2520.patch (Fix bounds check)\n\n - Add freetype-2.3.11-CVE-2010-2527.patch (Use precision for `%s' where appropriate to avoid buffer overflows)\n\n - Add freetype-2.3.11-CVE-2010-2541.patch (Avoid overflow when dealing with names of axes)\n\n - Resolves: #613299\n\n - Thu Dec 3 2009 Behdad Esfahbod <behdad at redhat.com> 2.3.11-3\n\n - Add freetype-2.3.11-more-demos.patch\n\n - New demo programs ftmemchk, ftpatchk, and fttimer\n\n - Thu Dec 3 2009 Behdad Esfahbod <behdad at redhat.com> 2.3.11-2\n\n - Second try. Drop upstreamed patches.\n\n - Thu Dec 3 2009 Behdad Esfahbod <behdad at redhat.com> 2.3.11-1\n\n - 2.3.11\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2010-11-22T00:00:00", "type": "nessus", "title": "Fedora 12 : freetype-2.3.11-7.fc12 (2010-17755)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1797", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2500", "CVE-2010-2519", "CVE-2010-2520", "CVE-2010-2527", "CVE-2010-2541", "CVE-2010-2805", "CVE-2010-2806", "CVE-2010-2808", "CVE-2010-3311", "CVE-2010-3855"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:freetype", "cpe:/o:fedoraproject:fedora:12"], "id": "FEDORA_2010-17755.NASL", "href": "https://www.tenable.com/plugins/nessus/50672", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-17755.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50672);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-3855\");\n script_bugtraq_id(44214);\n script_xref(name:\"FEDORA\", value:\"2010-17755\");\n\n script_name(english:\"Fedora 12 : freetype-2.3.11-7.fc12 (2010-17755)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Mon Nov 15 2010 Marek Kasik <mkasik at redhat.com>\n 2.3.11-7\n\n - Add freetype-2.3.11-CVE-2010-3855.patch (Protect\n against invalid `runcnt' values.)\n\n - Resolves: #651764\n\n - Mon Oct 4 2010 Marek Kasik <mkasik at redhat.com>\n 2.3.11-6\n\n - Add freetype-2.3.11-CVE-2010-2805.patch (Fix\n comparison.)\n\n - Add freetype-2.3.11-CVE-2010-2806.patch (Protect against\n negative string_size. Fix comparison.)\n\n - Add freetype-2.3.11-CVE-2010-2808.patch (Check the total\n length of collected POST segments.)\n\n - Add freetype-2.3.11-CVE-2010-3311.patch (Don't seek\n behind end of stream.)\n\n - Resolves: #638522\n\n - Mon Oct 4 2010 Marek Kasik <mkasik at redhat.com>\n 2.3.11-5\n\n - Add freetype-2.3.11-CVE-2010-1797.patch (Check stack\n after execution of operations too. Skip the\n evaluations of the values in decoder, if\n cff_decoder_parse_charstrings() returns any error.)\n\n - Resolves: #621627\n\n - Fri Oct 1 2010 Marek Kasik <mkasik at redhat.com>\n 2.3.11-4\n\n - Add freetype-2.3.11-CVE-2010-2498.patch (Assure that\n `end_point' is not larger than `glyph->num_points')\n\n - Add freetype-2.3.11-CVE-2010-2499.patch (Check the\n buffer size during gathering PFB fragments)\n\n - Add freetype-2.3.11-CVE-2010-2500.patch (Use smaller\n threshold values for `width' and `height')\n\n - Add freetype-2.3.11-CVE-2010-2519.patch (Check `rlen'\n the length of fragment declared in the POST fragment\n header)\n\n - Add freetype-2.3.11-CVE-2010-2520.patch (Fix bounds\n check)\n\n - Add freetype-2.3.11-CVE-2010-2527.patch (Use precision\n for `%s' where appropriate to avoid buffer overflows)\n\n - Add freetype-2.3.11-CVE-2010-2541.patch (Avoid overflow\n when dealing with names of axes)\n\n - Resolves: #613299\n\n - Thu Dec 3 2009 Behdad Esfahbod <behdad at redhat.com>\n 2.3.11-3\n\n - Add freetype-2.3.11-more-demos.patch\n\n - New demo programs ftmemchk, ftpatchk, and fttimer\n\n - Thu Dec 3 2009 Behdad Esfahbod <behdad at redhat.com>\n 2.3.11-2\n\n - Second try. Drop upstreamed patches.\n\n - Thu Dec 3 2009 Behdad Esfahbod <behdad at redhat.com>\n 2.3.11-1\n\n - 2.3.11\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=645275\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-November/051251.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e2109caa\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freetype package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"freetype-2.3.11-7.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T15:30:50", "description": "- Mon Nov 15 2010 Marek Kasik <mkasik at redhat.com> 2.3.11-7\n\n - Add freetype-2.3.11-CVE-2010-3855.patch (Protect against invalid `runcnt' values.)\n\n - Resolves: #651764\n\n - Mon Oct 4 2010 Marek Kasik <mkasik at redhat.com> 2.3.11-6\n\n - Add freetype-2.3.11-CVE-2010-2805.patch (Fix comparison.)\n\n - Add freetype-2.3.11-CVE-2010-2806.patch (Protect against negative string_size. Fix comparison.)\n\n - Add freetype-2.3.11-CVE-2010-2808.patch (Check the total length of collected POST segments.)\n\n - Add freetype-2.3.11-CVE-2010-3311.patch (Don't seek behind end of stream.)\n\n - Resolves: #638522\n\n - Mon Oct 4 2010 Marek Kasik <mkasik at redhat.com> 2.3.11-5\n\n - Add freetype-2.3.11-CVE-2010-1797.patch (Check stack after execution of operations too. Skip the evaluations of the values in decoder, if cff_decoder_parse_charstrings() returns any error.)\n\n - Resolves: #621627\n\n - Fri Oct 1 2010 Marek Kasik <mkasik at redhat.com> 2.3.11-4\n\n - Add freetype-2.3.11-CVE-2010-2498.patch (Assure that `end_point' is not larger than `glyph->num_points')\n\n - Add freetype-2.3.11-CVE-2010-2499.patch (Check the buffer size during gathering PFB fragments)\n\n - Add freetype-2.3.11-CVE-2010-2500.patch (Use smaller threshold values for `width' and `height')\n\n - Add freetype-2.3.11-CVE-2010-2519.patch (Check `rlen' the length of fragment declared in the POST fragment header)\n\n - Add freetype-2.3.11-CVE-2010-2520.patch (Fix bounds check)\n\n - Add freetype-2.3.11-CVE-2010-2527.patch (Use precision for `%s' where appropriate to avoid buffer overflows)\n\n - Add freetype-2.3.11-CVE-2010-2541.patch (Avoid overflow when dealing with names of axes)\n\n - Resolves: #613299\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2010-11-22T00:00:00", "type": "nessus", "title": "Fedora 13 : freetype-2.3.11-7.fc13 (2010-17728)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1797", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2500", "CVE-2010-2519", "CVE-2010-2520", "CVE-2010-2527", "CVE-2010-2541", "CVE-2010-2805", "CVE-2010-2806", "CVE-2010-2808", "CVE-2010-3311", "CVE-2010-3855"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:freetype", "cpe:/o:fedoraproject:fedora:13"], "id": "FEDORA_2010-17728.NASL", "href": "https://www.tenable.com/plugins/nessus/50670", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-17728.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50670);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-3855\");\n script_bugtraq_id(44214);\n script_xref(name:\"FEDORA\", value:\"2010-17728\");\n\n script_name(english:\"Fedora 13 : freetype-2.3.11-7.fc13 (2010-17728)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Mon Nov 15 2010 Marek Kasik <mkasik at redhat.com>\n 2.3.11-7\n\n - Add freetype-2.3.11-CVE-2010-3855.patch (Protect\n against invalid `runcnt' values.)\n\n - Resolves: #651764\n\n - Mon Oct 4 2010 Marek Kasik <mkasik at redhat.com>\n 2.3.11-6\n\n - Add freetype-2.3.11-CVE-2010-2805.patch (Fix\n comparison.)\n\n - Add freetype-2.3.11-CVE-2010-2806.patch (Protect against\n negative string_size. Fix comparison.)\n\n - Add freetype-2.3.11-CVE-2010-2808.patch (Check the total\n length of collected POST segments.)\n\n - Add freetype-2.3.11-CVE-2010-3311.patch (Don't seek\n behind end of stream.)\n\n - Resolves: #638522\n\n - Mon Oct 4 2010 Marek Kasik <mkasik at redhat.com>\n 2.3.11-5\n\n - Add freetype-2.3.11-CVE-2010-1797.patch (Check stack\n after execution of operations too. Skip the\n evaluations of the values in decoder, if\n cff_decoder_parse_charstrings() returns any error.)\n\n - Resolves: #621627\n\n - Fri Oct 1 2010 Marek Kasik <mkasik at redhat.com>\n 2.3.11-4\n\n - Add freetype-2.3.11-CVE-2010-2498.patch (Assure that\n `end_point' is not larger than `glyph->num_points')\n\n - Add freetype-2.3.11-CVE-2010-2499.patch (Check the\n buffer size during gathering PFB fragments)\n\n - Add freetype-2.3.11-CVE-2010-2500.patch (Use smaller\n threshold values for `width' and `height')\n\n - Add freetype-2.3.11-CVE-2010-2519.patch (Check `rlen'\n the length of fragment declared in the POST fragment\n header)\n\n - Add freetype-2.3.11-CVE-2010-2520.patch (Fix bounds\n check)\n\n - Add freetype-2.3.11-CVE-2010-2527.patch (Use precision\n for `%s' where appropriate to avoid buffer overflows)\n\n - Add freetype-2.3.11-CVE-2010-2541.patch (Avoid overflow\n when dealing with names of axes)\n\n - Resolves: #613299\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=645275\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-November/051231.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6094cd6b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freetype package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"freetype-2.3.11-7.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T14:38:14", "description": "- Mon Oct 4 2010 Marek Kasik <mkasik at redhat.com> 2.3.11-6\n\n - Add freetype-2.3.11-CVE-2010-2805.patch (Fix comparison.)\n\n - Add freetype-2.3.11-CVE-2010-2806.patch (Protect against negative string_size. Fix comparison.)\n\n - Add freetype-2.3.11-CVE-2010-2808.patch (Check the total length of collected POST segments.)\n\n - Add freetype-2.3.11-CVE-2010-3311.patch (Don't seek behind end of stream.)\n\n - Resolves: #638522\n\n - Mon Oct 4 2010 Marek Kasik <mkasik at redhat.com> 2.3.11-5\n\n - Add freetype-2.3.11-CVE-2010-1797.patch (Check stack after execution of operations too. Skip the evaluations of the values in decoder, if cff_decoder_parse_charstrings() returns any error.)\n\n - Resolves: #621627\n\n - Fri Oct 1 2010 Marek Kasik <mkasik at redhat.com> 2.3.11-4\n\n - Add freetype-2.3.11-CVE-2010-2498.patch (Assure that `end_point' is not larger than `glyph->num_points')\n\n - Add freetype-2.3.11-CVE-2010-2499.patch (Check the buffer size during gathering PFB fragments)\n\n - Add freetype-2.3.11-CVE-2010-2500.patch (Use smaller threshold values for `width' and `height')\n\n - Add freetype-2.3.11-CVE-2010-2519.patch (Check `rlen' the length of fragment declared in the POST fragment header)\n\n - Add freetype-2.3.11-CVE-2010-2520.patch (Fix bounds check)\n\n - Add freetype-2.3.11-CVE-2010-2527.patch (Use precision for `%s' where appropriate to avoid buffer overflows)\n\n - Add freetype-2.3.11-CVE-2010-2541.patch (Avoid overflow when dealing with names of axes)\n\n - Resolves: #613299\n\n - Thu Dec 3 2009 Behdad Esfahbod <behdad at redhat.com> 2.3.11-3\n\n - Add freetype-2.3.11-more-demos.patch\n\n - New demo programs ftmemchk, ftpatchk, and fttimer\n\n - Thu Dec 3 2009 Behdad Esfahbod <behdad at redhat.com> 2.3.11-2\n\n - Second try. Drop upstreamed patches.\n\n - Thu Dec 3 2009 Behdad Esfahbod <behdad at redhat.com> 2.3.11-1\n\n - 2.3.11\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2010-11-02T00:00:00", "type": "nessus", "title": "Fedora 12 : freetype-2.3.11-6.fc12 (2010-15785)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1797", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2500", "CVE-2010-2519", "CVE-2010-2520", "CVE-2010-2527", "CVE-2010-2541", "CVE-2010-2805", "CVE-2010-2806", "CVE-2010-2808", "CVE-2010-3311"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:freetype", "cpe:/o:fedoraproject:fedora:12"], "id": "FEDORA_2010-15785.NASL", "href": "https://www.tenable.com/plugins/nessus/50437", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-15785.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50437);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-1797\", \"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2520\", \"CVE-2010-2527\", \"CVE-2010-2541\", \"CVE-2010-2805\", \"CVE-2010-2806\", \"CVE-2010-2808\", \"CVE-2010-3311\");\n script_bugtraq_id(41663, 42151, 42241, 42285, 43700);\n script_xref(name:\"FEDORA\", value:\"2010-15785\");\n\n script_name(english:\"Fedora 12 : freetype-2.3.11-6.fc12 (2010-15785)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Mon Oct 4 2010 Marek Kasik <mkasik at redhat.com>\n 2.3.11-6\n\n - Add freetype-2.3.11-CVE-2010-2805.patch (Fix\n comparison.)\n\n - Add freetype-2.3.11-CVE-2010-2806.patch (Protect against\n negative string_size. Fix comparison.)\n\n - Add freetype-2.3.11-CVE-2010-2808.patch (Check the total\n length of collected POST segments.)\n\n - Add freetype-2.3.11-CVE-2010-3311.patch (Don't seek\n behind end of stream.)\n\n - Resolves: #638522\n\n - Mon Oct 4 2010 Marek Kasik <mkasik at redhat.com>\n 2.3.11-5\n\n - Add freetype-2.3.11-CVE-2010-1797.patch (Check stack\n after execution of operations too. Skip the\n evaluations of the values in decoder, if\n cff_decoder_parse_charstrings() returns any error.)\n\n - Resolves: #621627\n\n - Fri Oct 1 2010 Marek Kasik <mkasik at redhat.com>\n 2.3.11-4\n\n - Add freetype-2.3.11-CVE-2010-2498.patch (Assure that\n `end_point' is not larger than `glyph->num_points')\n\n - Add freetype-2.3.11-CVE-2010-2499.patch (Check the\n buffer size during gathering PFB fragments)\n\n - Add freetype-2.3.11-CVE-2010-2500.patch (Use smaller\n threshold values for `width' and `height')\n\n - Add freetype-2.3.11-CVE-2010-2519.patch (Check `rlen'\n the length of fragment declared in the POST fragment\n header)\n\n - Add freetype-2.3.11-CVE-2010-2520.patch (Fix bounds\n check)\n\n - Add freetype-2.3.11-CVE-2010-2527.patch (Use precision\n for `%s' where appropriate to avoid buffer overflows)\n\n - Add freetype-2.3.11-CVE-2010-2541.patch (Avoid overflow\n when dealing with names of axes)\n\n - Resolves: #613299\n\n - Thu Dec 3 2009 Behdad Esfahbod <behdad at redhat.com>\n 2.3.11-3\n\n - Add freetype-2.3.11-more-demos.patch\n\n - New demo programs ftmemchk, ftpatchk, and fttimer\n\n - Thu Dec 3 2009 Behdad Esfahbod <behdad at redhat.com>\n 2.3.11-2\n\n - Second try. Drop upstreamed patches.\n\n - Thu Dec 3 2009 Behdad Esfahbod <behdad at redhat.com>\n 2.3.11-1\n\n - 2.3.11\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=613160\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=613162\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=613167\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=613194\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=613198\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=614557\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=617342\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=621144\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=621907\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=621980\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=623625\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=625626\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-November/050203.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e475a250\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freetype package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"freetype-2.3.11-6.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:36:46", "description": "- Mon Oct 4 2010 Marek Kasik <mkasik at redhat.com> 2.3.11-6\n\n - Add freetype-2.3.11-CVE-2010-2805.patch (Fix comparison.)\n\n - Add freetype-2.3.11-CVE-2010-2806.patch (Protect against negative string_size. Fix comparison.)\n\n - Add freetype-2.3.11-CVE-2010-2808.patch (Check the total length of collected POST segments.)\n\n - Add freetype-2.3.11-CVE-2010-3311.patch (Don't seek behind end of stream.)\n\n - Resolves: #638522\n\n - Mon Oct 4 2010 Marek Kasik <mkasik at redhat.com> 2.3.11-5\n\n - Add freetype-2.3.11-CVE-2010-1797.patch (Check stack after execution of operations too. Skip the evaluations of the values in decoder, if cff_decoder_parse_charstrings() returns any error.)\n\n - Resolves: #621627\n\n - Fri Oct 1 2010 Marek Kasik <mkasik at redhat.com> 2.3.11-4\n\n - Add freetype-2.3.11-CVE-2010-2498.patch (Assure that `end_point' is not larger than `glyph->num_points')\n\n - Add freetype-2.3.11-CVE-2010-2499.patch (Check the buffer size during gathering PFB fragments)\n\n - Add freetype-2.3.11-CVE-2010-2500.patch (Use smaller threshold values for `width' and `height')\n\n - Add freetype-2.3.11-CVE-2010-2519.patch (Check `rlen' the length of fragment declared in the POST fragment header)\n\n - Add freetype-2.3.11-CVE-2010-2520.patch (Fix bounds check)\n\n - Add freetype-2.3.11-CVE-2010-2527.patch (Use precision for `%s' where appropriate to avoid buffer overflows)\n\n - Add freetype-2.3.11-CVE-2010-2541.patch (Avoid overflow when dealing with names of axes)\n\n - Resolves: #613299\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2010-10-20T00:00:00", "type": "nessus", "title": "Fedora 13 : freetype-2.3.11-6.fc13 (2010-15705)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1797", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2500", "CVE-2010-2519", "CVE-2010-2520", "CVE-2010-2527", "CVE-2010-2541", "CVE-2010-2805", "CVE-2010-2806", "CVE-2010-2808", "CVE-2010-3311"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:freetype", "cpe:/o:fedoraproject:fedora:13"], "id": "FEDORA_2010-15705.NASL", "href": "https://www.tenable.com/plugins/nessus/50026", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-15705.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50026);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-1797\", \"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2520\", \"CVE-2010-2527\", \"CVE-2010-2541\", \"CVE-2010-2805\", \"CVE-2010-2806\", \"CVE-2010-2808\", \"CVE-2010-3311\");\n script_bugtraq_id(41663, 42241, 42285, 43700);\n script_xref(name:\"FEDORA\", value:\"2010-15705\");\n\n script_name(english:\"Fedora 13 : freetype-2.3.11-6.fc13 (2010-15705)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Mon Oct 4 2010 Marek Kasik <mkasik at redhat.com>\n 2.3.11-6\n\n - Add freetype-2.3.11-CVE-2010-2805.patch (Fix\n comparison.)\n\n - Add freetype-2.3.11-CVE-2010-2806.patch (Protect against\n negative string_size. Fix comparison.)\n\n - Add freetype-2.3.11-CVE-2010-2808.patch (Check the total\n length of collected POST segments.)\n\n - Add freetype-2.3.11-CVE-2010-3311.patch (Don't seek\n behind end of stream.)\n\n - Resolves: #638522\n\n - Mon Oct 4 2010 Marek Kasik <mkasik at redhat.com>\n 2.3.11-5\n\n - Add freetype-2.3.11-CVE-2010-1797.patch (Check stack\n after execution of operations too. Skip the\n evaluations of the values in decoder, if\n cff_decoder_parse_charstrings() returns any error.)\n\n - Resolves: #621627\n\n - Fri Oct 1 2010 Marek Kasik <mkasik at redhat.com>\n 2.3.11-4\n\n - Add freetype-2.3.11-CVE-2010-2498.patch (Assure that\n `end_point' is not larger than `glyph->num_points')\n\n - Add freetype-2.3.11-CVE-2010-2499.patch (Check the\n buffer size during gathering PFB fragments)\n\n - Add freetype-2.3.11-CVE-2010-2500.patch (Use smaller\n threshold values for `width' and `height')\n\n - Add freetype-2.3.11-CVE-2010-2519.patch (Check `rlen'\n the length of fragment declared in the POST fragment\n header)\n\n - Add freetype-2.3.11-CVE-2010-2520.patch (Fix bounds\n check)\n\n - Add freetype-2.3.11-CVE-2010-2527.patch (Use precision\n for `%s' where appropriate to avoid buffer overflows)\n\n - Add freetype-2.3.11-CVE-2010-2541.patch (Avoid overflow\n when dealing with names of axes)\n\n - Resolves: #613299\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=613160\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=613162\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=613167\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=613194\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=613198\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=614557\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=617342\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=621144\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=621907\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=621980\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=623625\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=625626\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/049605.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1b04ead5\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freetype package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"freetype-2.3.11-6.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-17T15:18:04", "description": "This update of freetype2 fixes several vulnerabilities that could lead to remote system compromise by executing arbitrary code with user privileges :\n\n - CVE-2010-1797: stack-based buffer overflow while processing CFF opcodes\n\n - CVE-2010-2497: integer underflow\n\n - CVE-2010-2498: invalid free\n\n - CVE-2010-2499: buffer overflow\n\n - CVE-2010-2500: integer overflow\n\n - CVE-2010-2519: heap buffer overflow\n\n - CVE-2010-2520: heap buffer overflow\n\n - CVE-2010-2527: buffer overflows in the freetype demo\n\n - CVE-2010-2541: buffer overflow in ftmulti demo program\n\n - CVE-2010-2805: improper bounds checking\n\n - CVE-2010-2806: improper bounds checking\n\n - CVE-2010-2807: improper type comparisons\n\n - CVE-2010-2808: memory corruption flaw by processing certain LWFN fonts", "cvss3": {"score": null, "vector": null}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : libfreetype6 (openSUSE-SU-2010:0549-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1797", "CVE-2010-2497", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2500", "CVE-2010-2519", "CVE-2010-2520", "CVE-2010-2527", "CVE-2010-2541", "CVE-2010-2805", "CVE-2010-2806", "CVE-2010-2807", "CVE-2010-2808"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libfreetype6", "p-cpe:/a:novell:opensuse:libfreetype6-32bit", "cpe:/o:novell:opensuse:11.3"], "id": "SUSE_11_3_LIBFREETYPE6-100812.NASL", "href": "https://www.tenable.com/plugins/nessus/75578", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libfreetype6-2918.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75578);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1797\", \"CVE-2010-2497\", \"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2520\", \"CVE-2010-2527\", \"CVE-2010-2541\", \"CVE-2010-2805\", \"CVE-2010-2806\", \"CVE-2010-2807\", \"CVE-2010-2808\");\n\n script_name(english:\"openSUSE Security Update : libfreetype6 (openSUSE-SU-2010:0549-1)\");\n script_summary(english:\"Check for the libfreetype6-2918 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of freetype2 fixes several vulnerabilities that could lead\nto remote system compromise by executing arbitrary code with user\nprivileges :\n\n - CVE-2010-1797: stack-based buffer overflow while\n processing CFF opcodes\n\n - CVE-2010-2497: integer underflow\n\n - CVE-2010-2498: invalid free\n\n - CVE-2010-2499: buffer overflow\n\n - CVE-2010-2500: integer overflow\n\n - CVE-2010-2519: heap buffer overflow\n\n - CVE-2010-2520: heap buffer overflow\n\n - CVE-2010-2527: buffer overflows in the freetype demo\n\n - CVE-2010-2541: buffer overflow in ftmulti demo program\n\n - CVE-2010-2805: improper bounds checking\n\n - CVE-2010-2806: improper bounds checking\n\n - CVE-2010-2807: improper type comparisons\n\n - CVE-2010-2808: memory corruption flaw by processing\n certain LWFN fonts\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=619562\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=628213\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=629447\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-08/msg00060.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libfreetype6 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreetype6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreetype6-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libfreetype6-2.3.12-7.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"libfreetype6-32bit-2.3.12-7.1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype2\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:40:00", "description": "This update of freetype2 fixes several vulnerabilities that could lead to remote system compromise by executing arbitrary code with user privileges :\n\n - stack-based buffer overflow while processing CFF opcodes. (CVE-2010-1797)\n\n - integer underflow. (CVE-2010-2497)\n\n - invalid free. (CVE-2010-2498)\n\n - buffer overflow. (CVE-2010-2499)\n\n - integer overflow. (CVE-2010-2500)\n\n - heap buffer overflow. (CVE-2010-2519)\n\n - heap buffer overflow. (CVE-2010-2520)\n\n - buffer overflows in the freetype demo. (CVE-2010-2527)\n\n - buffer overflow in ftmulti demo program. (CVE-2010-2541)\n\n - improper bounds checking. (CVE-2010-2805)\n\n - improper bounds checking. (CVE-2010-2806)\n\n - improper type comparisons. (CVE-2010-2807)\n\n - memory corruption flaw by processing certain LWFN fonts.\n (CVE-2010-2808)", "cvss3": {"score": null, "vector": null}, "published": "2010-12-02T00:00:00", "type": "nessus", "title": "SuSE 11 / 11.1 Security Update : freetype2 (SAT Patch Numbers 2914 / 2919)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1797", "CVE-2010-2497", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2500", "CVE-2010-2519", "CVE-2010-2520", "CVE-2010-2527", "CVE-2010-2541", "CVE-2010-2805", "CVE-2010-2806", "CVE-2010-2807", "CVE-2010-2808"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:freetype2", "p-cpe:/a:novell:suse_linux:11:freetype2-32bit", "p-cpe:/a:novell:suse_linux:11:freetype2-devel", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_FREETYPE2-100812.NASL", "href": "https://www.tenable.com/plugins/nessus/50905", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50905);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1797\", \"CVE-2010-2497\", \"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2520\", \"CVE-2010-2527\", \"CVE-2010-2541\", \"CVE-2010-2805\", \"CVE-2010-2806\", \"CVE-2010-2807\", \"CVE-2010-2808\");\n\n script_name(english:\"SuSE 11 / 11.1 Security Update : freetype2 (SAT Patch Numbers 2914 / 2919)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of freetype2 fixes several vulnerabilities that could lead\nto remote system compromise by executing arbitrary code with user\nprivileges :\n\n - stack-based buffer overflow while processing CFF\n opcodes. (CVE-2010-1797)\n\n - integer underflow. (CVE-2010-2497)\n\n - invalid free. (CVE-2010-2498)\n\n - buffer overflow. (CVE-2010-2499)\n\n - integer overflow. (CVE-2010-2500)\n\n - heap buffer overflow. (CVE-2010-2519)\n\n - heap buffer overflow. (CVE-2010-2520)\n\n - buffer overflows in the freetype demo. (CVE-2010-2527)\n\n - buffer overflow in ftmulti demo program. (CVE-2010-2541)\n\n - improper bounds checking. (CVE-2010-2805)\n\n - improper bounds checking. (CVE-2010-2806)\n\n - improper type comparisons. (CVE-2010-2807)\n\n - memory corruption flaw by processing certain LWFN fonts.\n (CVE-2010-2808)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=619562\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=628213\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=629447\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1797.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2497.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2498.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2499.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2500.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2519.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2520.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2527.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2541.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2805.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2806.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2807.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2808.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Apply SAT patch number 2914 / 2919 as appropriate.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:freetype2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:freetype2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:freetype2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/12/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"freetype2-2.3.7-25.11.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"freetype2-devel-2.3.7-25.11.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"freetype2-2.3.7-25.11.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"freetype2-32bit-2.3.7-25.11.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"freetype2-devel-2.3.7-25.11.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"freetype2-2.3.7-25.11.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"freetype2-devel-2.3.7-25.11.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"freetype2-2.3.7-25.11.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"freetype2-32bit-2.3.7-25.11.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"freetype2-devel-2.3.7-25.11.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"freetype2-2.3.7-25.11.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"freetype2-32bit-2.3.7-25.11.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"freetype2-32bit-2.3.7-25.11.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"freetype2-2.3.7-25.11.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"freetype2-32bit-2.3.7-25.11.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"freetype2-32bit-2.3.7-25.11.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:34:11", "description": "This update of freetype2 fixes several vulnerabilities that could lead to remote system compromise by executing arbitrary code with user privileges :\n\n - stack-based buffer overflow while processing CFF opcodes. (CVE-2010-1797)\n\n - integer underflow. (CVE-2010-2497)\n\n - invalid free. (CVE-2010-2498)\n\n - buffer overflow. (CVE-2010-2499)\n\n - integer overflow. (CVE-2010-2500)\n\n - heap buffer overflow. (CVE-2010-2519)\n\n - heap buffer overflow. (CVE-2010-2520)\n\n - buffer overflows in the freetype demo. (CVE-2010-2527)\n\n - buffer overflow in ftmulti demo program. (CVE-2010-2541)\n\n - improper bounds checking. (CVE-2010-2805)\n\n - improper bounds checking. (CVE-2010-2806)\n\n - improper type comparisons. (CVE-2010-2807)\n\n - memory corruption flaw by processing certain LWFN fonts.\n (CVE-2010-2808)", "cvss3": {"score": null, "vector": null}, "published": "2010-08-27T00:00:00", "type": "nessus", "title": "SuSE9 Security Update : freetype2 (YOU Patch Number 12630)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1797", "CVE-2010-2497", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2500", "CVE-2010-2519", "CVE-2010-2520", "CVE-2010-2527", "CVE-2010-2541", "CVE-2010-2805", "CVE-2010-2806", "CVE-2010-2807", "CVE-2010-2808"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE9_12630.NASL", "href": "https://www.tenable.com/plugins/nessus/48900", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48900);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1797\", \"CVE-2010-2497\", \"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2520\", \"CVE-2010-2527\", \"CVE-2010-2541\", \"CVE-2010-2805\", \"CVE-2010-2806\", \"CVE-2010-2807\", \"CVE-2010-2808\");\n\n script_name(english:\"SuSE9 Security Update : freetype2 (YOU Patch Number 12630)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of freetype2 fixes several vulnerabilities that could lead\nto remote system compromise by executing arbitrary code with user\nprivileges :\n\n - stack-based buffer overflow while processing CFF\n opcodes. (CVE-2010-1797)\n\n - integer underflow. (CVE-2010-2497)\n\n - invalid free. (CVE-2010-2498)\n\n - buffer overflow. (CVE-2010-2499)\n\n - integer overflow. (CVE-2010-2500)\n\n - heap buffer overflow. (CVE-2010-2519)\n\n - heap buffer overflow. (CVE-2010-2520)\n\n - buffer overflows in the freetype demo. (CVE-2010-2527)\n\n - buffer overflow in ftmulti demo program. (CVE-2010-2541)\n\n - improper bounds checking. (CVE-2010-2805)\n\n - improper bounds checking. (CVE-2010-2806)\n\n - improper type comparisons. (CVE-2010-2807)\n\n - memory corruption flaw by processing certain LWFN fonts.\n (CVE-2010-2808)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1797.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2497.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2498.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2499.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2500.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2519.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2520.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2527.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2541.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2805.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2806.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2807.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2808.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12630.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"freetype2-2.1.7-53.23\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"freetype2-devel-2.1.7-53.23\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"freetype2-32bit-9-201008121257\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"freetype2-devel-32bit-9-201008121257\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:36:49", "description": "This update of freetype2 fixes several vulnerabilities that could lead to remote system compromise by executing arbitrary code with user privileges :\n\n - stack-based buffer overflow while processing CFF opcodes. (CVE-2010-1797)\n\n - integer underflow. (CVE-2010-2497)\n\n - invalid free. (CVE-2010-2498)\n\n - buffer overflow. (CVE-2010-2499)\n\n - integer overflow. (CVE-2010-2500)\n\n - heap buffer overflow. (CVE-2010-2519)\n\n - heap buffer overflow. (CVE-2010-2520)\n\n - buffer overflows in the freetype demo. (CVE-2010-2527)\n\n - buffer overflow in ftmulti demo program. (CVE-2010-2541)\n\n - improper bounds checking. (CVE-2010-2805)\n\n - improper bounds checking. (CVE-2010-2806)\n\n - improper type comparisons. (CVE-2010-2807)\n\n - memory corruption flaw by processing certain LWFN fonts.\n (CVE-2010-2808)", "cvss3": {"score": null, "vector": null}, "published": "2010-10-11T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : freetype2 (ZYPP Patch Number 7121)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1797", "CVE-2010-2497", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2500", "CVE-2010-2519", "CVE-2010-2520", "CVE-2010-2527", "CVE-2010-2541", "CVE-2010-2805", "CVE-2010-2806", "CVE-2010-2807", "CVE-2010-2808"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_FREETYPE2-7121.NASL", "href": "https://www.tenable.com/plugins/nessus/49854", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49854);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1797\", \"CVE-2010-2497\", \"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2520\", \"CVE-2010-2527\", \"CVE-2010-2541\", \"CVE-2010-2805\", \"CVE-2010-2806\", \"CVE-2010-2807\", \"CVE-2010-2808\");\n\n script_name(english:\"SuSE 10 Security Update : freetype2 (ZYPP Patch Number 7121)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of freetype2 fixes several vulnerabilities that could lead\nto remote system compromise by executing arbitrary code with user\nprivileges :\n\n - stack-based buffer overflow while processing CFF\n opcodes. (CVE-2010-1797)\n\n - integer underflow. (CVE-2010-2497)\n\n - invalid free. (CVE-2010-2498)\n\n - buffer overflow. (CVE-2010-2499)\n\n - integer overflow. (CVE-2010-2500)\n\n - heap buffer overflow. (CVE-2010-2519)\n\n - heap buffer overflow. (CVE-2010-2520)\n\n - buffer overflows in the freetype demo. (CVE-2010-2527)\n\n - buffer overflow in ftmulti demo program. (CVE-2010-2541)\n\n - improper bounds checking. (CVE-2010-2805)\n\n - improper bounds checking. (CVE-2010-2806)\n\n - improper type comparisons. (CVE-2010-2807)\n\n - memory corruption flaw by processing certain LWFN fonts.\n (CVE-2010-2808)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1797.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2497.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2498.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2499.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2500.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2519.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2520.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2527.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2541.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2805.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2806.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2807.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2808.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7121.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"freetype2-2.1.10-18.22.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"freetype2-devel-2.1.10-18.22.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"x86_64\", reference:\"freetype2-32bit-2.1.10-18.22.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"x86_64\", reference:\"freetype2-devel-32bit-2.1.10-18.22.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"freetype2-2.1.10-18.22.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"freetype2-devel-2.1.10-18.22.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"freetype2-32bit-2.1.10-18.22.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"freetype2-devel-32bit-2.1.10-18.22.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:33:52", "description": "This update of freetype2 fixes several vulnerabilities that could lead to remote system compromise by executing arbitrary code with user privileges :\n\n - CVE-2010-1797: stack-based buffer overflow while processing CFF opcodes\n\n - CVE-2010-2497: integer underflow\n\n - CVE-2010-2498: invalid free\n\n - CVE-2010-2499: buffer overflow\n\n - CVE-2010-2500: integer overflow\n\n - CVE-2010-2519: heap buffer overflow\n\n - CVE-2010-2520: heap buffer overflow\n\n - CVE-2010-2527: buffer overflows in the freetype demo\n\n - CVE-2010-2541: buffer overflow in ftmulti demo program\n\n - CVE-2010-2805: improper bounds checking\n\n - CVE-2010-2806: improper bounds checking\n\n - CVE-2010-2807: improper type comparisons\n\n - CVE-2010-2808: memory corruption flaw by processing certain LWFN fonts", "cvss3": {"score": null, "vector": null}, "published": "2010-08-26T00:00:00", "type": "nessus", "title": "openSUSE Security Update : freetype2 (openSUSE-SU-2010:0549-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1797", "CVE-2010-2497", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2500", "CVE-2010-2519", "CVE-2010-2520", "CVE-2010-2527", "CVE-2010-2541", "CVE-2010-2805", "CVE-2010-2806", "CVE-2010-2807", "CVE-2010-2808"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:freetype2", "p-cpe:/a:novell:opensuse:freetype2-32bit", "p-cpe:/a:novell:opensuse:freetype2-devel", "p-cpe:/a:novell:opensuse:freetype2-devel-32bit", "cpe:/o:novell:opensuse:11.2"], "id": "SUSE_11_2_FREETYPE2-100812.NASL", "href": "https://www.tenable.com/plugins/nessus/48755", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update freetype2-2913.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48755);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1797\", \"CVE-2010-2497\", \"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2520\", \"CVE-2010-2527\", \"CVE-2010-2541\", \"CVE-2010-2805\", \"CVE-2010-2806\", \"CVE-2010-2807\", \"CVE-2010-2808\");\n\n script_name(english:\"openSUSE Security Update : freetype2 (openSUSE-SU-2010:0549-1)\");\n script_summary(english:\"Check for the freetype2-2913 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of freetype2 fixes several vulnerabilities that could lead\nto remote system compromise by executing arbitrary code with user\nprivileges :\n\n - CVE-2010-1797: stack-based buffer overflow while\n processing CFF opcodes\n\n - CVE-2010-2497: integer underflow\n\n - CVE-2010-2498: invalid free\n\n - CVE-2010-2499: buffer overflow\n\n - CVE-2010-2500: integer overflow\n\n - CVE-2010-2519: heap buffer overflow\n\n - CVE-2010-2520: heap buffer overflow\n\n - CVE-2010-2527: buffer overflows in the freetype demo\n\n - CVE-2010-2541: buffer overflow in ftmulti demo program\n\n - CVE-2010-2805: improper bounds checking\n\n - CVE-2010-2806: improper bounds checking\n\n - CVE-2010-2807: improper type comparisons\n\n - CVE-2010-2808: memory corruption flaw by processing\n certain LWFN fonts\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=619562\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=628213\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=629447\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-08/msg00060.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freetype2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freetype2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freetype2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freetype2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freetype2-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"freetype2-2.3.9-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"freetype2-devel-2.3.9-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", cpu:\"x86_64\", reference:\"freetype2-32bit-2.3.9-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", cpu:\"x86_64\", reference:\"freetype2-devel-32bit-2.3.9-2.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype2\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:33:53", "description": "This update of freetype2 fixes several vulnerabilities that could lead to remote system compromise by executing arbitrary code with user privileges :\n\n - CVE-2010-1797: stack-based buffer overflow while processing CFF opcodes\n\n - CVE-2010-2497: integer underflow\n\n - CVE-2010-2498: invalid free\n\n - CVE-2010-2499: buffer overflow\n\n - CVE-2010-2500: integer overflow\n\n - CVE-2010-2519: heap buffer overflow\n\n - CVE-2010-2520: heap buffer overflow\n\n - CVE-2010-2527: buffer overflows in the freetype demo\n\n - CVE-2010-2541: buffer overflow in ftmulti demo program\n\n - CVE-2010-2805: improper bounds checking\n\n - CVE-2010-2806: improper bounds checking\n\n - CVE-2010-2807: improper type comparisons\n\n - CVE-2010-2808: memory corruption flaw by processing certain LWFN fonts", "cvss3": {"score": null, "vector": null}, "published": "2010-08-26T00:00:00", "type": "nessus", "title": "openSUSE Security Update : freetype2 (openSUSE-SU-2010:0549-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1797", "CVE-2010-2497", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2500", "CVE-2010-2519", "CVE-2010-2520", "CVE-2010-2527", "CVE-2010-2541", "CVE-2010-2805", "CVE-2010-2806", "CVE-2010-2807", "CVE-2010-2808"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:freetype2", "p-cpe:/a:novell:opensuse:freetype2-32bit", "p-cpe:/a:novell:opensuse:freetype2-devel", "p-cpe:/a:novell:opensuse:freetype2-devel-32bit", "cpe:/o:novell:opensuse:11.1"], "id": "SUSE_11_1_FREETYPE2-100812.NASL", "href": "https://www.tenable.com/plugins/nessus/48753", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update freetype2-2913.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48753);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1797\", \"CVE-2010-2497\", \"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2520\", \"CVE-2010-2527\", \"CVE-2010-2541\", \"CVE-2010-2805\", \"CVE-2010-2806\", \"CVE-2010-2807\", \"CVE-2010-2808\");\n\n script_name(english:\"openSUSE Security Update : freetype2 (openSUSE-SU-2010:0549-1)\");\n script_summary(english:\"Check for the freetype2-2913 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of freetype2 fixes several vulnerabilities that could lead\nto remote system compromise by executing arbitrary code with user\nprivileges :\n\n - CVE-2010-1797: stack-based buffer overflow while\n processing CFF opcodes\n\n - CVE-2010-2497: integer underflow\n\n - CVE-2010-2498: invalid free\n\n - CVE-2010-2499: buffer overflow\n\n - CVE-2010-2500: integer overflow\n\n - CVE-2010-2519: heap buffer overflow\n\n - CVE-2010-2520: heap buffer overflow\n\n - CVE-2010-2527: buffer overflows in the freetype demo\n\n - CVE-2010-2541: buffer overflow in ftmulti demo program\n\n - CVE-2010-2805: improper bounds checking\n\n - CVE-2010-2806: improper bounds checking\n\n - CVE-2010-2807: improper type comparisons\n\n - CVE-2010-2808: memory corruption flaw by processing\n certain LWFN fonts\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=619562\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=628213\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=629447\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-08/msg00060.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freetype2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freetype2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freetype2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freetype2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freetype2-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"freetype2-2.3.7-24.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"freetype2-devel-2.3.7-24.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"freetype2-32bit-2.3.7-24.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"freetype2-devel-32bit-2.3.7-24.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype2\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:03:49", "description": "Robert Swiecki discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could execute arbitrary code with user privileges.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2010-07-21T00:00:00", "type": "nessus", "title": "Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : freetype vulnerabilities (USN-963-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2500", "CVE-2010-2519", "CVE-2010-2520", "CVE-2010-2527"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:freetype2-demos", "p-cpe:/a:canonical:ubuntu_linux:libfreetype6", "p-cpe:/a:canonical:ubuntu_linux:libfreetype6-dev", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "cpe:/o:canonical:ubuntu_linux:9.04", "cpe:/o:canonical:ubuntu_linux:9.10"], "id": "UBUNTU_USN-963-1.NASL", "href": "https://www.tenable.com/plugins/nessus/47778", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-963-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47778);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/09/19 12:54:26\");\n\n script_cve_id(\"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2520\", \"CVE-2010-2527\");\n script_bugtraq_id(41663, 60750);\n script_xref(name:\"USN\", value:\"963-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : freetype vulnerabilities (USN-963-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Robert Swiecki discovered that FreeType did not correctly handle\ncertain malformed font files. If a user were tricked into using a\nspecially crafted font file, a remote attacker could execute arbitrary\ncode with user privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/963-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected freetype2-demos, libfreetype6 and / or\nlibfreetype6-dev packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:freetype2-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libfreetype6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libfreetype6-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(6\\.06|8\\.04|9\\.04|9\\.10|10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 8.04 / 9.04 / 9.10 / 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"freetype2-demos\", pkgver:\"2.1.10-1ubuntu2.7\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libfreetype6\", pkgver:\"2.1.10-1ubuntu2.7\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libfreetype6-dev\", pkgver:\"2.1.10-1ubuntu2.7\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"freetype2-demos\", pkgver:\"2.3.5-1ubuntu4.8.04.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libfreetype6\", pkgver:\"2.3.5-1ubuntu4.8.04.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libfreetype6-dev\", pkgver:\"2.3.5-1ubuntu4.8.04.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"freetype2-demos\", pkgver:\"2.3.9-4ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libfreetype6\", pkgver:\"2.3.9-4ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libfreetype6-dev\", pkgver:\"2.3.9-4ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"freetype2-demos\", pkgver:\"2.3.9-5ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libfreetype6\", pkgver:\"2.3.9-5ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libfreetype6-dev\", pkgver:\"2.3.9-5ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"freetype2-demos\", pkgver:\"2.3.11-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libfreetype6\", pkgver:\"2.3.11-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libfreetype6-dev\", pkgver:\"2.3.11-1ubuntu2.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype2-demos / libfreetype6 / libfreetype6-dev\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T14:12:45", "description": "From Red Hat Security Advisory 2010:0578 :\n\nUpdated freetype packages that fix various security issues are now available for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for Red Hat Enterprise Linux 5 provide only the FreeType 2 font engine.\n\nAn invalid memory management flaw was found in the way the FreeType font engine processed font files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2498)\n\nAn integer overflow flaw was found in the way the FreeType font engine processed font files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2500)\n\nSeveral buffer overflow flaws were found in the way the FreeType font engine processed font files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2499, CVE-2010-2519)\n\nSeveral buffer overflow flaws were found in the FreeType demo applications. If a user loaded a carefully-crafted font file with a demo application, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2527, CVE-2010-2541)\n\nRed Hat would like to thank Robert Swiecki of the Google Security Team for the discovery of the CVE-2010-2498, CVE-2010-2500, CVE-2010-2499, CVE-2010-2519, and CVE-2010-2527 issues.\n\nNote: All of the issues in this erratum only affect the FreeType 2 font engine.\n\nUsers are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 4 / 5 : freetype (ELSA-2010-0578)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2500", "CVE-2010-2519", "CVE-2010-2527", "CVE-2010-2541"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:freetype", "p-cpe:/a:oracle:linux:freetype-demos", "p-cpe:/a:oracle:linux:freetype-devel", "p-cpe:/a:oracle:linux:freetype-utils", "cpe:/o:oracle:linux:4", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2010-0578.NASL", "href": "https://www.tenable.com/plugins/nessus/68075", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2010:0578 and \n# Oracle Linux Security Advisory ELSA-2010-0578 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68075);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2527\", \"CVE-2010-2541\");\n script_bugtraq_id(60740, 60750);\n script_xref(name:\"RHSA\", value:\"2010:0578\");\n\n script_name(english:\"Oracle Linux 4 / 5 : freetype (ELSA-2010-0578)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2010:0578 :\n\nUpdated freetype packages that fix various security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open\nand manage font files. It also loads, hints, and renders individual\nglyphs efficiently. The freetype packages for Red Hat Enterprise Linux\n4 provide both the FreeType 1 and FreeType 2 font engines. The\nfreetype packages for Red Hat Enterprise Linux 5 provide only the\nFreeType 2 font engine.\n\nAn invalid memory management flaw was found in the way the FreeType\nfont engine processed font files. If a user loaded a carefully-crafted\nfont file with an application linked against FreeType, it could cause\nthe application to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2498)\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed font files. If a user loaded a carefully-crafted font file\nwith an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2500)\n\nSeveral buffer overflow flaws were found in the way the FreeType font\nengine processed font files. If a user loaded a carefully-crafted font\nfile with an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2499,\nCVE-2010-2519)\n\nSeveral buffer overflow flaws were found in the FreeType demo\napplications. If a user loaded a carefully-crafted font file with a\ndemo application, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2527, CVE-2010-2541)\n\nRed Hat would like to thank Robert Swiecki of the Google Security Team\nfor the discovery of the CVE-2010-2498, CVE-2010-2500, CVE-2010-2499,\nCVE-2010-2519, and CVE-2010-2527 issues.\n\nNote: All of the issues in this erratum only affect the FreeType 2\nfont engine.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be\nrestarted (log out, then log back in) for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-July/001572.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-July/001573.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freetype packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:freetype-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:freetype-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:freetype-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4 / 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"freetype-2.1.9-14.el4.8\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"freetype-demos-2.1.9-14.el4.8\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"freetype-devel-2.1.9-14.el4.8\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"freetype-utils-2.1.9-14.el4.8\")) flag++;\n\nif (rpm_check(release:\"EL5\", reference:\"freetype-2.2.1-25.el5_5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"freetype-demos-2.2.1-25.el5_5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"freetype-devel-2.2.1-25.el5_5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype / freetype-demos / freetype-devel / freetype-utils\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T14:33:33", "description": "Updated freetype packages that fix various security issues are now available for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for Red Hat Enterprise Linux 5 provide only the FreeType 2 font engine.\n\nAn invalid memory management flaw was found in the way the FreeType font engine processed font files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2498)\n\nAn integer overflow flaw was found in the way the FreeType font engine processed font files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2500)\n\nSeveral buffer overflow flaws were found in the way the FreeType font engine processed font files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2499, CVE-2010-2519)\n\nSeveral buffer overflow flaws were found in the FreeType demo applications. If a user loaded a carefully-crafted font file with a demo application, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2527, CVE-2010-2541)\n\nRed Hat would like to thank Robert Swiecki of the Google Security Team for the discovery of the CVE-2010-2498, CVE-2010-2500, CVE-2010-2499, CVE-2010-2519, and CVE-2010-2527 issues.\n\nNote: All of the issues in this erratum only affect the FreeType 2 font engine.\n\nUsers are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2010-08-02T00:00:00", "type": "nessus", "title": "RHEL 4 / 5 : freetype (RHSA-2010:0578)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2500", "CVE-2010-2519", "CVE-2010-2527", "CVE-2010-2541"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:freetype", "p-cpe:/a:redhat:enterprise_linux:freetype-demos", "p-cpe:/a:redhat:enterprise_linux:freetype-devel", "p-cpe:/a:redhat:enterprise_linux:freetype-utils", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:4.8", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2010-0578.NASL", "href": "https://www.tenable.com/plugins/nessus/48212", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0578. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48212);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2527\", \"CVE-2010-2541\");\n script_bugtraq_id(60740, 60750);\n script_xref(name:\"RHSA\", value:\"2010:0578\");\n\n script_name(english:\"RHEL 4 / 5 : freetype (RHSA-2010:0578)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated freetype packages that fix various security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open\nand manage font files. It also loads, hints, and renders individual\nglyphs efficiently. The freetype packages for Red Hat Enterprise Linux\n4 provide both the FreeType 1 and FreeType 2 font engines. The\nfreetype packages for Red Hat Enterprise Linux 5 provide only the\nFreeType 2 font engine.\n\nAn invalid memory management flaw was found in the way the FreeType\nfont engine processed font files. If a user loaded a carefully-crafted\nfont file with an application linked against FreeType, it could cause\nthe application to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2498)\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed font files. If a user loaded a carefully-crafted font file\nwith an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2500)\n\nSeveral buffer overflow flaws were found in the way the FreeType font\nengine processed font files. If a user loaded a carefully-crafted font\nfile with an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2499,\nCVE-2010-2519)\n\nSeveral buffer overflow flaws were found in the FreeType demo\napplications. If a user loaded a carefully-crafted font file with a\ndemo application, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2527, CVE-2010-2541)\n\nRed Hat would like to thank Robert Swiecki of the Google Security Team\nfor the discovery of the CVE-2010-2498, CVE-2010-2500, CVE-2010-2499,\nCVE-2010-2519, and CVE-2010-2527 issues.\n\nNote: All of the issues in this erratum only affect the FreeType 2\nfont engine.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be\nrestarted (log out, then log back in) for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2498\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2499\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2500\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2527\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2541\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0578\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0578\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"freetype-2.1.9-14.el4.8\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"freetype-demos-2.1.9-14.el4.8\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"freetype-devel-2.1.9-14.el4.8\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"freetype-utils-2.1.9-14.el4.8\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", reference:\"freetype-2.2.1-25.el5_5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"freetype-demos-2.2.1-25.el5_5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"freetype-demos-2.2.1-25.el5_5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"freetype-demos-2.2.1-25.el5_5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"freetype-devel-2.2.1-25.el5_5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype / freetype-demos / freetype-devel / freetype-utils\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T14:09:15", "description": "An invalid memory management flaw was found in the way the FreeType font engine processed font files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2498)\n\nAn integer overflow flaw was found in the way the FreeType font engine processed font files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2500)\n\nSeveral buffer overflow flaws were found in the way the FreeType font engine processed font files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2499, CVE-2010-2519)\n\nSeveral buffer overflow flaws were found in the FreeType demo applications. If a user loaded a carefully-crafted font file with a demo application, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2527, CVE-2010-2541)\n\nNote: All of the issues in this erratum only affect the FreeType 2 font engine.\n\nUsers are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect.\n\nFile List", "cvss3": {"score": null, "vector": null}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : freetype for SL4 , SL5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2500", "CVE-2010-2519", "CVE-2010-2527", "CVE-2010-2541"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20100730_FREETYPE_FOR_SL4.NASL", "href": "https://www.tenable.com/plugins/nessus/60825", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60825);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2527\", \"CVE-2010-2541\");\n\n script_name(english:\"Scientific Linux Security Update : freetype for SL4 , SL5\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An invalid memory management flaw was found in the way the FreeType\nfont engine processed font files. If a user loaded a carefully-crafted\nfont file with an application linked against FreeType, it could cause\nthe application to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2498)\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed font files. If a user loaded a carefully-crafted font file\nwith an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2500)\n\nSeveral buffer overflow flaws were found in the way the FreeType font\nengine processed font files. If a user loaded a carefully-crafted font\nfile with an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2499,\nCVE-2010-2519)\n\nSeveral buffer overflow flaws were found in the FreeType demo\napplications. If a user loaded a carefully-crafted font file with a\ndemo application, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2527, CVE-2010-2541)\n\nNote: All of the issues in this erratum only affect the FreeType 2\nfont engine.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be\nrestarted (log out, then log back in) for this update to take effect.\n\nFile List\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1007&L=scientific-linux-errata&T=0&P=3474\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a2ba5fda\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"freetype-2.1.9-14.el4.8\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"freetype-debuginfo-2.1.9-14.el4.8\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"freetype-demos-2.1.9-14.el4.8\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"freetype-devel-2.1.9-14.el4.8\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"freetype-utils-2.1.9-14.el4.8\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"freetype-2.2.1-25.el5_5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"freetype-debuginfo-2.2.1-25.el5_5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"freetype-demos-2.2.1-25.el5_5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"freetype-devel-2.2.1-25.el5_5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T14:34:58", "description": "Updated freetype packages that fix various security issues are now available for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for Red Hat Enterprise Linux 5 provide only the FreeType 2 font engine.\n\nAn invalid memory management flaw was found in the way the FreeType font engine processed font files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2498)\n\nAn integer overflow flaw was found in the way the FreeType font engine processed font files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2500)\n\nSeveral buffer overflow flaws were found in the way the FreeType font engine processed font files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2499, CVE-2010-2519)\n\nSeveral buffer overflow flaws were found in the FreeType demo applications. If a user loaded a carefully-crafted font file with a demo application, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2527, CVE-2010-2541)\n\nRed Hat would like to thank Robert Swiecki of the Google Security Team for the discovery of the CVE-2010-2498, CVE-2010-2500, CVE-2010-2499, CVE-2010-2519, and CVE-2010-2527 issues.\n\nNote: All of the issues in this erratum only affect the FreeType 2 font engine.\n\nUsers are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2010-08-03T00:00:00", "type": "nessus", "title": "CentOS 4 / 5 : freetype (CESA-2010:0578)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2500", "CVE-2010-2519", "CVE-2010-2527", "CVE-2010-2541"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:freetype", "p-cpe:/a:centos:centos:freetype-demos", "p-cpe:/a:centos:centos:freetype-devel", "p-cpe:/a:centos:centos:freetype-utils", "cpe:/o:centos:centos:4", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2010-0578.NASL", "href": "https://www.tenable.com/plugins/nessus/48217", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0578 and \n# CentOS Errata and Security Advisory 2010:0578 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48217);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2527\", \"CVE-2010-2541\");\n script_bugtraq_id(60740, 60750);\n script_xref(name:\"RHSA\", value:\"2010:0578\");\n\n script_name(english:\"CentOS 4 / 5 : freetype (CESA-2010:0578)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated freetype packages that fix various security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open\nand manage font files. It also loads, hints, and renders individual\nglyphs efficiently. The freetype packages for Red Hat Enterprise Linux\n4 provide both the FreeType 1 and FreeType 2 font engines. The\nfreetype packages for Red Hat Enterprise Linux 5 provide only the\nFreeType 2 font engine.\n\nAn invalid memory management flaw was found in the way the FreeType\nfont engine processed font files. If a user loaded a carefully-crafted\nfont file with an application linked against FreeType, it could cause\nthe application to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2498)\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed font files. If a user loaded a carefully-crafted font file\nwith an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2500)\n\nSeveral buffer overflow flaws were found in the way the FreeType font\nengine processed font files. If a user loaded a carefully-crafted font\nfile with an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2499,\nCVE-2010-2519)\n\nSeveral buffer overflow flaws were found in the FreeType demo\napplications. If a user loaded a carefully-crafted font file with a\ndemo application, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2527, CVE-2010-2541)\n\nRed Hat would like to thank Robert Swiecki of the Google Security Team\nfor the discovery of the CVE-2010-2498, CVE-2010-2500, CVE-2010-2499,\nCVE-2010-2519, and CVE-2010-2527 issues.\n\nNote: All of the issues in this erratum only affect the FreeType 2\nfont engine.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be\nrestarted (log out, then log back in) for this update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-August/016854.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b9d2110d\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-August/016855.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?eb8b8ddf\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-August/016884.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b78c705f\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-August/016885.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fecd5c92\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freetype packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freetype-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freetype-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freetype-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x / 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"freetype-2.1.9-14.el4.8\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"freetype-2.1.9-14.el4.8\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"freetype-demos-2.1.9-14.el4.8\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"freetype-demos-2.1.9-14.el4.8\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"freetype-devel-2.1.9-14.el4.8\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"freetype-devel-2.1.9-14.el4.8\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"freetype-utils-2.1.9-14.el4.8\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"freetype-utils-2.1.9-14.el4.8\")) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"freetype-2.2.1-25.el5_5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"freetype-demos-2.2.1-25.el5_5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"freetype-devel-2.2.1-25.el5_5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype / freetype-demos / freetype-devel / freetype-utils\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:03:48", "description": "Robert Swiecki discovered several vulnerabilities in the FreeType font library, which could lead to the execution of arbitrary code if a malformed font file is processed.\n\nAlso, several buffer overflows were found in the included demo programs.", "cvss3": {"score": null, "vector": null}, "published": "2010-07-15T00:00:00", "type": "nessus", "title": "Debian DSA-2070-1 : freetype - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2497", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2500", "CVE-2010-2519", "CVE-2010-2520", "CVE-2010-2527"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:freetype", "cpe:/o:debian:debian_linux:5.0"], "id": "DEBIAN_DSA-2070.NASL", "href": "https://www.tenable.com/plugins/nessus/47735", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2070. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47735);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2010-2497\", \"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2520\", \"CVE-2010-2527\");\n script_bugtraq_id(41663);\n script_xref(name:\"DSA\", value:\"2070\");\n\n script_name(english:\"Debian DSA-2070-1 : freetype - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Robert Swiecki discovered several vulnerabilities in the FreeType font\nlibrary, which could lead to the execution of arbitrary code if a\nmalformed font file is processed.\n\nAlso, several buffer overflows were found in the included demo\nprograms.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2010/dsa-2070\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the freetype packages.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.3.7-2+lenny2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"freetype2-demos\", reference:\"2.3.7-2+lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libfreetype6\", reference:\"2.3.7-2+lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libfreetype6-dev\", reference:\"2.3.7-2+lenny2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T13:58:44", "description": "The remote host is affected by the vulnerability described in GLSA-201201-09 (FreeType: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in FreeType. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could entice a user to open a specially crafted font, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application, or a Denial of Service.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": null, "vector": null}, "published": "2012-01-24T00:00:00", "type": "nessus", "title": "GLSA-201201-09 : FreeType: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1797", "CVE-2010-2497", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2500", "CVE-2010-2519", "CVE-2010-2520", "CVE-2010-2527", "CVE-2010-2541", "CVE-2010-2805", "CVE-2010-2806", "CVE-2010-2807", "CVE-2010-2808", "CVE-2010-3053", "CVE-2010-3054", "CVE-2010-3311", "CVE-2010-3814", "CVE-2010-3855", "CVE-2011-0226", "CVE-2011-3256", "CVE-2011-3439"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:freetype", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201201-09.NASL", "href": "https://www.tenable.com/plugins/nessus/57651", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201201-09.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57651);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2010-1797\", \"CVE-2010-2497\", \"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2520\", \"CVE-2010-2527\", \"CVE-2010-2541\", \"CVE-2010-2805\", \"CVE-2010-2806\", \"CVE-2010-2807\", \"CVE-2010-2808\", \"CVE-2010-3053\", \"CVE-2010-3054\", \"CVE-2010-3311\", \"CVE-2010-3814\", \"CVE-2010-3855\", \"CVE-2011-0226\", \"CVE-2011-3256\", \"CVE-2011-3439\");\n script_bugtraq_id(41663, 42151, 42241, 42285, 42621, 42624, 43700, 44214, 44643, 48619, 50155, 50643);\n script_xref(name:\"GLSA\", value:\"201201-09\");\n\n script_name(english:\"GLSA-201201-09 : FreeType: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201201-09\n(FreeType: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in FreeType. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted font,\n possibly resulting in the remote execution of arbitrary code with the\n privileges of the user running the application, or a Denial of Service.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201201-09\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All FreeType users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/freetype-2.4.8'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-libs/freetype\", unaffected:make_list(\"ge 2.4.8\"), vulnerable:make_list(\"lt 2.4.8\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"FreeType\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:03:49", "description": "Multiple vulnerabilities has been found and corrected in freetype2 :\n\nMultiple integer underflows/overflows and heap buffer overflows was discovered and fixed (CVE-2010-2497, CVE-2010-2498, CVE-2010-2499, CVE-2010-2500, CVE-2010-2519).\n\nA heap buffer overflow was discovered in the bytecode support. The bytecode support is NOT enabled per default in Mandriva due to previous patent claims, but packages by PLF is affected (CVE-2010-2520).\n\nPackages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149&products_id=4 90\n\nThe updated packages have been patched to correct these issues.", "cvss3": {"score": null, "vector": null}, "published": "2010-07-30T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : freetype2 (MDVSA-2010:137)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2497", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2500", "CVE-2010-2519", "CVE-2010-2520"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64freetype6", "p-cpe:/a:mandriva:linux:lib64freetype6-devel", "p-cpe:/a:mandriva:linux:lib64freetype6-static-devel", "p-cpe:/a:mandriva:linux:libfreetype6", "p-cpe:/a:mandriva:linux:libfreetype6-devel", "p-cpe:/a:mandriva:linux:libfreetype6-static-devel", "cpe:/o:mandriva:linux:2008.0", "cpe:/o:mandriva:linux:2009.0", "cpe:/o:mandriva:linux:2009.1", "cpe:/o:mandriva:linux:2010.0", "cpe:/o:mandriva:linux:2010.1"], "id": "MANDRIVA_MDVSA-2010-137.NASL", "href": "https://www.tenable.com/plugins/nessus/48195", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2010:137. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48195);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2010-2497\", \"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2520\");\n script_bugtraq_id(41663);\n script_xref(name:\"MDVSA\", value:\"2010:137\");\n\n script_name(english:\"Mandriva Linux Security Advisory : freetype2 (MDVSA-2010:137)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been found and corrected in freetype2 :\n\nMultiple integer underflows/overflows and heap buffer overflows was\ndiscovered and fixed (CVE-2010-2497, CVE-2010-2498, CVE-2010-2499,\nCVE-2010-2500, CVE-2010-2519).\n\nA heap buffer overflow was discovered in the bytecode support. The\nbytecode support is NOT enabled per default in Mandriva due to\nprevious patent claims, but packages by PLF is affected\n(CVE-2010-2520).\n\nPackages for 2008.0 and 2009.0 are provided as of the Extended\nMaintenance Program. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149&products_id=4\n90\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://savannah.nongnu.org/bugs/index.php?30082\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://savannah.nongnu.org/bugs/index.php?30083\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://savannah.nongnu.org/bugs/index.php?30106\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://savannah.nongnu.org/bugs/index.php?30248\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://savannah.nongnu.org/bugs/index.php?30249\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://savannah.nongnu.org/bugs/index.php?30263\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://savannah.nongnu.org/bugs/index.php?30306\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://savannah.nongnu.org/bugs/index.php?30361\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freetype6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freetype6-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freetype6-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libfreetype6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libfreetype6-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libfreetype6-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64freetype6-2.3.5-2.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64freetype6-devel-2.3.5-2.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64freetype6-static-devel-2.3.5-2.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libfreetype6-2.3.5-2.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libfreetype6-devel-2.3.5-2.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libfreetype6-static-devel-2.3.5-2.3mdv2008.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64freetype6-2.3.7-1.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64freetype6-devel-2.3.7-1.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64freetype6-static-devel-2.3.7-1.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libfreetype6-2.3.7-1.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libfreetype6-devel-2.3.7-1.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libfreetype6-static-devel-2.3.7-1.2mdv2009.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64freetype6-2.3.9-1.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64freetype6-devel-2.3.9-1.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64freetype6-static-devel-2.3.9-1.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libfreetype6-2.3.9-1.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libfreetype6-devel-2.3.9-1.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libfreetype6-static-devel-2.3.9-1.3mdv2009.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64freetype6-2.3.11-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64freetype6-devel-2.3.11-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64freetype6-static-devel-2.3.11-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libfreetype6-2.3.11-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libfreetype6-devel-2.3.11-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libfreetype6-static-devel-2.3.11-1.1mdv2010.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64freetype6-2.3.12-1.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64freetype6-devel-2.3.12-1.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64freetype6-static-devel-2.3.12-1.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libfreetype6-2.3.12-1.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libfreetype6-devel-2.3.12-1.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libfreetype6-static-devel-2.3.12-1.1mdv2010.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T14:38:55", "description": "Updated freetype packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. These packages provide the FreeType 2 font engine.\n\nIt was found that the FreeType font rendering engine improperly validated certain position values when processing input streams. If a user loaded a specially crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2805, CVE-2010-3311)\n\nA stack-based buffer overflow flaw was found in the way the FreeType font rendering engine processed some PostScript Type 1 fonts. If a user loaded a specially crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2808)\n\nAn array index error was found in the way the FreeType font rendering engine processed certain PostScript Type 42 font files. If a user loaded a specially crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2806)\n\nNote: All of the issues in this erratum only affect the FreeType 2 font engine.\n\nUsers are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2010-11-18T00:00:00", "type": "nessus", "title": "RHEL 6 : freetype (RHSA-2010:0864)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2805", "CVE-2010-2806", "CVE-2010-2808", "CVE-2010-3311"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:freetype", "p-cpe:/a:redhat:enterprise_linux:freetype-debuginfo", "p-cpe:/a:redhat:enterprise_linux:freetype-demos", "p-cpe:/a:redhat:enterprise_linux:freetype-devel", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.0"], "id": "REDHAT-RHSA-2010-0864.NASL", "href": "https://www.tenable.com/plugins/nessus/50636", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0864. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50636);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-2805\", \"CVE-2010-2806\", \"CVE-2010-2808\", \"CVE-2010-3311\");\n script_bugtraq_id(42285, 43700);\n script_xref(name:\"RHSA\", value:\"2010:0864\");\n\n script_name(english:\"RHEL 6 : freetype (RHSA-2010:0864)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated freetype packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open\nand manage font files. It also loads, hints, and renders individual\nglyphs efficiently. These packages provide the FreeType 2 font engine.\n\nIt was found that the FreeType font rendering engine improperly\nvalidated certain position values when processing input streams. If a\nuser loaded a specially crafted font file with an application linked\nagainst FreeType, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2805, CVE-2010-3311)\n\nA stack-based buffer overflow flaw was found in the way the FreeType\nfont rendering engine processed some PostScript Type 1 fonts. If a\nuser loaded a specially crafted font file with an application linked\nagainst FreeType, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2808)\n\nAn array index error was found in the way the FreeType font rendering\nengine processed certain PostScript Type 42 font files. If a user\nloaded a specially crafted font file with an application linked\nagainst FreeType, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2806)\n\nNote: All of the issues in this erratum only affect the FreeType 2\nfont engine.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be\nrestarted (log out, then log back in) for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2806\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2808\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3311\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0864\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0864\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"freetype-2.3.11-6.el6_0.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"freetype-debuginfo-2.3.11-6.el6_0.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"freetype-demos-2.3.11-6.el6_0.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"freetype-demos-2.3.11-6.el6_0.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"freetype-demos-2.3.11-6.el6_0.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"freetype-devel-2.3.11-6.el6_0.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype / freetype-debuginfo / freetype-demos / freetype-devel\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:06:56", "description": "It was found that the FreeType font rendering engine improperly validated certain position values when processing input streams. If a user loaded a specially crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2805, CVE-2010-3311)\n\nA stack-based buffer overflow flaw was found in the way the FreeType font rendering engine processed some PostScript Type 1 fonts. If a user loaded a specially crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2808)\n\nAn array index error was found in the way the FreeType font rendering engine processed certain PostScript Type 42 font files. If a user loaded a specially crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2806)\n\nNote: All of the issues in this erratum only affect the FreeType 2 font engine.\n\nThe X server must be restarted (log out, then log back in) for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : freetype on SL6.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2805", "CVE-2010-2806", "CVE-2010-2808", "CVE-2010-3311"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20101110_FREETYPE_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60890", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60890);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-2805\", \"CVE-2010-2806\", \"CVE-2010-2808\", \"CVE-2010-3311\");\n\n script_name(english:\"Scientific Linux Security Update : freetype on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was found that the FreeType font rendering engine improperly\nvalidated certain position values when processing input streams. If a\nuser loaded a specially crafted font file with an application linked\nagainst FreeType, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2805, CVE-2010-3311)\n\nA stack-based buffer overflow flaw was found in the way the FreeType\nfont rendering engine processed some PostScript Type 1 fonts. If a\nuser loaded a specially crafted font file with an application linked\nagainst FreeType, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2808)\n\nAn array index error was found in the way the FreeType font rendering\nengine processed certain PostScript Type 42 font files. If a user\nloaded a specially crafted font file with an application linked\nagainst FreeType, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2806)\n\nNote: All of the issues in this erratum only affect the FreeType 2\nfont engine.\n\nThe X server must be restarted (log out, then log back in) for this\nupdate to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1103&L=scientific-linux-errata&T=0&P=2582\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b40e30fd\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected freetype, freetype-demos and / or freetype-devel\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"freetype-2.3.11-6.el6_0.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"freetype-demos-2.3.11-6.el6_0.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"freetype-devel-2.3.11-6.el6_0.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:34:33", "description": "It was discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2010-08-18T00:00:00", "type": "nessus", "title": "Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : freetype vulnerabilities (USN-972-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1797", "CVE-2010-2541", "CVE-2010-2805", "CVE-2010-2806", "CVE-2010-2807", "CVE-2010-2808"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:freetype2-demos", "p-cpe:/a:canonical:ubuntu_linux:libfreetype6", "p-cpe:/a:canonical:ubuntu_linux:libfreetype6-dev", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "cpe:/o:canonical:ubuntu_linux:9.04", "cpe:/o:canonical:ubuntu_linux:9.10"], "id": "UBUNTU_USN-972-1.NASL", "href": "https://www.tenable.com/plugins/nessus/48361", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-972-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(48361);\n script_version(\"1.22\");\n script_cvs_date(\"Date: 2019/09/19 12:54:26\");\n\n script_cve_id(\"CVE-2010-1797\", \"CVE-2010-2541\", \"CVE-2010-2805\", \"CVE-2010-2806\", \"CVE-2010-2807\", \"CVE-2010-2808\");\n script_bugtraq_id(42241, 42285, 60740);\n script_xref(name:\"USN\", value:\"972-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : freetype vulnerabilities (USN-972-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that FreeType did not correctly handle certain\nmalformed font files. If a user were tricked into using a specially\ncrafted font file, a remote attacker could cause FreeType to crash or\npossibly execute arbitrary code with user privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/972-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected freetype2-demos, libfreetype6 and / or\nlibfreetype6-dev packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:freetype2-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libfreetype6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libfreetype6-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/08/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(6\\.06|8\\.04|9\\.04|9\\.10|10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 8.04 / 9.04 / 9.10 / 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"freetype2-demos\", pkgver:\"2.1.10-1ubuntu2.8\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libfreetype6\", pkgver:\"2.1.10-1ubuntu2.8\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libfreetype6-dev\", pkgver:\"2.1.10-1ubuntu2.8\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"freetype2-demos\", pkgver:\"2.3.5-1ubuntu4.8.04.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libfreetype6\", pkgver:\"2.3.5-1ubuntu4.8.04.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libfreetype6-dev\", pkgver:\"2.3.5-1ubuntu4.8.04.4\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"freetype2-demos\", pkgver:\"2.3.9-4ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libfreetype6\", pkgver:\"2.3.9-4ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libfreetype6-dev\", pkgver:\"2.3.9-4ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"freetype2-demos\", pkgver:\"2.3.9-5ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libfreetype6\", pkgver:\"2.3.9-5ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libfreetype6-dev\", pkgver:\"2.3.9-5ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"freetype2-demos\", pkgver:\"2.3.11-1ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libfreetype6\", pkgver:\"2.3.11-1ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libfreetype6-dev\", pkgver:\"2.3.11-1ubuntu2.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype2-demos / libfreetype6 / libfreetype6-dev\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:34:58", "description": "Updated freetype packages that fix various security issues are now available for Red Hat Enterprise Linux 3.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. These packages provide both the FreeType 1 and FreeType 2 font engines.\n\nAn integer overflow flaw was found in the way the FreeType font engine processed font files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2500)\n\nSeveral buffer overflow flaws were found in the FreeType demo applications. If a user loaded a carefully-crafted font file with a demo application, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2527, CVE-2010-2541)\n\nRed Hat would like to thank Robert Swiecki of the Google Security Team for the discovery of the CVE-2010-2500 and CVE-2010-2527 issues.\n\nNote: All of the issues in this erratum only affect the FreeType 2 font engine.\n\nUsers are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2010-08-17T00:00:00", "type": "nessus", "title": "CentOS 3 : freetype (CESA-2010:0577)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2500", "CVE-2010-2527", "CVE-2010-2541"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:freetype", "p-cpe:/a:centos:centos:freetype-demos", "p-cpe:/a:centos:centos:freetype-devel", "p-cpe:/a:centos:centos:freetype-utils", "cpe:/o:centos:centos:3"], "id": "CENTOS_RHSA-2010-0577.NASL", "href": "https://www.tenable.com/plugins/nessus/48343", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0577 and \n# CentOS Errata and Security Advisory 2010:0577 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48343);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2010-2500\", \"CVE-2010-2527\", \"CVE-2010-2541\");\n script_bugtraq_id(41663, 60740, 60750);\n script_xref(name:\"RHSA\", value:\"2010:0577\");\n\n script_name(english:\"CentOS 3 : freetype (CESA-2010:0577)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated freetype packages that fix various security issues are now\navailable for Red Hat Enterprise Linux 3.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open\nand manage font files. It also loads, hints, and renders individual\nglyphs efficiently. These packages provide both the FreeType 1 and\nFreeType 2 font engines.\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed font files. If a user loaded a carefully-crafted font file\nwith an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2500)\n\nSeveral buffer overflow flaws were found in the FreeType demo\napplications. If a user loaded a carefully-crafted font file with a\ndemo application, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2527, CVE-2010-2541)\n\nRed Hat would like to thank Robert Swiecki of the Google Security Team\nfor the discovery of the CVE-2010-2500 and CVE-2010-2527 issues.\n\nNote: All of the issues in this erratum only affect the FreeType 2\nfont engine.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be\nrestarted (log out, then log back in) for this update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-August/016920.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?122b5a41\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-August/016921.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a85b27d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freetype packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freetype-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freetype-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freetype-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 3.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"freetype-2.1.4-15.el3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"freetype-2.1.4-15.el3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"freetype-demos-2.1.4-15.el3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"freetype-demos-2.1.4-15.el3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"freetype-devel-2.1.4-15.el3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"freetype-devel-2.1.4-15.el3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"freetype-utils-2.1.4-15.el3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"freetype-utils-2.1.4-15.el3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype / freetype-demos / freetype-devel / freetype-utils\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T14:09:14", "description": "FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. These packages provide both the FreeType 1 and FreeType 2 font engines.\n\nAn integer overflow flaw was found in the way the FreeType font engine processed font files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2500)\n\nSeveral buffer overflow flaws were found in the FreeType demo applications. If a user loaded a carefully-crafted font file with a demo application, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2527, CVE-2010-2541)\n\nWe would like to thank Robert Swiecki of the Google Security Team for the discovery of the CVE-2010-2500 and CVE-2010-2527 issues.\n\nNote: All of the issues in this erratum only affect the FreeType 2 font engine.\n\nUsers are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : freetype on SL3", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2500", "CVE-2010-2527", "CVE-2010-2541"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20100730_FREETYPE_ON_SL3.NASL", "href": "https://www.tenable.com/plugins/nessus/60826", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60826);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-2500\", \"CVE-2010-2527\", \"CVE-2010-2541\");\n\n script_name(english:\"Scientific Linux Security Update : freetype on SL3\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"FreeType is a free, high-quality, portable font engine that can open\nand manage font files. It also loads, hints, and renders individual\nglyphs efficiently. These packages provide both the FreeType 1 and\nFreeType 2 font engines.\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed font files. If a user loaded a carefully-crafted font file\nwith an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2500)\n\nSeveral buffer overflow flaws were found in the FreeType demo\napplications. If a user loaded a carefully-crafted font file with a\ndemo application, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2527, CVE-2010-2541)\n\nWe would like to thank Robert Swiecki of the Google Security Team for\nthe discovery of the CVE-2010-2500 and CVE-2010-2527 issues.\n\nNote: All of the issues in this erratum only affect the FreeType 2\nfont engine.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be\nrestarted (log out, then log back in) for this update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1008&L=scientific-linux-errata&T=0&P=77\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?627cc76b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freetype and / or freetype-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL3\", reference:\"freetype-2.1.4-15.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"freetype-devel-2.1.4-15.el3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T14:34:34", "description": "Updated freetype packages that fix various security issues are now available for Red Hat Enterprise Linux 3.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. These packages provide both the FreeType 1 and FreeType 2 font engines.\n\nAn integer overflow flaw was found in the way the FreeType font engine processed font files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2500)\n\nSeveral buffer overflow flaws were found in the FreeType demo applications. If a user loaded a carefully-crafted font file with a demo application, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2527, CVE-2010-2541)\n\nRed Hat would like to thank Robert Swiecki of the Google Security Team for the discovery of the CVE-2010-2500 and CVE-2010-2527 issues.\n\nNote: All of the issues in this erratum only affect the FreeType 2 font engine.\n\nUsers are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2010-08-02T00:00:00", "type": "nessus", "title": "RHEL 3 : freetype (RHSA-2010:0577)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2500", "CVE-2010-2527", "CVE-2010-2541"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:freetype", "p-cpe:/a:redhat:enterprise_linux:freetype-devel", "cpe:/o:redhat:enterprise_linux:3"], "id": "REDHAT-RHSA-2010-0577.NASL", "href": "https://www.tenable.com/plugins/nessus/48211", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0577. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48211);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-2500\", \"CVE-2010-2527\", \"CVE-2010-2541\");\n script_bugtraq_id(41663, 60740, 60750);\n script_xref(name:\"RHSA\", value:\"2010:0577\");\n\n script_name(english:\"RHEL 3 : freetype (RHSA-2010:0577)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated freetype packages that fix various security issues are now\navailable for Red Hat Enterprise Linux 3.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open\nand manage font files. It also loads, hints, and renders individual\nglyphs efficiently. These packages provide both the FreeType 1 and\nFreeType 2 font engines.\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed font files. If a user loaded a carefully-crafted font file\nwith an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2500)\n\nSeveral buffer overflow flaws were found in the FreeType demo\napplications. If a user loaded a carefully-crafted font file with a\ndemo application, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2527, CVE-2010-2541)\n\nRed Hat would like to thank Robert Swiecki of the Google Security Team\nfor the discovery of the CVE-2010-2500 and CVE-2010-2527 issues.\n\nNote: All of the issues in this erratum only affect the FreeType 2\nfont engine.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be\nrestarted (log out, then log back in) for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2500\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2527\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2541\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0577\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freetype and / or freetype-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0577\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"freetype-2.1.4-15.el3\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"freetype-devel-2.1.4-15.el3\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype / freetype-devel\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T14:12:43", "description": "From Red Hat Security Advisory 2010:0577 :\n\nUpdated freetype packages that fix various security issues are now available for Red Hat Enterprise Linux 3.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. These packages provide both the FreeType 1 and FreeType 2 font engines.\n\nAn integer overflow flaw was found in the way the FreeType font engine processed font files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2500)\n\nSeveral buffer overflow flaws were found in the FreeType demo applications. If a user loaded a carefully-crafted font file with a demo application, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2527, CVE-2010-2541)\n\nRed Hat would like to thank Robert Swiecki of the Google Security Team for the discovery of the CVE-2010-2500 and CVE-2010-2527 issues.\n\nNote: All of the issues in this erratum only affect the FreeType 2 font engine.\n\nUsers are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 3 : freetype (ELSA-2010-0577)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2500", "CVE-2010-2527", "CVE-2010-2541"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:freetype", "p-cpe:/a:oracle:linux:freetype-devel", "cpe:/o:oracle:linux:3"], "id": "ORACLELINUX_ELSA-2010-0577.NASL", "href": "https://www.tenable.com/plugins/nessus/68074", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2010:0577 and \n# Oracle Linux Security Advisory ELSA-2010-0577 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68074);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-2500\", \"CVE-2010-2527\", \"CVE-2010-2541\");\n script_bugtraq_id(41663, 60740, 60750);\n script_xref(name:\"RHSA\", value:\"2010:0577\");\n\n script_name(english:\"Oracle Linux 3 : freetype (ELSA-2010-0577)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2010:0577 :\n\nUpdated freetype packages that fix various security issues are now\navailable for Red Hat Enterprise Linux 3.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open\nand manage font files. It also loads, hints, and renders individual\nglyphs efficiently. These packages provide both the FreeType 1 and\nFreeType 2 font engines.\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed font files. If a user loaded a carefully-crafted font file\nwith an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2500)\n\nSeveral buffer overflow flaws were found in the FreeType demo\napplications. If a user loaded a carefully-crafted font file with a\ndemo application, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2527, CVE-2010-2541)\n\nRed Hat would like to thank Robert Swiecki of the Google Security Team\nfor the discovery of the CVE-2010-2500 and CVE-2010-2527 issues.\n\nNote: All of the issues in this erratum only affect the FreeType 2\nfont engine.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be\nrestarted (log out, then log back in) for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-July/001574.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freetype packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:freetype-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"freetype-2.1.4-15.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"freetype-2.1.4-15.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"freetype-devel-2.1.4-15.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"freetype-devel-2.1.4-15.el3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype / freetype-devel\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T14:35:58", "description": "Several vulnerabilities have been discovered in the FreeType font library. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2010-1797 Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted CFF opcodes in embedded fonts in a PDF document, as demonstrated by JailbreakMe.\n\n - CVE-2010-2541 Buffer overflow in ftmulti.c in the ftmulti demo program in FreeType allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.\n\n - CVE-2010-2805 The FT_Stream_EnterFrame function in base/ftstream.c in FreeType does not properly validate certain position values, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file\n\n - CVE-2010-2806 Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via negative size values for certain strings in FontType42 font files, leading to a heap-based buffer overflow.\n\n - CVE-2010-2807 FreeType uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.\n\n - CVE-2010-2808 Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Adobe Type 1 Mac Font File (aka LWFN) font.\n\n - CVE-2010-3053 bdf/bdflib.c in FreeType allows remote attackers to cause a denial of service (application crash) via a crafted BDF font file, related to an attempted modification of a value in a static string.", "cvss3": {"score": null, "vector": null}, "published": "2010-09-09T00:00:00", "type": "nessus", "title": "Debian DSA-2105-1 : freetype - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1797", "CVE-2010-2541", "CVE-2010-2805", "CVE-2010-2806", "CVE-2010-2807", "CVE-2010-2808", "CVE-2010-3053"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:freetype", "cpe:/o:debian:debian_linux:5.0"], "id": "DEBIAN_DSA-2105.NASL", "href": "https://www.tenable.com/plugins/nessus/49150", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2105. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49150);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2010-1797\", \"CVE-2010-2541\", \"CVE-2010-2805\", \"CVE-2010-2806\", \"CVE-2010-2807\", \"CVE-2010-2808\", \"CVE-2010-3053\");\n script_bugtraq_id(42241, 42285, 42624);\n script_xref(name:\"DSA\", value:\"2105\");\n\n script_name(english:\"Debian DSA-2105-1 : freetype - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the FreeType font\nlibrary. The Common Vulnerabilities and Exposures project identifies\nthe following problems :\n\n - CVE-2010-1797\n Multiple stack-based buffer overflows in the\n cff_decoder_parse_charstrings function in the CFF Type2\n CharStrings interpreter in cff/cffgload.c in FreeType\n allow remote attackers to execute arbitrary code or\n cause a denial of service (memory corruption) via\n crafted CFF opcodes in embedded fonts in a PDF document,\n as demonstrated by JailbreakMe.\n\n - CVE-2010-2541\n Buffer overflow in ftmulti.c in the ftmulti demo program\n in FreeType allows remote attackers to cause a denial of\n service (application crash) or possibly execute\n arbitrary code via a crafted font file.\n\n - CVE-2010-2805\n The FT_Stream_EnterFrame function in base/ftstream.c in\n FreeType does not properly validate certain position\n values, which allows remote attackers to cause a denial\n of service (application crash) or possibly execute\n arbitrary code via a crafted font file\n\n - CVE-2010-2806\n Array index error in the t42_parse_sfnts function in\n type42/t42parse.c in FreeType allows remote attackers to\n cause a denial of service (application crash) or\n possibly execute arbitrary code via negative size values\n for certain strings in FontType42 font files, leading to\n a heap-based buffer overflow.\n\n - CVE-2010-2807\n FreeType uses incorrect integer data types during bounds\n checking, which allows remote attackers to cause a\n denial of service (application crash) or possibly\n execute arbitrary code via a crafted font file.\n\n - CVE-2010-2808\n Buffer overflow in the Mac_Read_POST_Resource function\n in base/ftobjs.c in FreeType allows remote attackers to\n cause a denial of service (memory corruption and\n application crash) or possibly execute arbitrary code\n via a crafted Adobe Type 1 Mac Font File (aka LWFN)\n font.\n\n - CVE-2010-3053\n bdf/bdflib.c in FreeType allows remote attackers to\n cause a denial of service (application crash) via a\n crafted BDF font file, related to an attempted\n modification of a value in a static string.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-1797\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-2541\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-2805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-2806\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-2807\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-2808\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-3053\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2010/dsa-2105\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the freetype package.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.3.7-2+lenny3\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/09/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/09/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"freetype2-demos\", reference:\"2.3.7-2+lenny3\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libfreetype6\", reference:\"2.3.7-2+lenny3\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libfreetype6-dev\", reference:\"2.3.7-2+lenny3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:14:01", "description": "From Red Hat Security Advisory 2010:0737 :\n\nUpdated freetype packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for Red Hat Enterprise Linux 5 provide only the FreeType 2 font engine.\n\nIt was discovered that the FreeType font rendering engine improperly validated certain position values when processing input streams. If a user loaded a specially crafted font file with an application linked against FreeType, and the relevant font glyphs were subsequently rendered with the X FreeType library (libXft), it could trigger a heap-based buffer overflow in the libXft library, causing the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-3311)\n\nA stack-based buffer overflow flaw was found in the way the FreeType font rendering engine processed some PostScript Type 1 fonts. If a user loaded a specially crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2808)\n\nAn array index error was found in the way the FreeType font rendering engine processed certain PostScript Type 42 font files. If a user loaded a specially crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2806)\n\nA stack overflow flaw was found in the way the FreeType font rendering engine processed PostScript Type 1 font files that contain nested Standard Encoding Accented Character (seac) calls. If a user loaded a specially crafted font file with an application linked against FreeType, it could cause the application to crash. (CVE-2010-3054)\n\nNote: All of the issues in this erratum only affect the FreeType 2 font engine.\n\nUsers are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 4 / 5 : freetype (ELSA-2010-0737)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2806", "CVE-2010-2808", "CVE-2010-3054", "CVE-2010-3311"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:freetype", "p-cpe:/a:oracle:linux:freetype-demos", "p-cpe:/a:oracle:linux:freetype-devel", "p-cpe:/a:oracle:linux:freetype-utils", "cpe:/o:oracle:linux:4", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2010-0737.NASL", "href": "https://www.tenable.com/plugins/nessus/68108", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2010:0737 and \n# Oracle Linux Security Advisory ELSA-2010-0737 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68108);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-2806\", \"CVE-2010-2808\", \"CVE-2010-3054\", \"CVE-2010-3311\");\n script_xref(name:\"RHSA\", value:\"2010:0737\");\n\n script_name(english:\"Oracle Linux 4 / 5 : freetype (ELSA-2010-0737)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2010:0737 :\n\nUpdated freetype packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open\nand manage font files. It also loads, hints, and renders individual\nglyphs efficiently. The freetype packages for Red Hat Enterprise Linux\n4 provide both the FreeType 1 and FreeType 2 font engines. The\nfreetype packages for Red Hat Enterprise Linux 5 provide only the\nFreeType 2 font engine.\n\nIt was discovered that the FreeType font rendering engine improperly\nvalidated certain position values when processing input streams. If a\nuser loaded a specially crafted font file with an application linked\nagainst FreeType, and the relevant font glyphs were subsequently\nrendered with the X FreeType library (libXft), it could trigger a\nheap-based buffer overflow in the libXft library, causing the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-3311)\n\nA stack-based buffer overflow flaw was found in the way the FreeType\nfont rendering engine processed some PostScript Type 1 fonts. If a\nuser loaded a specially crafted font file with an application linked\nagainst FreeType, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2808)\n\nAn array index error was found in the way the FreeType font rendering\nengine processed certain PostScript Type 42 font files. If a user\nloaded a specially crafted font file with an application linked\nagainst FreeType, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2806)\n\nA stack overflow flaw was found in the way the FreeType font rendering\nengine processed PostScript Type 1 font files that contain nested\nStandard Encoding Accented Character (seac) calls. If a user loaded a\nspecially crafted font file with an application linked against\nFreeType, it could cause the application to crash. (CVE-2010-3054)\n\nNote: All of the issues in this erratum only affect the FreeType 2\nfont engine.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be\nrestarted (log out, then log back in) for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-October/001668.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-October/001669.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freetype packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:freetype-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:freetype-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:freetype-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4 / 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"freetype-2.1.9-17.el4.8\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"freetype-demos-2.1.9-17.el4.8\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"freetype-devel-2.1.9-17.el4.8\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"freetype-utils-2.1.9-17.el4.8\")) flag++;\n\nif (rpm_check(release:\"EL5\", reference:\"freetype-2.2.1-28.el5_5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"freetype-demos-2.2.1-28.el5_5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"freetype-devel-2.2.1-28.el5_5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype / freetype-demos / freetype-devel / freetype-utils\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:36:31", "description": "Updated freetype packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for Red Hat Enterprise Linux 5 provide only the FreeType 2 font engine.\n\nIt was discovered that the FreeType font rendering engine improperly validated certain position values when processing input streams. If a user loaded a specially crafted font file with an application linked against FreeType, and the relevant font glyphs were subsequently rendered with the X FreeType library (libXft), it could trigger a heap-based buffer overflow in the libXft library, causing the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-3311)\n\nA stack-based buffer overflow flaw was found in the way the FreeType font rendering engine processed some PostScript Type 1 fonts. If a user loaded a specially crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2808)\n\nAn array index error was found in the way the FreeType font rendering engine processed certain PostScript Type 42 font files. If a user loaded a specially crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2806)\n\nA stack overflow flaw was found in the way the FreeType font rendering engine processed PostScript Type 1 font files that contain nested Standard Encoding Accented Character (seac) calls. If a user loaded a specially crafted font file with an application linked against FreeType, it could cause the application to crash. (CVE-2010-3054)\n\nNote: All of the issues in this erratum only affect the FreeType 2 font engine.\n\nUsers are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2010-10-06T00:00:00", "type": "nessus", "title": "RHEL 4 / 5 : freetype (RHSA-2010:0737)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2806", "CVE-2010-2808", "CVE-2010-3054", "CVE-2010-3311"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:freetype", "p-cpe:/a:redhat:enterprise_linux:freetype-demos", "p-cpe:/a:redhat:enterprise_linux:freetype-devel", "p-cpe:/a:redhat:enterprise_linux:freetype-utils", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:4.8", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2010-0737.NASL", "href": "https://www.tenable.com/plugins/nessus/49749", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0737. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49749);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-2806\", \"CVE-2010-2808\", \"CVE-2010-3054\", \"CVE-2010-3311\");\n script_xref(name:\"RHSA\", value:\"2010:0737\");\n\n script_name(english:\"RHEL 4 / 5 : freetype (RHSA-2010:0737)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated freetype packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open\nand manage font files. It also loads, hints, and renders individual\nglyphs efficiently. The freetype packages for Red Hat Enterprise Linux\n4 provide both the FreeType 1 and FreeType 2 font engines. The\nfreetype packages for Red Hat Enterprise Linux 5 provide only the\nFreeType 2 font engine.\n\nIt was discovered that the FreeType font rendering engine improperly\nvalidated certain position values when processing input streams. If a\nuser loaded a specially crafted font file with an application linked\nagainst FreeType, and the relevant font glyphs were subsequently\nrendered with the X FreeType library (libXft), it could trigger a\nheap-based buffer overflow in the libXft library, causing the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-3311)\n\nA stack-based buffer overflow flaw was found in the way the FreeType\nfont rendering engine processed some PostScript Type 1 fonts. If a\nuser loaded a specially crafted font file with an application linked\nagainst FreeType, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2808)\n\nAn array index error was found in the way the FreeType font rendering\nengine processed certain PostScript Type 42 font files. If a user\nloaded a specially crafted font file with an application linked\nagainst FreeType, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2806)\n\nA stack overflow flaw was found in the way the FreeType font rendering\nengine processed PostScript Type 1 font files that contain nested\nStandard Encoding Accented Character (seac) calls. If a user loaded a\nspecially crafted font file with an application linked against\nFreeType, it could cause the application to crash. (CVE-2010-3054)\n\nNote: All of the issues in this erratum only affect the FreeType 2\nfont engine.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be\nrestarted (log out, then log back in) for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2806\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2808\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3054\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3311\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0737\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0737\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"freetype-2.1.9-17.el4.8\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"freetype-demos-2.1.9-17.el4.8\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"freetype-devel-2.1.9-17.el4.8\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"freetype-utils-2.1.9-17.el4.8\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", reference:\"freetype-2.2.1-28.el5_5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"freetype-demos-2.2.1-28.el5_5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"freetype-demos-2.2.1-28.el5_5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"freetype-demos-2.2.1-28.el5_5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"freetype-devel-2.2.1-28.el5_5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype / freetype-demos / freetype-devel / freetype-utils\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:37:45", "description": "Updated freetype packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for Red Hat Enterprise Linux 5 provide only the FreeType 2 font engine.\n\nIt was discovered that the FreeType font rendering engine improperly validated certain position values when processing input streams. If a user loaded a specially crafted font file with an application linked against FreeType, and the relevant font glyphs were subsequently rendered with the X FreeType library (libXft), it could trigger a heap-based buffer overflow in the libXft library, causing the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-3311)\n\nA stack-based buffer overflow flaw was found in the way the FreeType font rendering engine processed some PostScript Type 1 fonts. If a user loaded a specially crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2808)\n\nAn array index error was found in the way the FreeType font rendering engine processed certain PostScript Type 42 font files. If a user loaded a specially crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2806)\n\nA stack overflow flaw was found in the way the FreeType font rendering engine processed PostScript Type 1 font files that contain nested Standard Encoding Accented Character (seac) calls. If a user loaded a specially crafted font file with an application linked against FreeType, it could cause the application to crash. (CVE-2010-3054)\n\nNote: All of the issues in this erratum only affect the FreeType 2 font engine.\n\nUsers are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2010-10-06T00:00:00", "type": "nessus", "title": "CentOS 4 / 5 : freetype (CESA-2010:0737)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2806", "CVE-2010-2808", "CVE-2010-3054", "CVE-2010-3311"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:freetype", "p-cpe:/a:centos:centos:freetype-demos", "p-cpe:/a:centos:centos:freetype-devel", "p-cpe:/a:centos:centos:freetype-utils", "cpe:/o:centos:centos:4", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2010-0737.NASL", "href": "https://www.tenable.com/plugins/nessus/49716", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0737 and \n# CentOS Errata and Security Advisory 2010:0737 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49716);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2010-2806\", \"CVE-2010-2808\", \"CVE-2010-3054\", \"CVE-2010-3311\");\n script_xref(name:\"RHSA\", value:\"2010:0737\");\n\n script_name(english:\"CentOS 4 / 5 : freetype (CESA-2010:0737)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated freetype packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open\nand manage font files. It also loads, hints, and renders individual\nglyphs efficiently. The freetype packages for Red Hat Enterprise Linux\n4 provide both the FreeType 1 and FreeType 2 font engines. The\nfreetype packages for Red Hat Enterprise Linux 5 provide only the\nFreeType 2 font engine.\n\nIt was discovered that the FreeType font rendering engine improperly\nvalidated certain position values when processing input streams. If a\nuser loaded a specially crafted font file with an application linked\nagainst FreeType, and the relevant font glyphs were subsequently\nrendered with the X FreeType library (libXft), it could trigger a\nheap-based buffer overflow in the libXft library, causing the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-3311)\n\nA stack-based buffer overflow flaw was found in the way the FreeType\nfont rendering engine processed some PostScript Type 1 fonts. If a\nuser loaded a specially crafted font file with an application linked\nagainst FreeType, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2808)\n\nAn array index error was found in the way the FreeType font rendering\nengine processed certain PostScript Type 42 font files. If a user\nloaded a specially crafted font file with an application linked\nagainst FreeType, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2806)\n\nA stack overflow flaw was found in the way the FreeType font rendering\nengine processed PostScript Type 1 font files that contain nested\nStandard Encoding Accented Character (seac) calls. If a user loaded a\nspecially crafted font file with an application linked against\nFreeType, it could cause the application to crash. (CVE-2010-3054)\n\nNote: All of the issues in this erratum only affect the FreeType 2\nfont engine.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be\nrestarted (log out, then log back in) for this update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-October/017033.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5694265b\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-October/017034.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?59d11cc1\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-October/017039.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8a09b256\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-October/017040.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dcb84293\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freetype packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freetype-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freetype-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freetype-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x / 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"freetype-2.1.9-17.el4.8\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"freetype-2.1.9-17.el4.8\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"freetype-demos-2.1.9-17.el4.8\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"freetype-demos-2.1.9-17.el4.8\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"freetype-devel-2.1.9-17.el4.8\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"freetype-devel-2.1.9-17.el4.8\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"freetype-utils-2.1.9-17.el4.8\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"freetype-utils-2.1.9-17.el4.8\")) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"freetype-2.2.1-28.el5_5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"freetype-demos-2.2.1-28.el5_5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"freetype-devel-2.2.1-28.el5_5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype / freetype-demos / freetype-devel / freetype-utils\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:06:08", "description": "It was discovered that the FreeType font rendering engine improperly validated certain position values when processing input streams. If a user loaded a specially crafted font file with an application linked against FreeType, and the relevant font glyphs were subsequently rendered with the X FreeType library (libXft), it could trigger a heap-based buffer overflow in the libXft library, causing the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-3311)\n\nA stack-based buffer overflow flaw was found in the way the FreeType font rendering engine processed some PostScript Type 1 fonts. If a user loaded a specially crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2808) (SLF4 and SLF5 only)\n\nAn array index error was found in the way the FreeType font rendering engine processed certain PostScript Type 42 font files. If a user loaded a specially crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2806)\n\nA stack overflow flaw was found in the way the FreeType font rendering engine processed PostScript Type 1 font files that contain nested Standard Encoding Accented Character (seac) calls. If a user loaded a specially crafted font file with an application linked against FreeType, it could cause the application to crash. (CVE-2010-3054)\n\nNote: All of the issues in this erratum only affect the FreeType 2 font engine.\n\nThe X server must be restarted (log out, then log back in) for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : freetype on SL3.x, SL4.x, SL5.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2806", "CVE-2010-2808", "CVE-2010-3054", "CVE-2010-3311"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20101004_FREETYPE_ON_SL3_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60861", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60861);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-2806\", \"CVE-2010-2808\", \"CVE-2010-3054\", \"CVE-2010-3311\");\n\n script_name(english:\"Scientific Linux Security Update : freetype on SL3.x, SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the FreeType font rendering engine improperly\nvalidated certain position values when processing input streams. If a\nuser loaded a specially crafted font file with an application linked\nagainst FreeType, and the relevant font glyphs were subsequently\nrendered with the X FreeType library (libXft), it could trigger a\nheap-based buffer overflow in the libXft library, causing the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-3311)\n\nA stack-based buffer overflow flaw was found in the way the FreeType\nfont rendering engine processed some PostScript Type 1 fonts. If a\nuser loaded a specially crafted font file with an application linked\nagainst FreeType, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2808) (SLF4 and SLF5 only)\n\nAn array index error was found in the way the FreeType font rendering\nengine processed certain PostScript Type 42 font files. If a user\nloaded a specially crafted font file with an application linked\nagainst FreeType, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2806)\n\nA stack overflow flaw was found in the way the FreeType font rendering\nengine processed PostScript Type 1 font files that contain nested\nStandard Encoding Accented Character (seac) calls. If a user loaded a\nspecially crafted font file with an application linked against\nFreeType, it could cause the application to crash. (CVE-2010-3054)\n\nNote: All of the issues in this erratum only affect the FreeType 2\nfont engine.\n\nThe X server must be restarted (log out, then log back in) for this\nupdate to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1010&L=scientific-linux-errata&T=0&P=78\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dff9571a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL3\", reference:\"freetype-2.1.4-18.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"freetype-demos-2.1.4-18.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"freetype-devel-2.1.4-18.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"freetype-utils-2.1.4-18.el3\")) flag++;\n\nif (rpm_check(release:\"SL4\", reference:\"freetype-2.1.9-17.el4.8\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"freetype-demos-2.1.9-17.el4.8\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"freetype-devel-2.1.9-17.el4.8\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"freetype-utils-2.1.9-17.el4.8\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"freetype-2.2.1-28.el5_5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"freetype-demos-2.2.1-28.el5_5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"freetype-devel-2.2.1-28.el5_5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T15:28:51", "description": "A vulnerability was discovered and corrected in freetype2 :\n\nMarc Schoenefeld found an input stream position error in the way FreeType font rendering engine processed input file streams. If a user loaded a specially crafted font file with an application linked against FreeType and relevant font glyphs were subsequently rendered with the X FreeType library (libXft), it could cause the application to crash or, possibly execute arbitrary code (integer overflow leading to heap-based buffer overflow in the libXft library) with the privileges of the user running the application. Different vulnerability than CVE-2010-1797 (CVE-2010-3311).\n\nPackages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149&products_id=4 90\n\nThe updated packages have been patched to correct this issue.", "cvss3": {"score": null, "vector": null}, "published": "2010-10-14T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : freetype2 (MDVSA-2010:201)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1797", "CVE-2010-3311"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64freetype6", "p-cpe:/a:mandriva:linux:lib64freetype6-devel", "p-cpe:/a:mandriva:linux:lib64freetype6-static-devel", "p-cpe:/a:mandriva:linux:libfreetype6", "p-cpe:/a:mandriva:linux:libfreetype6-devel", "p-cpe:/a:mandriva:linux:libfreetype6-static-devel", "cpe:/o:mandriva:linux:2009.0", "cpe:/o:mandriva:linux:2009.1", "cpe:/o:mandriva:linux:2010.0", "cpe:/o:mandriva:linux:2010.1"], "id": "MANDRIVA_MDVSA-2010-201.NASL", "href": "https://www.tenable.com/plugins/nessus/49971", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2010:201. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49971);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2010-3311\");\n script_bugtraq_id(43700);\n script_xref(name:\"MDVSA\", value:\"2010:201\");\n\n script_name(english:\"Mandriva Linux Security Advisory : freetype2 (MDVSA-2010:201)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability was discovered and corrected in freetype2 :\n\nMarc Schoenefeld found an input stream position error in the way\nFreeType font rendering engine processed input file streams. If a user\nloaded a specially crafted font file with an application linked\nagainst FreeType and relevant font glyphs were subsequently rendered\nwith the X FreeType library (libXft), it could cause the application\nto crash or, possibly execute arbitrary code (integer overflow leading\nto heap-based buffer overflow in the libXft library) with the\nprivileges of the user running the application. Different\nvulnerability than CVE-2010-1797 (CVE-2010-3311).\n\nPackages for 2009.0 are provided as of the Extended Maintenance\nProgram. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149&products_id=4\n90\n\nThe updated packages have been patched to correct this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freetype6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freetype6-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freetype6-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libfreetype6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libfreetype6-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libfreetype6-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64freetype6-2.3.7-1.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64freetype6-devel-2.3.7-1.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64freetype6-static-devel-2.3.7-1.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libfreetype6-2.3.7-1.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libfreetype6-devel-2.3.7-1.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libfreetype6-static-devel-2.3.7-1.5mdv2009.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64freetype6-2.3.9-1.6mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64freetype6-devel-2.3.9-1.6mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64freetype6-static-devel-2.3.9-1.6mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libfreetype6-2.3.9-1.6mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libfreetype6-devel-2.3.9-1.6mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libfreetype6-static-devel-2.3.9-1.6mdv2009.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64freetype6-2.3.11-1.4mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64freetype6-devel-2.3.11-1.4mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64freetype6-static-devel-2.3.11-1.4mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libfreetype6-2.3.11-1.4mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libfreetype6-devel-2.3.11-1.4mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libfreetype6-static-devel-2.3.11-1.4mdv2010.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64freetype6-2.3.12-1.4mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64freetype6-devel-2.3.12-1.4mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64freetype6-static-devel-2.3.12-1.4mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libfreetype6-2.3.12-1.4mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libfreetype6-devel-2.3.12-1.4mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libfreetype6-static-devel-2.3.12-1.4mdv2010.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:33:52", "description": "Multiple vulnerabilities has been found and corrected in freetype2 :\n\nThe FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file (CVE-2010-2805).\n\nArray index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via negative size values for certain strings in FontType42 font files, leading to a heap-based buffer overflow (CVE-2010-2806).\n\nFreeType before 2.4.2 uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file (CVE-2010-2807).\n\nBuffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Adobe Type 1 Mac Font File (aka LWFN) font (CVE-2010-2808).\n\nbdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) via a crafted BDF font file, related to an attempted modification of a value in a static string (CVE-2010-3053).\n\nThe updated packages have been patched to correct these issues.", "cvss3": {"score": null, "vector": null}, "published": "2010-08-23T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : freetype2 (MDVSA-2010:157)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2805", "CVE-2010-2806", "CVE-2010-2807", "CVE-2010-2808", "CVE-2010-3053"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64freetype6", "p-cpe:/a:mandriva:linux:lib64freetype6-devel", "p-cpe:/a:mandriva:linux:lib64freetype6-static-devel", "p-cpe:/a:mandriva:linux:libfreetype6", "p-cpe:/a:mandriva:linux:libfreetype6-devel", "p-cpe:/a:mandriva:linux:libfreetype6-static-devel", "cpe:/o:mandriva:linux:2010.0", "cpe:/o:mandriva:linux:2010.1"], "id": "MANDRIVA_MDVSA-2010-157.NASL", "href": "https://www.tenable.com/plugins/nessus/48403", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2010:157. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48403);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2010-2805\",\n \"CVE-2010-2806\",\n \"CVE-2010-2807\",\n \"CVE-2010-3053\"\n );\n script_bugtraq_id(42285);\n script_xref(name:\"MDVSA\", value:\"2010:157\");\n\n script_name(english:\"Mandriva Linux Security Advisory : freetype2 (MDVSA-2010:157)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been found and corrected in freetype2 :\n\nThe FT_Stream_EnterFrame function in base/ftstream.c in FreeType\nbefore 2.4.2 does not properly validate certain position values, which\nallows remote attackers to cause a denial of service (application\ncrash) or possibly execute arbitrary code via a crafted font file\n(CVE-2010-2805).\n\nArray index error in the t42_parse_sfnts function in type42/t42parse.c\nin FreeType before 2.4.2 allows remote attackers to cause a denial of\nservice (application crash) or possibly execute arbitrary code via\nnegative size values for certain strings in FontType42 font files,\nleading to a heap-based buffer overflow (CVE-2010-2806).\n\nFreeType before 2.4.2 uses incorrect integer data types during bounds\nchecking, which allows remote attackers to cause a denial of service\n(application crash) or possibly execute arbitrary code via a crafted\nfont file (CVE-2010-2807).\n\nBuffer overflow in the Mac_Read_POST_Resource function in\nbase/ftobjs.c in FreeType before 2.4.2 allows remote attackers to\ncause a denial of service (memory corruption and application crash) or\npossibly execute arbitrary code via a crafted Adobe Type 1 Mac Font\nFile (aka LWFN) font (CVE-2010-2808).\n\nbdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause\na denial of service (application crash) via a crafted BDF font file,\nrelated to an attempted modification of a value in a static string\n(CVE-2010-3053).\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freetype6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freetype6-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freetype6-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libfreetype6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libfreetype6-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libfreetype6-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64freetype6-2.3.11-1.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64freetype6-devel-2.3.11-1.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64freetype6-static-devel-2.3.11-1.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libfreetype6-2.3.11-1.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libfreetype6-devel-2.3.11-1.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libfreetype6-static-devel-2.3.11-1.3mdv2010.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64freetype6-2.3.12-1.3mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64freetype6-devel-2.3.12-1.3mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64freetype6-static-devel-2.3.12-1.3mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libfreetype6-2.3.12-1.3mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libfreetype6-devel-2.3.12-1.3mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libfreetype6-static-devel-2.3.12-1.3mdv2010.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:02:39", "description": "Marc Schoenefeld discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS.\n(CVE-2010-3311)\n\nChris Evans discovered that FreeType did not correctly handle certain malformed TrueType font files. If a user were tricked into using a specially crafted TrueType file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. This issue only affected Ubuntu 8.04 LTS, 9.10, 10.04 LTS and 10.10. (CVE-2010-3814)\n\nIt was discovered that FreeType did not correctly handle certain malformed TrueType font files. If a user were tricked into using a specially crafted TrueType file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. (CVE-2010-3855).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2010-11-05T00:00:00", "type": "nessus", "title": "Ubuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : freetype vulnerabilities (USN-1013-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-3311", "CVE-2010-3814", "CVE-2010-3855"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:freetype2-demos", "p-cpe:/a:canonical:ubuntu_linux:libfreetype6", "p-cpe:/a:canonical:ubuntu_linux:libfreetype6-dev", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:10.10", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "cpe:/o:canonical:ubuntu_linux:9.10"], "id": "UBUNTU_USN-1013-1.NASL", "href": "https://www.tenable.com/plugins/nessus/50491", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1013-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(50491);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/09/19 12:54:26\");\n\n script_cve_id(\"CVE-2010-3311\", \"CVE-2010-3814\", \"CVE-2010-3855\");\n script_bugtraq_id(43700, 44214);\n script_xref(name:\"USN\", value:\"1013-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : freetype vulnerabilities (USN-1013-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Marc Schoenefeld discovered that FreeType did not correctly handle\ncertain malformed font files. If a user were tricked into using a\nspecially crafted font file, a remote attacker could cause FreeType to\ncrash or possibly execute arbitrary code with user privileges. This\nissue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS.\n(CVE-2010-3311)\n\nChris Evans discovered that FreeType did not correctly handle certain\nmalformed TrueType font files. If a user were tricked into using a\nspecially crafted TrueType file, a remote attacker could cause\nFreeType to crash or possibly execute arbitrary code with user\nprivileges. This issue only affected Ubuntu 8.04 LTS, 9.10, 10.04 LTS\nand 10.10. (CVE-2010-3814)\n\nIt was discovered that FreeType did not correctly handle certain\nmalformed TrueType font files. If a user were tricked into using a\nspecially crafted TrueType file, a remote attacker could cause\nFreeType to crash or possibly execute arbitrary code with user\nprivileges. (CVE-2010-3855).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1013-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected freetype2-demos, libfreetype6 and / or\nlibfreetype6-dev packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:freetype2-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libfreetype6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libfreetype6-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/11/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(6\\.06|8\\.04|9\\.10|10\\.04|10\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 8.04 / 9.10 / 10.04 / 10.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"freetype2-demos\", pkgver:\"2.1.10-1ubuntu2.10\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libfreetype6\", pkgver:\"2.1.10-1ubuntu2.10\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libfreetype6-dev\", pkgver:\"2.1.10-1ubuntu2.10\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"freetype2-demos\", pkgver:\"2.3.5-1ubuntu4.8.04.6\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libfreetype6\", pkgver:\"2.3.5-1ubuntu4.8.04.6\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libfreetype6-dev\", pkgver:\"2.3.5-1ubuntu4.8.04.6\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"freetype2-demos\", pkgver:\"2.3.9-5ubuntu0.4\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libfreetype6\", pkgver:\"2.3.9-5ubuntu0.4\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libfreetype6-dev\", pkgver:\"2.3.9-5ubuntu0.4\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"freetype2-demos\", pkgver:\"2.3.11-1ubuntu2.4\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libfreetype6\", pkgver:\"2.3.11-1ubuntu2.4\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libfreetype6-dev\", pkgver:\"2.3.11-1ubuntu2.4\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"freetype2-demos\", pkgver:\"2.4.2-2ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libfreetype6\", pkgver:\"2.4.2-2ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libfreetype6-dev\", pkgver:\"2.4.2-2ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype2-demos / libfreetype6 / libfreetype6-dev\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:36:48", "description": "Updated freetype packages that fix three security issues are now available for Red Hat Enterprise Linux 3.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 3 provide both the FreeType 1 and FreeType 2 font engines.\n\nIt was discovered that the FreeType font rendering engine improperly validated certain position values when processing input streams. If a user loaded a specially crafted font file with an application linked against FreeType, and the relevant font glyphs were subsequently rendered with the X FreeType library (libXft), it could trigger a heap-based buffer overflow in the libXft library, causing the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-3311)\n\nAn array index error was found in the way the FreeType font rendering engine processed certain PostScript Type 42 font files. If a user loaded a specially crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2806)\n\nA stack overflow flaw was found in the way the FreeType font rendering engine processed PostScript Type 1 font files that contain nested Standard Encoding Accented Character (seac) calls. If a user loaded a specially crafted font file with an application linked against FreeType, it could cause the application to crash. (CVE-2010-3054)\n\nNote: All of the issues in this erratum only affect the FreeType 2 font engine.\n\nUsers are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2010-10-06T00:00:00", "type": "nessus", "title": "CentOS 3 : freetype (CESA-2010:0736)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2806", "CVE-2010-3054", "CVE-2010-3311"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:freetype", "p-cpe:/a:centos:centos:freetype-demos", "p-cpe:/a:centos:centos:freetype-devel", "p-cpe:/a:centos:centos:freetype-utils", "cpe:/o:centos:centos:3"], "id": "CENTOS_RHSA-2010-0736.NASL", "href": "https://www.tenable.com/plugins/nessus/49715", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0736 and \n# CentOS Errata and Security Advisory 2010:0736 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49715);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2010-2806\", \"CVE-2010-3054\", \"CVE-2010-3311\");\n script_xref(name:\"RHSA\", value:\"2010:0736\");\n\n script_name(english:\"CentOS 3 : freetype (CESA-2010:0736)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated freetype packages that fix three security issues are now\navailable for Red Hat Enterprise Linux 3.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open\nand manage font files. It also loads, hints, and renders individual\nglyphs efficiently. The freetype packages for Red Hat Enterprise Linux\n3 provide both the FreeType 1 and FreeType 2 font engines.\n\nIt was discovered that the FreeType font rendering engine improperly\nvalidated certain position values when processing input streams. If a\nuser loaded a specially crafted font file with an application linked\nagainst FreeType, and the relevant font glyphs were subsequently\nrendered with the X FreeType library (libXft), it could trigger a\nheap-based buffer overflow in the libXft library, causing the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-3311)\n\nAn array index error was found in the way the FreeType font rendering\nengine processed certain PostScript Type 42 font files. If a user\nloaded a specially crafted font file with an application linked\nagainst FreeType, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2806)\n\nA stack overflow flaw was found in the way the FreeType font rendering\nengine processed PostScript Type 1 font files that contain nested\nStandard Encoding Accented Character (seac) calls. If a user loaded a\nspecially crafted font file with an application linked against\nFreeType, it could cause the application to crash. (CVE-2010-3054)\n\nNote: All of the issues in this erratum only affect the FreeType 2\nfont engine.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be\nrestarted (log out, then log back in) for this update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-October/017037.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1aeb6a9c\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-October/017038.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?156942a0\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freetype packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freetype-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freetype-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freetype-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 3.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"freetype-2.1.4-18.el3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"freetype-2.1.4-18.el3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"freetype-demos-2.1.4-18.el3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"freetype-demos-2.1.4-18.el3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"freetype-devel-2.1.4-18.el3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"freetype-devel-2.1.4-18.el3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"freetype-utils-2.1.4-18.el3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"freetype-utils-2.1.4-18.el3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype / freetype-demos / freetype-devel / freetype-utils\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-22T15:36:14", "description": "From Red Hat Security Advisory 2010:0736 :\n\nUpdated freetype packages that fix three security issues are now available for Red Hat Enterprise Linux 3.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 3 provide both the FreeType 1 and FreeType 2 font engines.\n\nIt was discovered that the FreeType font rendering engine improperly validated certain position values when processing input streams. If a user loaded a specially crafted font file with an application linked against FreeType, and the relevant font glyphs were subsequently rendered with the X FreeType library (libXft), it could trigger a heap-based buffer overflow in the libXft library, causing the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-3311)\n\nAn array index error was found in the way the FreeType font rendering engine processed certain PostScript Type 42 font files. If a user loaded a specially crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2806)\n\nA stack overflow flaw was found in the way the FreeType font rendering engine processed PostScript Type 1 font files that contain nested Standard Encoding Accented Character (seac) calls. If a user loaded a specially crafted font file with an application linked against FreeType, it could cause the application to crash. (CVE-2010-3054)\n\nNote: All of the issues in this erratum only affect the FreeType 2 font engine.\n\nUsers are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 3 : freetype (ELSA-2010-0736)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2806", "CVE-2010-3054", "CVE-2010-3311"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:freetype", "p-cpe:/a:oracle:linux:freetype-devel", "cpe:/o:oracle:linux:3"], "id": "ORACLELINUX_ELSA-2010-0736.NASL", "href": "https://www.tenable.com/plugins/nessus/68107", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2010:0736 and \n# Oracle Linux Security Advisory ELSA-2010-0736 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68107);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-2806\", \"CVE-2010-3054\", \"CVE-2010-3311\");\n script_xref(name:\"RHSA\", value:\"2010:0736\");\n\n script_name(english:\"Oracle Linux 3 : freetype (ELSA-2010-0736)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2010:0736 :\n\nUpdated freetype packages that fix three security issues are now\navailable for Red Hat Enterprise Linux 3.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open\nand manage font files. It also loads, hints, and renders individual\nglyphs efficiently. The freetype packages for Red Hat Enterprise Linux\n3 provide both the FreeType 1 and FreeType 2 font engines.\n\nIt was discovered that the FreeType font rendering engine improperly\nvalidated certain position values when processing input streams. If a\nuser loaded a specially crafted font file with an application linked\nagainst FreeType, and the relevant font glyphs were subsequently\nrendered with the X FreeType library (libXft), it could trigger a\nheap-based buffer overflow in the libXft library, causing the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-3311)\n\nAn array index error was found in the way the FreeType font rendering\nengine processed certain PostScript Type 42 font files. If a user\nloaded a specially crafted font file with an application linked\nagainst FreeType, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2806)\n\nA stack overflow flaw was found in the way the FreeType font rendering\nengine processed PostScript Type 1 font files that contain nested\nStandard Encoding Accented Character (seac) calls. If a user loaded a\nspecially crafted font file with an application linked against\nFreeType, it could cause the application to crash. (CVE-2010-3054)\n\nNote: All of the issues in this erratum only affect the FreeType 2\nfont engine.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be\nrestarted (log out, then log back in) for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-October/001667.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freetype packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:freetype-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"freetype-2.1.4-18.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"freetype-2.1.4-18.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"freetype-devel-2.1.4-18.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"freetype-devel-2.1.4-18.el3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype / freetype-devel\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:37:25", "description": "Updated freetype packages that fix three security issues are now available for Red Hat Enterprise Linux 3.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 3 provide both the FreeType 1 and FreeType 2 font engines.\n\nIt was discovered that the FreeType font rendering engine improperly validated certain position values when processing input streams. If a user loaded a specially crafted font file with an application linked against FreeType, and the relevant font glyphs were subsequently rendered with the X FreeType library (libXft), it could trigger a heap-based buffer overflow in the libXft library, causing the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-3311)\n\nAn array index error was found in the way the FreeType font rendering engine processed certain PostScript Type 42 font files. If a user loaded a specially crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2806)\n\nA stack overflow flaw was found in the way the FreeType font rendering engine processed PostScript Type 1 font files that contain nested Standard Encoding Accented Character (seac) calls. If a user loaded a specially crafted font file with an application linked against FreeType, it could cause the application to crash. (CVE-2010-3054)\n\nNote: All of the issues in this erratum only affect the FreeType 2 font engine.\n\nUsers are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2010-10-06T00:00:00", "type": "nessus", "title": "RHEL 3 : freetype (RHSA-2010:0736)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2806", "CVE-2010-3054", "CVE-2010-3311"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:freetype", "p-cpe:/a:redhat:enterprise_linux:freetype-devel", "cpe:/o:redhat:enterprise_linux:3"], "id": "REDHAT-RHSA-2010-0736.NASL", "href": "https://www.tenable.com/plugins/nessus/49748", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0736. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49748);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-2806\", \"CVE-2010-3054\", \"CVE-2010-3311\");\n script_xref(name:\"RHSA\", value:\"2010:0736\");\n\n script_name(english:\"RHEL 3 : freetype (RHSA-2010:0736)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated freetype packages that fix three security issues are now\navailable for Red Hat Enterprise Linux 3.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open\nand manage font files. It also loads, hints, and renders individual\nglyphs efficiently. The freetype packages for Red Hat Enterprise Linux\n3 provide both the FreeType 1 and FreeType 2 font engines.\n\nIt was discovered that the FreeType font rendering engine improperly\nvalidated certain position values when processing input streams. If a\nuser loaded a specially crafted font file with an application linked\nagainst FreeType, and the relevant font glyphs were subsequently\nrendered with the X FreeType library (libXft), it could trigger a\nheap-based buffer overflow in the libXft library, causing the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-3311)\n\nAn array index error was found in the way the FreeType font rendering\nengine processed certain PostScript Type 42 font files. If a user\nloaded a specially crafted font file with an application linked\nagainst FreeType, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2806)\n\nA stack overflow flaw was found in the way the FreeType font rendering\nengine processed PostScript Type 1 font files that contain nested\nStandard Encoding Accented Character (seac) calls. If a user loaded a\nspecially crafted font file with an application linked against\nFreeType, it could cause the application to crash. (CVE-2010-3054)\n\nNote: All of the issues in this erratum only affect the FreeType 2\nfont engine.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be\nrestarted (log out, then log back in) for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2806\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3054\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3311\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0736\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freetype and / or freetype-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0736\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"freetype-2.1.4-18.el3\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"freetype-devel-2.1.4-18.el3\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype / freetype-devel\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:33:34", "description": "Multiple vulnerabilities has been found and corrected in freetype2 :\n\nThe FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file (CVE-2010-2805).\n\nArray index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via negative size values for certain strings in FontType42 font files, leading to a heap-based buffer overflow (CVE-2010-2806).\n\nFreeType before 2.4.2 uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file (CVE-2010-2807).\n\nBuffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Adobe Type 1 Mac Font File (aka LWFN) font (CVE-2010-2808).\n\nbdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) via a crafted BDF font file, related to an attempted modification of a value in a static string (CVE-2010-3053).\n\nUnspecified vulnerability in FreeType 2.3.9, and other versions before 2.4.2, allows remote attackers to cause a denial of service via vectors involving nested Standard Encoding Accented Character (aka seac) calls, related to psaux.h, cffgload.c, cffgload.h, and t1decode.c (CVE-2010-3054).\n\nPackages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149&products_id=4 90\n\nThe updated packages have been patched to correct these issues.", "cvss3": {"score": null, "vector": null}, "published": "2010-08-23T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : freetype2 (MDVSA-2010:156)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2805", "CVE-2010-2806", "CVE-2010-2807", "CVE-2010-2808", "CVE-2010-3053", "CVE-2010-3054"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64freetype6", "p-cpe:/a:mandriva:linux:lib64freetype6-devel", "p-cpe:/a:mandriva:linux:lib64freetype6-static-devel", "p-cpe:/a:mandriva:linux:libfreetype6", "p-cpe:/a:mandriva:linux:libfreetype6-devel", "p-cpe:/a:mandriva:linux:libfreetype6-static-devel", "cpe:/o:mandriva:linux:2008.0", "cpe:/o:mandriva:linux:2009.0", "cpe:/o:mandriva:linux:2009.1"], "id": "MANDRIVA_MDVSA-2010-156.NASL", "href": "https://www.tenable.com/plugins/nessus/48402", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2010:156. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48402);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2010-2805\",\n \"CVE-2010-2806\",\n \"CVE-2010-2807\",\n \"CVE-2010-3053\",\n \"CVE-2010-3054\"\n );\n script_bugtraq_id(42285);\n script_xref(name:\"MDVSA\", value:\"2010:156\");\n\n script_name(english:\"Mandriva Linux Security Advisory : freetype2 (MDVSA-2010:156)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been found and corrected in freetype2 :\n\nThe FT_Stream_EnterFrame function in base/ftstream.c in FreeType\nbefore 2.4.2 does not properly validate certain position values, which\nallows remote attackers to cause a denial of service (application\ncrash) or possibly execute arbitrary code via a crafted font file\n(CVE-2010-2805).\n\nArray index error in the t42_parse_sfnts function in type42/t42parse.c\nin FreeType before 2.4.2 allows remote attackers to cause a denial of\nservice (application crash) or possibly execute arbitrary code via\nnegative size values for certain strings in FontType42 font files,\nleading to a heap-based buffer overflow (CVE-2010-2806).\n\nFreeType before 2.4.2 uses incorrect integer data types during bounds\nchecking, which allows remote attackers to cause a denial of service\n(application crash) or possibly execute arbitrary code via a crafted\nfont file (CVE-2010-2807).\n\nBuffer overflow in the Mac_Read_POST_Resource function in\nbase/ftobjs.c in FreeType before 2.4.2 allows remote attackers to\ncause a denial of service (memory corruption and application crash) or\npossibly execute arbitrary code via a crafted Adobe Type 1 Mac Font\nFile (aka LWFN) font (CVE-2010-2808).\n\nbdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause\na denial of service (application crash) via a crafted BDF font file,\nrelated to an attempted modification of a value in a static string\n(CVE-2010-3053).\n\nUnspecified vulnerability in FreeType 2.3.9, and other versions before\n2.4.2, allows remote attackers to cause a denial of service via\nvectors involving nested Standard Encoding Accented Character (aka\nseac) calls, related to psaux.h, cffgload.c, cffgload.h, and\nt1decode.c (CVE-2010-3054).\n\nPackages for 2008.0 and 2009.0 are provided as of the Extended\nMaintenance Program. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149&products_id=4\n90\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freetype6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freetype6-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freetype6-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libfreetype6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libfreetype6-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libfreetype6-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64freetype6-2.3.5-2.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64freetype6-devel-2.3.5-2.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64freetype6-static-devel-2.3.5-2.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libfreetype6-2.3.5-2.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libfreetype6-devel-2.3.5-2.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libfreetype6-static-devel-2.3.5-2.5mdv2008.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64freetype6-2.3.7-1.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64freetype6-devel-2.3.7-1.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64freetype6-static-devel-2.3.7-1.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libfreetype6-2.3.7-1.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libfreetype6-devel-2.3.7-1.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libfreetype6-static-devel-2.3.7-1.4mdv2009.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64freetype6-2.3.9-1.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64freetype6-devel-2.3.9-1.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64freetype6-static-devel-2.3.9-1.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libfreetype6-2.3.9-1.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libfreetype6-devel-2.3.9-1.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libfreetype6-static-devel-2.3.9-1.5mdv2009.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-16T14:11:44", "description": "Updated rhev-hypervisor packages that fix multiple security issues and two bugs are now available.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe rhev-hypervisor package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions.\n\nIt was found that the libspice component of QEMU-KVM on the host did not validate all pointers provided from a guest system's QXL graphics card driver. A privileged guest user could use this flaw to cause the host to dereference an invalid pointer, causing the guest to crash (denial of service) or, possibly, resulting in the privileged guest user escalating their privileges on the host. (CVE-2010-0428)\n\nIt was found that the libspice component of QEMU-KVM on the host could be forced to perform certain memory management operations on memory addresses controlled by a guest. A privileged guest user could use this flaw to crash the guest (denial of service) or, possibly, escalate their privileges on the host. (CVE-2010-0429)\n\nIt was found that QEMU-KVM on the host did not validate all pointers provided from a guest system's QXL graphics card driver. A privileged guest user could use this flaw to cause the host to dereference an invalid pointer, causing the guest to crash (denial of service) or, possibly, resulting in the privileged guest user escalating their privileges on the host. (CVE-2010-0431)\n\nA flaw was found in QEMU-KVM, allowing the guest some control over the index used to access the callback array during sub-page MMIO initialization. A privileged guest user could use this flaw to crash the guest (denial of service) or, possibly, escalate their privileges on the host. (CVE-2010-2784)\n\nA NULL pointer dereference flaw was found when Red Hat Enterprise Virtualization Hypervisor was run on a system that has a processor with the Intel VT-x extension enabled. A privileged guest user could use this flaw to trick the host into emulating a certain instruction, which could crash the host (denial of service). (CVE-2010-0435)\n\nA flaw was found in the way VDSM accepted SSL connections. An attacker could trigger this flaw by creating a crafted SSL connection to VDSM, preventing VDSM from accepting SSL connections from other users.\n(CVE-2010-2811)\n\nThese updated packages provide updated components that include fixes for security issues; however, these issues have no security impact for Red Hat Enterprise Virtualization Hypervisor. These fixes are for avahi issues CVE-2009-0758 and CVE-2010-2244; freetype issues CVE-2010-1797, CVE-2010-2498, CVE-2010-2499, CVE-2010-2500, CVE-2010-2519, CVE-2010-2527, and CVE-2010-2541; kernel issues CVE-2010-1084, CVE-2010-2066, CVE-2010-2070, CVE-2010-2226, CVE-2010-2248, CVE-2010-2521, and CVE-2010-2524; and openldap issues CVE-2010-0211 and CVE-2010-0212.\n\nThese updated rhev-hypervisor packages also fix two bugs.\nDocumentation for these bug fixes will be available shortly from http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Virtualization_fo r_Servers /2.2/html/Technical_Notes/index.html\n\nAs Red Hat Enterprise Virtualization Hypervisor is based on KVM, the bug fixes from the KVM update RHSA-2010:0627 have been included in this update. Also included are the bug fixes from the VDSM update RHSA-2010:0628.\n\nKVM: https://rhn.redhat.com/errata/RHSA-2010-0627.html VDSM:\nhttps://rhn.redhat.com/errata/RHSA-2010-0628.html\n\nUsers of Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to these updated rhev-hypervisor packages, which resolve these issues.", "cvss3": {"score": null, "vector": null}, "published": "2014-11-17T00:00:00", "type": "nessus", "title": "RHEL 5 : rhev-hypervisor (RHSA-2010:0622)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0758", "CVE-2010-0211", "CVE-2010-0212", "CVE-2010-0428", "CVE-2010-0429", "CVE-2010-0431", "CVE-2010-0435", "CVE-2010-1084", "CVE-2010-1797", "CVE-2010-2066", "CVE-2010-2070", "CVE-2010-2226", "CVE-2010-2244", "CVE-2010-2248", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2500", "CVE-2010-2519", "CVE-2010-2521", "CVE-2010-2524", "CVE-2010-2527", "CVE-2010-2541", "CVE-2010-2784", "CVE-2010-2811"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor", "p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor-pxe", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2010-0622.NASL", "href": "https://www.tenable.com/plugins/nessus/79276", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0622. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79276);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0428\", \"CVE-2010-0429\", \"CVE-2010-0431\", \"CVE-2010-0435\", \"CVE-2010-2784\", \"CVE-2010-2811\");\n script_bugtraq_id(42580);\n script_xref(name:\"RHSA\", value:\"2010:0622\");\n\n script_name(english:\"RHEL 5 : rhev-hypervisor (RHSA-2010:0622)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated rhev-hypervisor packages that fix multiple security issues and\ntwo bugs are now available.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe rhev-hypervisor package provides a Red Hat Enterprise\nVirtualization Hypervisor ISO disk image. The Red Hat Enterprise\nVirtualization Hypervisor is a dedicated Kernel-based Virtual Machine\n(KVM) hypervisor. It includes everything necessary to run and manage\nvirtual machines: A subset of the Red Hat Enterprise Linux operating\nenvironment and the Red Hat Enterprise Virtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available\nfor the Intel 64 and AMD64 architectures with virtualization\nextensions.\n\nIt was found that the libspice component of QEMU-KVM on the host did\nnot validate all pointers provided from a guest system's QXL graphics\ncard driver. A privileged guest user could use this flaw to cause the\nhost to dereference an invalid pointer, causing the guest to crash\n(denial of service) or, possibly, resulting in the privileged guest\nuser escalating their privileges on the host. (CVE-2010-0428)\n\nIt was found that the libspice component of QEMU-KVM on the host could\nbe forced to perform certain memory management operations on memory\naddresses controlled by a guest. A privileged guest user could use\nthis flaw to crash the guest (denial of service) or, possibly,\nescalate their privileges on the host. (CVE-2010-0429)\n\nIt was found that QEMU-KVM on the host did not validate all pointers\nprovided from a guest system's QXL graphics card driver. A privileged\nguest user could use this flaw to cause the host to dereference an\ninvalid pointer, causing the guest to crash (denial of service) or,\npossibly, resulting in the privileged guest user escalating their\nprivileges on the host. (CVE-2010-0431)\n\nA flaw was found in QEMU-KVM, allowing the guest some control over the\nindex used to access the callback array during sub-page MMIO\ninitialization. A privileged guest user could use this flaw to crash\nthe guest (denial of service) or, possibly, escalate their privileges\non the host. (CVE-2010-2784)\n\nA NULL pointer dereference flaw was found when Red Hat Enterprise\nVirtualization Hypervisor was run on a system that has a processor\nwith the Intel VT-x extension enabled. A privileged guest user could\nuse this flaw to trick the host into emulating a certain instruction,\nwhich could crash the host (denial of service). (CVE-2010-0435)\n\nA flaw was found in the way VDSM accepted SSL connections. An attacker\ncould trigger this flaw by creating a crafted SSL connection to VDSM,\npreventing VDSM from accepting SSL connections from other users.\n(CVE-2010-2811)\n\nThese updated packages provide updated components that include fixes\nfor security issues; however, these issues have no security impact for\nRed Hat Enterprise Virtualization Hypervisor. These fixes are for\navahi issues CVE-2009-0758 and CVE-2010-2244; freetype issues\nCVE-2010-1797, CVE-2010-2498, CVE-2010-2499, CVE-2010-2500,\nCVE-2010-2519, CVE-2010-2527, and CVE-2010-2541; kernel issues\nCVE-2010-1084, CVE-2010-2066, CVE-2010-2070, CVE-2010-2226,\nCVE-2010-2248, CVE-2010-2521, and CVE-2010-2524; and openldap issues\nCVE-2010-0211 and CVE-2010-0212.\n\nThese updated rhev-hypervisor packages also fix two bugs.\nDocumentation for these bug fixes will be available shortly from\nhttp://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Virtualization_fo\nr_Servers /2.2/html/Technical_Notes/index.html\n\nAs Red Hat Enterprise Virtualization Hypervisor is based on KVM, the\nbug fixes from the KVM update RHSA-2010:0627 have been included in\nthis update. Also included are the bug fixes from the VDSM update\nRHSA-2010:0628.\n\nKVM: https://rhn.redhat.com/errata/RHSA-2010-0627.html VDSM:\nhttps://rhn.redhat.com/errata/RHSA-2010-0628.html\n\nUsers of Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to these updated rhev-hypervisor packages, which resolve these\nissues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0429\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0431\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0435\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2784\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2811\"\n );\n # http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Virtualization_for_Servers\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cb2e5a4a\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0622\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected rhev-hypervisor and / or rhev-hypervisor-pxe\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor-pxe\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/08/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0622\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"rhev-hypervisor-5.5-2.2.6.1.el5_5rhev2_2\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhev-hypervisor-pxe-5.5-2.2.6.1.el5_5rhev2_2\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rhev-hypervisor / rhev-hypervisor-pxe\");\n }\n}\n", "cvss": {"score": 6.6, "vector": "AV:L/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:02:59", "description": "Marc Schoenefeld has found an input stream position error in the way the FreeType font rendering engine processed input file streams. If a user loaded a specially crafted font file with an application linked against FreeType and relevant font glyphs were subsequently rendered with the X FreeType library (libXft), it could cause the application to crash or, possibly execute arbitrary code.", "cvss3": {"score": null, "vector": null}, "published": "2010-10-06T00:00:00", "type": "nessus", "title": "Debian DSA-2116-1 : freetype - integer overflow", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-3311"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:freetype", "cpe:/o:debian:debian_linux:5.0"], "id": "DEBIAN_DSA-2116.NASL", "href": "https://www.tenable.com/plugins/nessus/49766", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2116. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49766);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2010-3311\");\n script_bugtraq_id(43700, 43841, 43845);\n script_xref(name:\"DSA\", value:\"2116\");\n\n script_name(english:\"Debian DSA-2116-1 : freetype - integer overflow\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Marc Schoenefeld has found an input stream position error in the way\nthe FreeType font rendering engine processed input file streams. If a\nuser loaded a specially crafted font file with an application linked\nagainst FreeType and relevant font glyphs were subsequently rendered\nwith the X FreeType library (libXft), it could cause the application\nto crash or, possibly execute arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2010/dsa-2116\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the freetype packages.\n\nAfter the upgrade, all running applications and services that use\nlibfreetype6 should be restarted. In most cases, logging out and in\nagain should be enough. The script checkrestart from the\ndebian-goodies package or lsof may help to find out which processes\nare still using the old version of libfreetype6.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.3.7-2+lenny4.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"freetype2-demos\", reference:\"2.3.7-2+lenny4\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libfreetype6\", reference:\"2.3.7-2+lenny4\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libfreetype6-dev\", reference:\"2.3.7-2+lenny4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:02:33", "description": "- Bug #623625 - CVE-2010-3311 freetype: Input stream position error by processing Compact Font Format (CFF) font files\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2010-10-14T00:00:00", "type": "nessus", "title": "Fedora 14 : freetype-2.4.2-3.fc14 (2010-15878)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-3311"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:freetype", "cpe:/o:fedoraproject:fedora:14"], "id": "FEDORA_2010-15878.NASL", "href": "https://www.tenable.com/plugins/nessus/49969", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-15878.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49969);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-3311\");\n script_bugtraq_id(43700);\n script_xref(name:\"FEDORA\", value:\"2010-15878\");\n\n script_name(english:\"Fedora 14 : freetype-2.4.2-3.fc14 (2010-15878)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Bug #623625 - CVE-2010-3311 freetype: Input stream\n position error by processing Compact Font Format (CFF)\n font files\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=623625\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/049226.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?496b68aa\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freetype package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"freetype-2.4.2-3.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:02:16", "description": "- Mon Nov 15 2010 Marek Kasik <mkasik at redhat.com> 2.4.2-4\n\n - Add freetype-2.4.2-CVE-2010-3855.patch (Protect against invalid `runcnt' values.)\n\n - Resolves: #651764\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2010-11-17T00:00:00", "type": "nessus", "title": "Fedora 14 : freetype-2.4.2-4.fc14 (2010-17742)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-3855"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:freetype", "cpe:/o:fedoraproject:fedora:14"], "id": "FEDORA_2010-17742.NASL", "href": "https://www.tenable.com/plugins/nessus/50619", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-17742.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50619);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-3855\");\n script_bugtraq_id(44214);\n script_xref(name:\"FEDORA\", value:\"2010-17742\");\n\n script_name(english:\"Fedora 14 : freetype-2.4.2-4.fc14 (2010-17742)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Mon Nov 15 2010 Marek Kasik <mkasik at redhat.com>\n 2.4.2-4\n\n - Add freetype-2.4.2-CVE-2010-3855.patch (Protect\n against invalid `runcnt' values.)\n\n - Resolves: #651764\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=645275\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-November/050965.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b6f23e7d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freetype package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"freetype-2.4.2-4.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:02:24", "description": "Updated freetype packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for Red Hat Enterprise Linux 5 and 6 provide only the FreeType 2 font engine.\n\nA heap-based buffer overflow flaw was found in the way the FreeType font rendering engine processed certain TrueType GX fonts. If a user loaded a specially crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-3855)\n\nNote: This issue only affects the FreeType 2 font engine.\n\nUsers are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The X server must be restarted (log out, then log back in) for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2010-11-17T00:00:00", "type": "nessus", "title": "RHEL 4 / 5 / 6 : freetype (RHSA-2010:0889)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-3855"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:freetype", "p-cpe:/a:redhat:enterprise_linux:freetype-debuginfo", "p-cpe:/a:redhat:enterprise_linux:freetype-demos", "p-cpe:/a:redhat:enterprise_linux:freetype-devel", "p-cpe:/a:redhat:enterprise_linux:freetype-utils", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:4.8", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.0"], "id": "REDHAT-RHSA-2010-0889.NASL", "href": "https://www.tenable.com/plugins/nessus/50620", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0889. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50620);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3855\");\n script_bugtraq_id(44214);\n script_xref(name:\"RHSA\", value:\"2010:0889\");\n\n script_name(english:\"RHEL 4 / 5 / 6 : freetype (RHSA-2010:0889)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated freetype packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open\nand manage font files. It also loads, hints, and renders individual\nglyphs efficiently. The freetype packages for Red Hat Enterprise Linux\n4 provide both the FreeType 1 and FreeType 2 font engines. The\nfreetype packages for Red Hat Enterprise Linux 5 and 6 provide only\nthe FreeType 2 font engine.\n\nA heap-based buffer overflow flaw was found in the way the FreeType\nfont rendering engine processed certain TrueType GX fonts. If a user\nloaded a specially crafted font file with an application linked\nagainst FreeType, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-3855)\n\nNote: This issue only affects the FreeType 2 font engine.\n\nUsers are advised to upgrade to these updated packages, which contain\na backported patch to correct this issue. The X server must be\nrestarted (log out, then log back in) for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3855\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0889\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/11/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0889\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"freetype-2.1.9-17.el4_8.1\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"freetype-demos-2.1.9-17.el4_8.1\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"freetype-devel-2.1.9-17.el4_8.1\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"freetype-utils-2.1.9-17.el4_8.1\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", reference:\"freetype-2.2.1-28.el5_5.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"freetype-demos-2.2.1-28.el5_5.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"freetype-demos-2.2.1-28.el5_5.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"freetype-demos-2.2.1-28.el5_5.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"freetype-devel-2.2.1-28.el5_5.1\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", reference:\"freetype-2.3.11-6.el6_0.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"freetype-debuginfo-2.3.11-6.el6_0.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"freetype-demos-2.3.11-6.el6_0.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"freetype-demos-2.3.11-6.el6_0.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"freetype-demos-2.3.11-6.el6_0.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"freetype-devel-2.3.11-6.el6_0.2\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype / freetype-debuginfo / freetype-demos / freetype-devel / etc\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:54:36", "description": "From Red Hat Security Advisory 2010:0889 :\n\nUpdated freetype packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for Red Hat Enterprise Linux 5 and 6 provide only the FreeType 2 font engine.\n\nA heap-based buffer overflow flaw was found in the way the FreeType font rendering engine processed certain TrueType GX fonts. If a user loaded a specially crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-3855)\n\nNote: This issue only affects the FreeType 2 font engine.\n\nUsers are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The X server must be restarted (log out, then log back in) for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 4 / 5 / 6 : freetype (ELSA-2010-0889)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-3855"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:freetype", "p-cpe:/a:oracle:linux:freetype-demos", "p-cpe:/a:oracle:linux:freetype-devel", "p-cpe:/a:oracle:linux:freetype-utils", "cpe:/o:oracle:linux:4", "cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2010-0889.NASL", "href": "https://www.tenable.com/plugins/nessus/68142", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2010:0889 and \n# Oracle Linux Security Advisory ELSA-2010-0889 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68142);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3855\");\n script_bugtraq_id(44214);\n script_xref(name:\"RHSA\", value:\"2010:0889\");\n\n script_name(english:\"Oracle Linux 4 / 5 / 6 : freetype (ELSA-2010-0889)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2010:0889 :\n\nUpdated freetype packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open\nand manage font files. It also loads, hints, and renders individual\nglyphs efficiently. The freetype packages for Red Hat Enterprise Linux\n4 provide both the FreeType 1 and FreeType 2 font engines. The\nfreetype packages for Red Hat Enterprise Linux 5 and 6 provide only\nthe FreeType 2 font engine.\n\nA heap-based buffer overflow flaw was found in the way the FreeType\nfont rendering engine processed certain TrueType GX fonts. If a user\nloaded a specially crafted font file with an application linked\nagainst FreeType, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-3855)\n\nNote: This issue only affects the FreeType 2 font engine.\n\nUsers are advised to upgrade to these updated packages, which contain\na backported patch to correct this issue. The X server must be\nrestarted (log out, then log back in) for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-November/001740.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-November/001741.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-February/001828.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freetype packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:freetype-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:freetype-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:freetype-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/11/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4 / 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"freetype-2.1.9-17.el4_8.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"freetype-demos-2.1.9-17.el4_8.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"freetype-devel-2.1.9-17.el4_8.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"freetype-utils-2.1.9-17.el4_8.1\")) flag++;\n\nif (rpm_check(release:\"EL5\", reference:\"freetype-2.2.1-28.el5_5.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"freetype-demos-2.2.1-28.el5_5.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"freetype-devel-2.2.1-28.el5_5.1\")) flag++;\n\nif (rpm_check(release:\"EL6\", reference:\"freetype-2.3.11-6.el6_0.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"freetype-demos-2.3.11-6.el6_0.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"freetype-devel-2.3.11-6.el6_0.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype / freetype-demos / freetype-devel / freetype-utils\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:02:18", "description": "Updated freetype packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for Red Hat Enterprise Linux 5 and 6 provide only the FreeType 2 font engine.\n\nA heap-based buffer overflow flaw was found in the way the FreeType font rendering engine processed certain TrueType GX fonts. If a user loaded a specially crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-3855)\n\nNote: This issue only affects the FreeType 2 font engine.\n\nUsers are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The X server must be restarted (log out, then log back in) for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2010-11-24T00:00:00", "type": "nessus", "title": "CentOS 4 / 5 : freetype (CESA-2010:0889)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-3855"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:freetype", "p-cpe:/a:centos:centos:freetype-demos", "p-cpe:/a:centos:centos:freetype-devel", "p-cpe:/a:centos:centos:freetype-utils", "cpe:/o:centos:centos:4", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2010-0889.NASL", "href": "https://www.tenable.com/plugins/nessus/50808", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0889 and \n# CentOS Errata and Security Advisory 2010:0889 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50808);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2010-3855\");\n script_bugtraq_id(44214);\n script_xref(name:\"RHSA\", value:\"2010:0889\");\n\n script_name(english:\"CentOS 4 / 5 : freetype (CESA-2010:0889)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated freetype packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open\nand manage font files. It also loads, hints, and renders individual\nglyphs efficiently. The freetype packages for Red Hat Enterprise Linux\n4 provide both the FreeType 1 and FreeType 2 font engines. The\nfreetype packages for Red Hat Enterprise Linux 5 and 6 provide only\nthe FreeType 2 font engine.\n\nA heap-based buffer overflow flaw was found in the way the FreeType\nfont rendering engine processed certain TrueType GX fonts. If a user\nloaded a specially crafted font file with an application linked\nagainst FreeType, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-3855)\n\nNote: This issue only affects the FreeType 2 font engine.\n\nUsers are advised to upgrade to these updated packages, which contain\na backported patch to correct this issue. The X server must be\nrestarted (log out, then log back in) for this update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-November/017177.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?98443248\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-November/017178.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1adb9463\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-November/017183.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6dc5c4f7\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-November/017184.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?328d7d08\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freetype packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freetype-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freetype-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freetype-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/11/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x / 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"freetype-2.1.9-17.el4_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"freetype-2.1.9-17.el4_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"freetype-demos-2.1.9-17.el4_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"freetype-demos-2.1.9-17.el4_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"freetype-devel-2.1.9-17.el4_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"freetype-devel-2.1.9-17.el4_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"freetype-utils-2.1.9-17.el4_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"freetype-utils-2.1.9-17.el4_8.1\")) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"freetype-2.2.1-28.el5_5.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"freetype-demos-2.2.1-28.el5_5.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"freetype-devel-2.2.1-28.el5_5.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype / freetype-demos / freetype-devel / freetype-utils\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:57:39", "description": "A heap-based buffer overflow flaw was found in the way the FreeType font rendering engine processed certain TrueType GX fonts. If a user loaded a specially crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-3855)\n\nNote: This issue only affects the FreeType 2 font engine.\n\nThe X server must be restarted (log out, then log back in) for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : freetype on SL4.x, SL5.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-3855"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20101116_FREETYPE_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60898", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60898);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3855\");\n\n script_name(english:\"Scientific Linux Security Update : freetype on SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A heap-based buffer overflow flaw was found in the way the FreeType\nfont rendering engine processed certain TrueType GX fonts. If a user\nloaded a specially crafted font file with an application linked\nagainst FreeType, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-3855)\n\nNote: This issue only affects the FreeType 2 font engine.\n\nThe X server must be restarted (log out, then log back in) for this\nupdate to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1011&L=scientific-linux-errata&T=0&P=981\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ed920bbb\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"freetype-2.1.9-17.el4_8.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"freetype-demos-2.1.9-17.el4_8.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"freetype-devel-2.1.9-17.el4_8.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"freetype-utils-2.1.9-17.el4_8.1\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"freetype-2.2.1-28.el5_5.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"freetype-demos-2.2.1-28.el5_5.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"freetype-devel-2.2.1-28.el5_5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T14:12:45", "description": "From Red Hat Security Advisory 2010:0607 :\n\nUpdated freetype packages that fix two security issues are now available for Red Hat Enterprise Linux 3, 4, and 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 3 and 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for Red Hat Enterprise Linux 5 provide only the FreeType 2 font engine.\n\nTwo stack overflow flaws were found in the way the FreeType font engine processed certain Compact Font Format (CFF) character strings (opcodes). If a user loaded a specially crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-1797)\n\nRed Hat would like to thank Braden Thomas of the Apple Product Security team for reporting these issues.\n\nNote: CVE-2010-1797 only affects the FreeType 2 font engine.\n\nUsers are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 3 / 4 / 5 : freetype (ELSA-2010-0607)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1797"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:freetype", "p-cpe:/a:oracle:linux:freetype-demos", "p-cpe:/a:oracle:linux:freetype-devel", "p-cpe:/a:oracle:linux:freetype-utils", "cpe:/o:oracle:linux:3", "cpe:/o:oracle:linux:4", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2010-0607.NASL", "href": "https://www.tenable.com/plugins/nessus/68080", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2010:0607 and \n# Oracle Linux Security Advisory ELSA-2010-0607 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68080);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1797\");\n script_xref(name:\"RHSA\", value:\"2010:0607\");\n\n script_name(english:\"Oracle Linux 3 / 4 / 5 : freetype (ELSA-2010-0607)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2010:0607 :\n\nUpdated freetype packages that fix two security issues are now\navailable for Red Hat Enterprise Linux 3, 4, and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open\nand manage font files. It also loads, hints, and renders individual\nglyphs efficiently. The freetype packages for Red Hat Enterprise Linux\n3 and 4 provide both the FreeType 1 and FreeType 2 font engines. The\nfreetype packages for Red Hat Enterprise Linux 5 provide only the\nFreeType 2 font engine.\n\nTwo stack overflow flaws were found in the way the FreeType font\nengine processed certain Compact Font Format (CFF) character strings\n(opcodes). If a user loaded a specially crafted font file with an\napplication linked against FreeType, it could cause the application to\ncrash or, possibly, execute arbitrary code with the privileges of the\nuser running the application. (CVE-2010-1797)\n\nRed Hat would like to thank Braden Thomas of the Apple Product\nSecurity team for reporting these issues.\n\nNote: CVE-2010-1797 only affects the FreeType 2 font engine.\n\nUsers are advised to upgrade to these updated packages, which contain\na backported patch to correct these issues. The X server must be\nrestarted (log out, then log back in) for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-August/001583.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-August/001584.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-August/001585.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freetype packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:freetype-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:freetype-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:freetype-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/08/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3 / 4 / 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"freetype-2.1.4-16.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"freetype-2.1.4-16.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"freetype-devel-2.1.4-16.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"freetype-devel-2.1.4-16.el3\")) flag++;\n\nif (rpm_check(release:\"EL4\", reference:\"freetype-2.1.9-15.el4.8\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"freetype-demos-2.1.9-15.el4.8\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"freetype-devel-2.1.9-15.el4.8\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"freetype-utils-2.1.9-15.el4.8\")) flag++;\n\nif (rpm_check(release:\"EL5\", reference:\"freetype-2.2.1-26.el5_5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"freetype-demos-2.2.1-26.el5_5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"freetype-devel-2.2.1-26.el5_5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype / freetype-demos / freetype-devel / freetype-utils\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:34:59", "description": "Updated freetype packages that fix two security issues are now available for Red Hat Enterprise Linux 3, 4, and 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 3 and 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for Red Hat Enterprise Linux 5 provide only the FreeType 2 font engine.\n\nTwo stack overflow flaws were found in the way the FreeType font engine processed certain Compact Font Format (CFF) character strings (opcodes). If a user loaded a specially crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-1797)\n\nRed Hat would like to thank Braden Thomas of the Apple Product Security team for reporting these issues.\n\nNote: CVE-2010-1797 only affects the FreeType 2 font engine.\n\nUsers are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2010-08-09T00:00:00", "type": "nessus", "title": "CentOS 3 / 4 / 5 : freetype (CESA-2010:0607)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1797"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:freetype", "p-cpe:/a:centos:centos:freetype-demos", "p-cpe:/a:centos:centos:freetype-devel", "p-cpe:/a:centos:centos:freetype-utils", "cpe:/o:centos:centos:3", "cpe:/o:centos:centos:4", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2010-0607.NASL", "href": "https://www.tenable.com/plugins/nessus/48269", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0607 and \n# CentOS Errata and Security Advisory 2010:0607 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48269);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2010-1797\");\n script_xref(name:\"RHSA\", value:\"2010:0607\");\n\n script_name(english:\"CentOS 3 / 4 / 5 : freetype (CESA-2010:0607)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated freetype packages that fix two security issues are now\navailable for Red Hat Enterprise Linux 3, 4, and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open\nand manage font files. It also loads, hints, and renders individual\nglyphs efficiently. The freetype packages for Red Hat Enterprise Linux\n3 and 4 provide both the FreeType 1 and FreeType 2 font engines. The\nfreetype packages for Red Hat Enterprise Linux 5 provide only the\nFreeType 2 font engine.\n\nTwo stack overflow flaws were found in the way the FreeType font\nengine processed certain Compact Font Format (CFF) character strings\n(opcodes). If a user loaded a specially crafted font file with an\napplication linked against FreeType, it could cause the application to\ncrash or, possibly, execute arbitrary code with the privileges of the\nuser running the application. (CVE-2010-1797)\n\nRed Hat would like to thank Braden Thomas of the Apple Product\nSecurity team for reporting these issues.\n\nNote: CVE-2010-1797 only affects the FreeType 2 font engine.\n\nUsers are advised to upgrade to these updated packages, which contain\na backported patch to correct these issues. The X server must be\nrestarted (log out, then log back in) for this update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-August/016872.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f3cae0a7\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-August/016873.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0166864d\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-August/016888.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?525a1a23\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-August/016889.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a1ae3628\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-August/016922.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b4dee148\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-August/016923.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9032f78e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freetype packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freetype-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freetype-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freetype-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/08/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 3.x / 4.x / 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"freetype-2.1.4-16.el3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"freetype-2.1.4-16.el3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"freetype-demos-2.1.4-16.el3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"freetype-demos-2.1.4-16.el3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"freetype-devel-2.1.4-16.el3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"freetype-devel-2.1.4-16.el3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"freetype-utils-2.1.4-16.el3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"freetype-utils-2.1.4-16.el3\")) flag++;\n\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"freetype-2.1.9-15.el4.8\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"freetype-2.1.9-15.el4.8\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"freetype-demos-2.1.9-15.el4.8\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"freetype-demos-2.1.9-15.el4.8\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"freetype-devel-2.1.9-15.el4.8\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"freetype-devel-2.1.9-15.el4.8\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"freetype-utils-2.1.9-15.el4.8\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"freetype-utils-2.1.9-15.el4.8\")) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"freetype-2.2.1-26.el5_5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"freetype-demos-2.2.1-26.el5_5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"freetype-devel-2.2.1-26.el5_5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype / freetype-demos / freetype-devel / freetype-utils\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:34:10", "description": "A vulnerability has been discovered and corrected in freetype2 :\n\nMultiple stack overflow flaws have been reported in the way FreeType font rendering engine processed certain CFF opcodes. An attacker could use these flaws to create a specially crafted font file that, when opened, would cause an application linked against libfreetype to crash, or, possibly execute arbitrary code (CVE-2010-1797).\n\nPackages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149&products_id=4 90\n\nThe updated packages have been patched to correct this issue.", "cvss3": {"score": null, "vector": null}, "published": "2010-08-13T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : freetype2 (MDVSA-2010:149)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1797"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64freetype6", "p-cpe:/a:mandriva:linux:lib64freetype6-devel", "p-cpe:/a:mandriva:linux:lib64freetype6-static-devel", "p-cpe:/a:mandriva:linux:libfreetype6", "p-cpe:/a:mandriva:linux:libfreetype6-devel", "p-cpe:/a:mandriva:linux:libfreetype6-static-devel", "cpe:/o:mandriva:linux:2008.0", "cpe:/o:mandriva:linux:2009.0", "cpe:/o:mandriva:linux:2009.1", "cpe:/o:mandriva:linux:2010.0", "cpe:/o:mandriva:linux:2010.1"], "id": "MANDRIVA_MDVSA-2010-149.NASL", "href": "https://www.tenable.com/plugins/nessus/48319", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2010:149. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48319);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2010-1797\");\n script_bugtraq_id(42241);\n script_xref(name:\"MDVSA\", value:\"2010:149\");\n\n script_name(english:\"Mandriva Linux Security Advisory : freetype2 (MDVSA-2010:149)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability has been discovered and corrected in freetype2 :\n\nMultiple stack overflow flaws have been reported in the way FreeType\nfont rendering engine processed certain CFF opcodes. An attacker could\nuse these flaws to create a specially crafted font file that, when\nopened, would cause an application linked against libfreetype to\ncrash, or, possibly execute arbitrary code (CVE-2010-1797).\n\nPackages for 2008.0 and 2009.0 are provided as of the Extended\nMaintenance Program. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149&products_id=4\n90\n\nThe updated packages have been patched to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=621144\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freetype6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freetype6-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freetype6-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libfreetype6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libfreetype6-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libfreetype6-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64freetype6-2.3.5-2.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64freetype6-devel-2.3.5-2.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64freetype6-static-devel-2.3.5-2.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libfreetype6-2.3.5-2.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libfreetype6-devel-2.3.5-2.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libfreetype6-static-devel-2.3.5-2.4mdv2008.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64freetype6-2.3.7-1.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64freetype6-devel-2.3.7-1.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64freetype6-static-devel-2.3.7-1.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libfreetype6-2.3.7-1.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libfreetype6-devel-2.3.7-1.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libfreetype6-static-devel-2.3.7-1.3mdv2009.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64freetype6-2.3.9-1.4mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64freetype6-devel-2.3.9-1.4mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64freetype6-static-devel-2.3.9-1.4mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libfreetype6-2.3.9-1.4mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libfreetype6-devel-2.3.9-1.4mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libfreetype6-static-devel-2.3.9-1.4mdv2009.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64freetype6-2.3.11-1.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64freetype6-devel-2.3.11-1.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64freetype6-static-devel-2.3.11-1.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libfreetype6-2.3.11-1.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libfreetype6-devel-2.3.11-1.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libfreetype6-static-devel-2.3.11-1.2mdv2010.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64freetype6-2.3.12-1.2mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64freetype6-devel-2.3.12-1.2mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64freetype6-static-devel-2.3.12-1.2mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libfreetype6-2.3.12-1.2mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libfreetype6-devel-2.3.12-1.2mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libfreetype6-static-devel-2.3.12-1.2mdv2010.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:33:35", "description": "The version of Foxit Reader installed on the remote Windows host is prior to 4.1.1.0805. It is, therefore, affected by a remote code execution vulnerability in the FreeType engine due to multiple stack-based buffer overflow conditions in the CFF Type2 CharStrings interpreter, specifically within the function cff_decoder_parse_charstrings(). An attacker can exploit this, via crafted CFF opcodes in embedded fonts in a PDF document, to cause a denial of service or to execute arbitrary code with the user's privileges.", "cvss3": {"score": null, "vector": null}, "published": "2010-08-09T00:00:00", "type": "nessus", "title": "Foxit Reader < 4.1.1.0805 FreeType CFF Opcodes RCE", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1797"], "modified": "2018-11-15T00:00:00", "cpe": ["cpe:/a:foxitsoftware:foxit_reader"], "id": "FOXIT_READER_4_1_1_0805.NASL", "href": "https://www.tenable.com/plugins/nessus/48276", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(48276);\n script_version(\"1.18\");\n script_cvs_date(\"Date: 2018/11/15 20:50:26\");\n\n script_cve_id(\"CVE-2010-1797\");\n script_bugtraq_id(42241);\n script_xref(name:\"CERT\", value:\"275247\");\n script_xref(name:\"EDB-ID\", value:\"14538\");\n script_xref(name:\"Secunia\", value:\"40903\");\n\n script_name(english:\"Foxit Reader < 4.1.1.0805 FreeType CFF Opcodes RCE\");\n script_summary(english:\"Checks the version of Foxit Reader.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A PDF viewer installed on the remote host is affected by a remote code\nexecution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Foxit Reader installed on the remote Windows host is\nprior to 4.1.1.0805. It is, therefore, affected by a remote code\nexecution vulnerability in the FreeType engine due to multiple\nstack-based buffer overflow conditions in the CFF Type2 CharStrings\ninterpreter, specifically within the function\ncff_decoder_parse_charstrings(). An attacker can exploit this, via\ncrafted CFF opcodes in embedded fonts in a PDF document, to cause a\ndenial of service or to execute arbitrary code with the user's\nprivileges.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.f-secure.com/weblog/archives/00002002.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.foxitsoftware.com/support/security-bulletins.php\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.foxitsoftware.com/company/press.php?id=194\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Foxit Reader version 4.1.1.0805 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"vuln_publication_date\",value:\"2010/08/06\");\n script_set_attribute(attribute:\"patch_publication_date\",value:\"2010/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\",value:\"cpe:/a:foxitsoftware:foxit_reader\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"foxit_reader_installed.nasl\");\n script_require_keys(\"installed_sw/Foxit Reader\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\napp = \"Foxit Reader\";\ninstall = get_single_install(app_name:app, exit_if_unknown_ver:TRUE);\nversion = install[\"version\"];\npath = install[\"path\"];\n\nreport = NULL;\n\nfixed_version = \"4.1.1.0805\";\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) < 0)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port)\n port = 445;\n\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + '\\n';\n\n security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);\n exit(0);\n}\nelse\n audit(AUDIT_INST_PATH_NOT_VULN, app, version, path);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:08:38", "description": "Two stack overflow flaws were found in the way the FreeType font engine processed certain Compact Font Format (CFF) character strings (opcodes). If a user loaded a specially crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-1797)\n\nNote: CVE-2010-1797 only affects the FreeType 2 font engine.\n\nThe X server must be restarted (log out, then log back in) for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : freetype on SL3.x, SL4.x, SL5.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1797"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20100805_FREETYPE_ON_SL3_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60830", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60830);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1797\");\n\n script_name(english:\"Scientific Linux Security Update : freetype on SL3.x, SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Two stack overflow flaws were found in the way the FreeType font\nengine processed certain Compact Font Format (CFF) character strings\n(opcodes). If a user loaded a specially crafted font file with an\napplication linked against FreeType, it could cause the application to\ncrash or, possibly, execute arbitrary code with the privileges of the\nuser running the application. (CVE-2010-1797)\n\nNote: CVE-2010-1797 only affects the FreeType 2 font engine.\n\nThe X server must be restarted (log out, then log back in) for this\nupdate to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1008&L=scientific-linux-errata&T=0&P=656\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?564229ec\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL3\", reference:\"freetype-2.1.4-16.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"freetype-demos-2.1.4-16.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"freetype-devel-2.1.4-16.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"freetype-utils-2.1.4-16.el3\")) flag++;\n\nif (rpm_check(release:\"SL4\", reference:\"freetype-2.1.9-15.el4.8\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"freetype-demos-2.1.9-15.el4.8\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"freetype-devel-2.1.9-15.el4.8\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"freetype-utils-2.1.9-15.el4.8\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"freetype-2.2.1-26.el5_5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"freetype-demos-2.2.1-26.el5_5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"freetype-devel-2.2.1-26.el5_5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:33:35", "description": "Updated freetype packages that fix two security issues are now available for Red Hat Enterprise Linux 3, 4, and 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 3 and 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for Red Hat Enterprise Linux 5 provide only the FreeType 2 font engine.\n\nTwo stack overflow flaws were found in the way the FreeType font engine processed certain Compact Font Format (CFF) character strings (opcodes). If a user loaded a specially crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-1797)\n\nRed Hat would like to thank Braden Thomas of the Apple Product Security team for reporting these issues.\n\nNote: CVE-2010-1797 only affects the FreeType 2 font engine.\n\nUsers are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2010-08-06T00:00:00", "type": "nessus", "title": "RHEL 3 / 4 / 5 : freetype (RHSA-2010:0607)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1797"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:freetype", "p-cpe:/a:redhat:enterprise_linux:freetype-demos", "p-cpe:/a:redhat:enterprise_linux:freetype-devel", "p-cpe:/a:redhat:enterprise_linux:freetype-utils", "cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:4.8", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2010-0607.NASL", "href": "https://www.tenable.com/plugins/nessus/48258", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0607. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48258);\n script_version(\"1.27\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1797\");\n script_xref(name:\"RHSA\", value:\"2010:0607\");\n\n script_name(english:\"RHEL 3 / 4 / 5 : freetype (RHSA-2010:0607)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated freetype packages that fix two security issues are now\navailable for Red Hat Enterprise Linux 3, 4, and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open\nand manage font files. It also loads, hints, and renders individual\nglyphs efficiently. The freetype packages for Red Hat Enterprise Linux\n3 and 4 provide both the FreeType 1 and FreeType 2 font engines. The\nfreetype packages for Red Hat Enterprise Linux 5 provide only the\nFreeType 2 font engine.\n\nTwo stack overflow flaws were found in the way the FreeType font\nengine processed certain Compact Font Format (CFF) character strings\n(opcodes). If a user loaded a specially crafted font file with an\napplication linked against FreeType, it could cause the application to\ncrash or, possibly, execute arbitrary code with the privileges of the\nuser running the application. (CVE-2010-1797)\n\nRed Hat would like to thank Braden Thomas of the Apple Product\nSecurity team for reporting these issues.\n\nNote: CVE-2010-1797 only affects the FreeType 2 font engine.\n\nUsers are advised to upgrade to these updated packages, which contain\na backported patch to correct these issues. The X server must be\nrestarted (log out, then log back in) for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-1797\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0607\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/08/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x / 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0607\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"freetype-2.1.4-16.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"freetype-devel-2.1.4-16.el3\")) flag++;\n\n\n if (rpm_check(release:\"RHEL4\", reference:\"freetype-2.1.9-15.el4.8\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"freetype-demos-2.1.9-15.el4.8\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"freetype-devel-2.1.9-15.el4.8\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"freetype-utils-2.1.9-15.el4.8\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", reference:\"freetype-2.2.1-26.el5_5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"freetype-demos-2.2.1-26.el5_5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"freetype-demos-2.2.1-26.el5_5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"freetype-demos-2.2.1-26.el5_5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"freetype-devel-2.2.1-26.el5_5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype / freetype-demos / freetype-devel / freetype-utils\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2018-01-02T10:54:42", "description": "Check for the Version of freetype", "cvss3": {}, "published": "2010-11-23T00:00:00", "type": "openvas", "title": "Fedora Update for freetype FEDORA-2010-17728", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2500", "CVE-2010-2808", "CVE-2010-2527", "CVE-2010-2520", "CVE-2010-2805", "CVE-2010-2806", "CVE-2010-3311", "CVE-2010-2519", "CVE-2010-2498", "CVE-2010-1797", "CVE-2010-3855", "CVE-2010-2499", "CVE-2010-2541"], "modified": "2017-12-29T00:00:00", "id": "OPENVAS:1361412562310862560", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862560", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for freetype FEDORA-2010-17728\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"freetype on Fedora 13\";\ntag_insight = \"The FreeType engine is a free and portable font rendering\n engine, developed to provide advanced font support for a variety of\n platforms and environments. FreeType is a library which can open and\n manages font files as well as efficiently load, hint and render\n individual glyphs. FreeType is not a font server or a complete\n text-rendering library.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051231.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862560\");\n script_version(\"$Revision: 8258 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-29 08:28:57 +0100 (Fri, 29 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-23 15:30:07 +0100 (Tue, 23 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-17728\");\n script_cve_id(\"CVE-2010-3855\", \"CVE-2010-2805\", \"CVE-2010-2806\", \"CVE-2010-2808\", \"CVE-2010-3311\", \"CVE-2010-1797\", \"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2520\", \"CVE-2010-2527\", \"CVE-2010-2541\");\n script_name(\"Fedora Update for freetype FEDORA-2010-17728\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of freetype\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.3.11~7.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-14T11:48:53", "description": "Check for the Version of freetype", "cvss3": {}, "published": "2010-11-23T00:00:00", "type": "openvas", "title": "Fedora Update for freetype FEDORA-2010-17728", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2500", "CVE-2010-2808", "CVE-2010-2527", "CVE-2010-2520", "CVE-2010-2805", "CVE-2010-2806", "CVE-2010-3311", "CVE-2010-2519", "CVE-2010-2498", "CVE-2010-1797", "CVE-2010-3855", "CVE-2010-2499", "CVE-2010-2541"], "modified": "2017-12-14T00:00:00", "id": "OPENVAS:862560", "href": "http://plugins.openvas.org/nasl.php?oid=862560", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for freetype FEDORA-2010-17728\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"freetype on Fedora 13\";\ntag_insight = \"The FreeType engine is a free and portable font rendering\n engine, developed to provide advanced font support for a variety of\n platforms and environments. FreeType is a library which can open and\n manages font files as well as efficiently load, hint and render\n individual glyphs. FreeType is not a font server or a complete\n text-rendering library.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051231.html\");\n script_id(862560);\n script_version(\"$Revision: 8109 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-14 07:31:15 +0100 (Thu, 14 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-23 15:30:07 +0100 (Tue, 23 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-17728\");\n script_cve_id(\"CVE-2010-3855\", \"CVE-2010-2805\", \"CVE-2010-2806\", \"CVE-2010-2808\", \"CVE-2010-3311\", \"CVE-2010-1797\", \"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2520\", \"CVE-2010-2527\", \"CVE-2010-2541\");\n script_name(\"Fedora Update for freetype FEDORA-2010-17728\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of freetype\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.3.11~7.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-25T10:55:11", "description": "Check for the Version of freetype", "cvss3": {}, "published": "2010-11-23T00:00:00", "type": "openvas", "title": "Fedora Update for freetype FEDORA-2010-17755", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2500", "CVE-2010-2808", "CVE-2010-2527", "CVE-2010-2520", "CVE-2010-2805", "CVE-2010-2806", "CVE-2010-3311", "CVE-2010-2519", "CVE-2010-2498", "CVE-2010-1797", "CVE-2010-3855", "CVE-2010-2499", "CVE-2010-2541"], "modified": "2018-01-24T00:00:00", "id": "OPENVAS:1361412562310862563", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862563", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for freetype FEDORA-2010-17755\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"freetype on Fedora 12\";\ntag_insight = \"The FreeType engine is a free and portable font rendering\n engine, developed to provide advanced font support for a variety of\n platforms and environments. FreeType is a library which can open and\n manages font files as well as efficiently load, hint and render\n individual glyphs. FreeType is not a font server or a complete\n text-rendering library.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051251.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862563\");\n script_version(\"$Revision: 8510 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-24 08:57:42 +0100 (Wed, 24 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-23 15:30:07 +0100 (Tue, 23 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-17755\");\n script_cve_id(\"CVE-2010-3855\", \"CVE-2010-2805\", \"CVE-2010-2806\", \"CVE-2010-2808\", \"CVE-2010-3311\", \"CVE-2010-1797\", \"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2520\", \"CVE-2010-2527\", \"CVE-2010-2541\");\n script_name(\"Fedora Update for freetype FEDORA-2010-17755\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of freetype\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.3.11~7.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:54:30", "description": "Check for the Version of freetype", "cvss3": {}, "published": "2010-11-23T00:00:00", "type": "openvas", "title": "Fedora Update for freetype FEDORA-2010-17755", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2500", "CVE-2010-2808", "CVE-2010-2527", "CVE-2010-2520", "CVE-2010-2805", "CVE-2010-2806", "CVE-2010-3311", "CVE-2010-2519", "CVE-2010-2498", "CVE-2010-1797", "CVE-2010-3855", "CVE-2010-2499", "CVE-2010-2541"], "modified": "2017-12-25T00:00:00", "id": "OPENVAS:862563", "href": "http://plugins.openvas.org/nasl.php?oid=862563", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for freetype FEDORA-2010-17755\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"freetype on Fedora 12\";\ntag_insight = \"The FreeType engine is a free and portable font rendering\n engine, developed to provide advanced font support for a variety of\n platforms and environments. FreeType is a library which can open and\n manages font files as well as efficiently load, hint and render\n individual glyphs. FreeType is not a font server or a complete\n text-rendering library.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051251.html\");\n script_id(862563);\n script_version(\"$Revision: 8243 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-25 07:30:04 +0100 (Mon, 25 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-23 15:30:07 +0100 (Tue, 23 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-17755\");\n script_cve_id(\"CVE-2010-3855\", \"CVE-2010-2805\", \"CVE-2010-2806\", \"CVE-2010-2808\", \"CVE-2010-3311\", \"CVE-2010-1797\", \"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2520\", \"CVE-2010-2527\", \"CVE-2010-2541\");\n script_name(\"Fedora Update for freetype FEDORA-2010-17755\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of freetype\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.3.11~7.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-21T11:32:39", "description": "Check for the Version of freetype", "cvss3": {}, "published": "2010-11-16T00:00:00", "type": "openvas", "title": "Fedora Update for freetype FEDORA-2010-15785", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2500", "CVE-2010-2808", "CVE-2010-2527", "CVE-2010-2520", "CVE-2010-2805", "CVE-2010-2806", "CVE-2010-3311", "CVE-2010-2519", "CVE-2010-2498", "CVE-2010-1797", "CVE-2010-2499", "CVE-2010-2541"], "modified": "2017-12-20T00:00:00", "id": "OPENVAS:1361412562310862528", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862528", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for freetype FEDORA-2010-15785\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"freetype on Fedora 12\";\ntag_insight = \"The FreeType engine is a free and portable font rendering\n engine, developed to provide advanced font support for a variety of\n platforms and environments. FreeType is a library which can open and\n manages font files as well as efficiently load, hint and render\n individual glyphs. FreeType is not a font server or a complete\n text-rendering library.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050203.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862528\");\n script_version(\"$Revision: 8187 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-20 08:30:09 +0100 (Wed, 20 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-16 14:49:48 +0100 (Tue, 16 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-15785\");\n script_cve_id(\"CVE-2010-2805\", \"CVE-2010-2806\", \"CVE-2010-2808\", \"CVE-2010-3311\", \"CVE-2010-1797\", \"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2520\", \"CVE-2010-2527\", \"CVE-2010-2541\");\n script_name(\"Fedora Update for freetype FEDORA-2010-15785\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of freetype\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.3.11~6.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-12T11:10:52", "description": "Check for the Version of freetype", "cvss3": {}, "published": "2010-11-16T00:00:00", "type": "openvas", "title": "Fedora Update for freetype FEDORA-2010-15785", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2500", "CVE-2010-2808", "CVE-2010-2527", "CVE-2010-2520", "CVE-2010-2805", "CVE-2010-2806", "CVE-2010-3311", "CVE-2010-2519", "CVE-2010-2498", "CVE-2010-1797", "CVE-2010-2499", "CVE-2010-2541"], "modified": "2017-12-11T00:00:00", "id": "OPENVAS:862528", "href": "http://plugins.openvas.org/nasl.php?oid=862528", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for freetype FEDORA-2010-15785\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"freetype on Fedora 12\";\ntag_insight = \"The FreeType engine is a free and portable font rendering\n engine, developed to provide advanced font support for a variety of\n platforms and environments. FreeType is a library which can open and\n manages font files as well as efficiently load, hint and render\n individual glyphs. FreeType is not a font server or a complete\n text-rendering library.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050203.html\");\n script_id(862528);\n script_version(\"$Revision: 8068 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-11 07:31:34 +0100 (Mon, 11 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-16 14:49:48 +0100 (Tue, 16 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-15785\");\n script_cve_id(\"CVE-2010-2805\", \"CVE-2010-2806\", \"CVE-2010-2808\", \"CVE-2010-3311\", \"CVE-2010-1797\", \"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2520\", \"CVE-2010-2527\", \"CVE-2010-2541\");\n script_name(\"Fedora Update for freetype FEDORA-2010-15785\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of freetype\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.3.11~6.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-22T13:05:55", "description": "Check for the Version of freetype", "cvss3": {}, "published": "2010-10-22T00:00:00", "type": "openvas", "title": "Fedora Update for freetype FEDORA-2010-15705", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2500", "CVE-2010-2808", "CVE-2010-2527", "CVE-2010-2520", "CVE-2010-2805", "CVE-2010-2806", "CVE-2010-3311", "CVE-2010-2519", "CVE-2010-2498", "CVE-2010-1797", "CVE-2010-2499", "CVE-2010-2541"], "modified": "2018-01-22T00:00:00", "id": "OPENVAS:1361412562310862471", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862471", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for freetype FEDORA-2010-15705\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"freetype on Fedora 13\";\ntag_insight = \"The FreeType engine is a free and portable font rendering\n engine, developed to provide advanced font support for a variety of\n platforms and environments. FreeType is a library which can open and\n manages font files as well as efficiently load, hint and render\n individual glyphs. FreeType is not a font server or a complete\n text-rendering library.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049605.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862471\");\n script_version(\"$Revision: 8485 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-22 08:57:57 +0100 (Mon, 22 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-10-22 16:42:09 +0200 (Fri, 22 Oct 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-15705\");\n script_cve_id(\"CVE-2010-2805\", \"CVE-2010-2806\", \"CVE-2010-2808\", \"CVE-2010-3311\", \"CVE-2010-1797\", \"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2520\", \"CVE-2010-2527\", \"CVE-2010-2541\");\n script_name(\"Fedora Update for freetype FEDORA-2010-15705\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of freetype\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.3.11~6.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:54:32", "description": "Check for the Version of freetype", "cvss3": {}, "published": "2010-10-22T00:00:00", "type": "openvas", "title": "Fedora Update for freetype FEDORA-2010-15705", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2500", "CVE-2010-2808", "CVE-2010-2527", "CVE-2010-2520", "CVE-2010-2805", "CVE-2010-2806", "CVE-2010-3311", "CVE-2010-2519", "CVE-2010-2498", "CVE-2010-1797", "CVE-2010-2499", "CVE-2010-2541"], "modified": "2017-12-22T00:00:00", "id": "OPENVAS:862471", "href": "http://plugins.openvas.org/nasl.php?oid=862471", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for freetype FEDORA-2010-15705\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"freetype on Fedora 13\";\ntag_insight = \"The FreeType engine is a free and portable font rendering\n engine, developed to provide advanced font support for a variety of\n platforms and environments. FreeType is a library which can open and\n manages font files as well as efficiently load, hint and render\n individual glyphs. FreeType is not a font server or a complete\n text-rendering library.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049605.html\");\n script_id(862471);\n script_version(\"$Revision: 8226 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-22 07:30:26 +0100 (Fri, 22 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-10-22 16:42:09 +0200 (Fri, 22 Oct 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-15705\");\n script_cve_id(\"CVE-2010-2805\", \"CVE-2010-2806\", \"CVE-2010-2808\", \"CVE-2010-3311\", \"CVE-2010-1797\", \"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2520\", \"CVE-2010-2527\", \"CVE-2010-2541\");\n script_name(\"Fedora Update for freetype FEDORA-2010-15705\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of freetype\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.3.11~6.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-23T13:05:17", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-963-1", "cvss3": {}, "published": "2010-07-23T00:00:00", "type": "openvas", "title": "Ubuntu Update for freetype vulnerabilities USN-963-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2500", "CVE-2010-2527", "CVE-2010-2520", "CVE-2010-2519", "CVE-2010-2498", "CVE-2010-2499"], "modified": "2018-01-23T00:00:00", "id": "OPENVAS:1361412562310840461", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840461", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_963_1.nasl 8495 2018-01-23 07:57:49Z teissa $\n#\n# Ubuntu Update for freetype vulnerabilities USN-963-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Robert Święcki discovered that FreeType did not correctly handle certain\n malformed font files. If a user were tricked into using a specially crafted\n font file, a remote attacker could execute arbitrary code with user\n privileges.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-963-1\";\ntag_affected = \"freetype vulnerabilities on Ubuntu 6.06 LTS ,\n Ubuntu 8.04 LTS ,\n Ubuntu 9.04 ,\n Ubuntu 9.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-963-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840461\");\n script_version(\"$Revision: 8495 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-23 08:57:49 +0100 (Tue, 23 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-23 16:10:25 +0200 (Fri, 23 Jul 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"USN\", value: \"963-1\");\n script_cve_id(\"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2520\", \"CVE-2010-2527\");\n script_name(\"Ubuntu Update for freetype vulnerabilities USN-963-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-dev\", ver:\"2.3.9-5ubuntu0.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.3.9-5ubuntu0.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"freetype2-demos\", ver:\"2.3.9-5ubuntu0.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-udeb\", ver:\"2.3.9-5ubuntu0.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-dev\", ver:\"2.1.10-1ubuntu2.7\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.1.10-1ubuntu2.7\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"freetype2-demos\", ver:\"2.1.10-1ubuntu2.7\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-udeb\", ver:\"2.1.10-1ubuntu2.7\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-dev\", ver:\"2.3.11-1ubuntu2.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.3.11-1ubuntu2.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"freetype2-demos\", ver:\"2.3.11-1ubuntu2.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-udeb\", ver:\"2.3.11-1ubuntu2.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU9.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-dev\", ver:\"2.3.9-4ubuntu0.2\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.3.9-4ubuntu0.2\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"freetype2-demos\", ver:\"2.3.9-4ubuntu0.2\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-udeb\", ver:\"2.3.9-4ubuntu0.2\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-dev\", ver:\"2.3.5-1ubuntu4.8.04.3\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.3.5-1ubuntu4.8.04.3\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"freetype2-demos\", ver:\"2.3.5-1ubuntu4.8.04.3\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-udeb\", ver:\"2.3.5-1ubuntu4.8.04.3\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-04T11:17:39", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-963-1", "cvss3": {}, "published": "2010-07-23T00:00:00", "type": "openvas", "title": "Ubuntu Update for freetype vulnerabilities USN-963-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2500", "CVE-2010-2527", "CVE-2010-2520", "CVE-2010-2519", "CVE-2010-2498", "CVE-2010-2499"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840461", "href": "http://plugins.openvas.org/nasl.php?oid=840461", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_963_1.nasl 7965 2017-12-01 07:38:25Z santu $\n#\n# Ubuntu Update for freetype vulnerabilities USN-963-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Robert Święcki discovered that FreeType did not correctly handle certain\n malformed font files. If a user were tricked into using a specially crafted\n font file, a remote attacker could execute arbitrary code with user\n privileges.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-963-1\";\ntag_affected = \"freetype vulnerabilities on Ubuntu 6.06 LTS ,\n Ubuntu 8.04 LTS ,\n Ubuntu 9.04 ,\n Ubuntu 9.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-963-1/\");\n script_id(840461);\n script_version(\"$Revision: 7965 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:38:25 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-23 16:10:25 +0200 (Fri, 23 Jul 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"USN\", value: \"963-1\");\n script_cve_id(\"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2520\", \"CVE-2010-2527\");\n script_name(\"Ubuntu Update for freetype vulnerabilities USN-963-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-dev\", ver:\"2.3.9-5ubuntu0.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.3.9-5ubuntu0.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"freetype2-demos\", ver:\"2.3.9-5ubuntu0.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-udeb\", ver:\"2.3.9-5ubuntu0.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-dev\", ver:\"2.1.10-1ubuntu2.7\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.1.10-1ubuntu2.7\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"freetype2-demos\", ver:\"2.1.10-1ubuntu2.7\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-udeb\", ver:\"2.1.10-1ubuntu2.7\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-dev\", ver:\"2.3.11-1ubuntu2.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.3.11-1ubuntu2.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"freetype2-demos\", ver:\"2.3.11-1ubuntu2.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-udeb\", ver:\"2.3.11-1ubuntu2.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU9.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-dev\", ver:\"2.3.9-4ubuntu0.2\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.3.9-4ubuntu0.2\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"freetype2-demos\", ver:\"2.3.9-4ubuntu0.2\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-udeb\", ver:\"2.3.9-4ubuntu0.2\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-dev\", ver:\"2.3.5-1ubuntu4.8.04.3\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.3.5-1ubuntu4.8.04.3\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"freetype2-demos\", ver:\"2.3.5-1ubuntu4.8.04.3\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-udeb\", ver:\"2.3.5-1ubuntu4.8.04.3\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:53", "description": "Check for the Version of freetype", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for freetype CESA-2010:0578 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2500", "CVE-2010-2527", "CVE-2010-2519", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2541"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880576", "href": "http://plugins.openvas.org/nasl.php?oid=880576", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for freetype CESA-2010:0578 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"FreeType is a free, high-quality, portable font engine that can open and\n manage font files. It also loads, hints, and renders individual glyphs\n efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide\n both the FreeType 1 and FreeType 2 font engines. The freetype packages for\n Red Hat Enterprise Linux 5 provide only the FreeType 2 font engine.\n\n An invalid memory management flaw was found in the way the FreeType font\n engine processed font files. If a user loaded a carefully-crafted font file\n with an application linked against FreeType, it could cause the application\n to crash or, possibly, execute arbitrary code with the privileges of the\n user running the application. (CVE-2010-2498)\n \n An integer overflow flaw was found in the way the FreeType font engine\n processed font files. If a user loaded a carefully-crafted font file with\n an application linked against FreeType, it could cause the application to\n crash or, possibly, execute arbitrary code with the privileges of the user\n running the application. (CVE-2010-2500)\n \n Several buffer overflow flaws were found in the way the FreeType font\n engine processed font files. If a user loaded a carefully-crafted font file\n with an application linked against FreeType, it could cause the application\n to crash or, possibly, execute arbitrary code with the privileges of the\n user running the application. (CVE-2010-2499, CVE-2010-2519)\n \n Several buffer overflow flaws were found in the FreeType demo applications.\n If a user loaded a carefully-crafted font file with a demo application, it\n could cause the application to crash or, possibly, execute arbitrary code\n with the privileges of the user running the application. (CVE-2010-2527,\n CVE-2010-2541)\n \n Red Hat would like to thank Robert Swiecki of the Google Security Team for\n the discovery of the CVE-2010-2498, CVE-2010-2500, CVE-2010-2499,\n CVE-2010-2519, and CVE-2010-2527 issues.\n \n Note: All of the issues in this erratum only affect the FreeType 2 font\n engine.\n \n Users are advised to upgrade to these updated packages, which contain\n backported patches to correct these issues. The X server must be restarted\n (log out, then log back in) for this update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"freetype on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2010-August/016855.html\");\n script_id(880576);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2010:0578\");\n script_cve_id(\"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2527\", \"CVE-2010-2541\");\n script_name(\"CentOS Update for freetype CESA-2010:0578 centos5 i386\");\n\n script_summary(\"Check for the Version of freetype\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.2.1~25.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.2.1~25.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.2.1~25.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:54:32", "description": "Check for the Version of freetype", "cvss3": {}, "published": "2010-08-02T00:00:00", "type": "openvas", "title": "RedHat Update for freetype RHSA-2010:0578-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2500", "CVE-2010-2527", "CVE-2010-2519", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2541"], "modified": "2017-12-22T00:00:00", "id": "OPENVAS:870300", "href": "http://plugins.openvas.org/nasl.php?oid=870300", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for freetype RHSA-2010:0578-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"FreeType is a free, high-quality, portable font engine that can open and\n manage font files. It also loads, hints, and renders individual glyphs\n efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide\n both the FreeType 1 and FreeType 2 font engines. The freetype packages for\n Red Hat Enterprise Linux 5 provide only the FreeType 2 font engine.\n\n An invalid memory management flaw was found in the way the FreeType font\n engine processed font files. If a user loaded a carefully-crafted font file\n with an application linked against FreeType, it could cause the application\n to crash or, possibly, execute arbitrary code with the privileges of the\n user running the application. (CVE-2010-2498)\n \n An integer overflow flaw was found in the way the FreeType font engine\n processed font files. If a user loaded a carefully-crafted font file with\n an application linked against FreeType, it could cause the application to\n crash or, possibly, execute arbitrary code with the privileges of the user\n running the application. (CVE-2010-2500)\n \n Several buffer overflow flaws were found in the way the FreeType font\n engine processed font files. If a user loaded a carefully-crafted font file\n with an application linked against FreeType, it could cause the application\n to crash or, possibly, execute arbitrary code with the privileges of the\n user running the application. (CVE-2010-2499, CVE-2010-2519)\n \n Several buffer overflow flaws were found in the FreeType demo applications.\n If a user loaded a carefully-crafted font file with a demo application, it\n could cause the application to crash or, possibly, execute arbitrary code\n with the privileges of the user running the application. (CVE-2010-2527,\n CVE-2010-2541)\n \n Red Hat would like to thank Robert Swiecki of the Google Security Team for\n the discovery of the CVE-2010-2498, CVE-2010-2500, CVE-2010-2499,\n CVE-2010-2519, and CVE-2010-2527 issues.\n \n Note: All of the issues in this erratum only affect the FreeType 2 font\n engine.\n \n Users are advised to upgrade to these updated packages, which contain\n backported patches to correct these issues. The X server must be restarted\n (log out, then log back in) for this update to take effect.\";\n\ntag_affected = \"freetype on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2010-July/msg00026.html\");\n script_id(870300);\n script_version(\"$Revision: 8226 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-22 07:30:26 +0100 (Fri, 22 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-02 12:38:17 +0200 (Mon, 02 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2010:0578-01\");\n script_cve_id(\"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2527\", \"CVE-2010-2541\");\n script_name(\"RedHat Update for freetype RHSA-2010:0578-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of freetype\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.2.1~25.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-debuginfo\", rpm:\"freetype-debuginfo~2.2.1~25.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.2.1~25.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.2.1~25.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.1.9~14.el4.8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-debuginfo\", rpm:\"freetype-debuginfo~2.1.9~14.el4.8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.1.9~14.el4.8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.1.9~14.el4.8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-utils\", rpm:\"freetype-utils~2.1.9~14.el4.8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:39", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for freetype CESA-2010:0578 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2500", "CVE-2010-2527", "CVE-2010-2519", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2541"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310880576", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880576", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for freetype CESA-2010:0578 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2010-August/016855.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880576\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2010:0578\");\n script_cve_id(\"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2527\", \"CVE-2010-2541\");\n script_name(\"CentOS Update for freetype CESA-2010:0578 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'freetype'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"freetype on CentOS 5\");\n script_tag(name:\"insight\", value:\"FreeType is a free, high-quality, portable font engine that can open and\n manage font files. It also loads, hints, and renders individual glyphs\n efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide\n both the FreeType 1 and FreeType 2 font engines. The freetype packages for\n Red Hat Enterprise Linux 5 provide only the FreeType 2 font engine.\n\n An invalid memory management flaw was found in the way the FreeType font\n engine processed font files. If a user loaded a carefully-crafted font file\n with an application linked against FreeType, it could cause the application\n to crash or, possibly, execute arbitrary code with the privileges of the\n user running the application. (CVE-2010-2498)\n\n An integer overflow flaw was found in the way the FreeType font engine\n processed font files. If a user loaded a carefully-crafted font file with\n an application linked against FreeType, it could cause the application to\n crash or, possibly, execute arbitrary code with the privileges of the user\n running the application. (CVE-2010-2500)\n\n Several buffer overflow flaws were found in the way the FreeType font\n engine processed font files. If a user loaded a carefully-crafted font file\n with an application linked against FreeType, it could cause the application\n to crash or, possibly, execute arbitrary code with the privileges of the\n user running the application. (CVE-2010-2499, CVE-2010-2519)\n\n Several buffer overflow flaws were found in the FreeType demo applications.\n If a user loaded a carefully-crafted font file with a demo application, it\n could cause the application to crash or, possibly, execute arbitrary code\n with the privileges of the user running the application. (CVE-2010-2527,\n CVE-2010-2541)\n\n Red Hat would like to thank Robert Swiecki of the Google Security Team for\n the discovery of the CVE-2010-2498, CVE-2010-2500, CVE-2010-2499,\n CVE-2010-2519, and CVE-2010-2527 issues.\n\n Note: All of the issues in this erratum only affect the FreeType 2 font\n engine.\n\n Users are advised to upgrade to these updated packages, which contain\n backported patches to correct these issues. The X server must be restarted\n (log out, then log back in) for this update to take effect.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.2.1~25.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.2.1~25.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.2.1~25.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:54", "description": "Oracle Linux Local Security Checks ELSA-2010-0578", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2010-0578", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2500", "CVE-2010-2527", "CVE-2010-2519", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2541"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122337", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122337", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2010-0578.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122337\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:17:02 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2010-0578\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2010-0578\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2010-0578.html\");\n script_cve_id(\"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2527\", \"CVE-2010-2541\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.2.1~25.el5_5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.2.1~25.el5_5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.2.1~25.el5_5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-22T13:05:55", "description": "Check for the Version of freetype", "cvss3": {}, "published": "2010-08-02T00:00:00", "type": "openvas", "title": "RedHat Update for freetype RHSA-2010:0578-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2500", "CVE-2010-2527", "CVE-2010-2519", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2541"], "modified": "2018-01-22T00:00:00", "id": "OPENVAS:1361412562310870300", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870300", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for freetype RHSA-2010:0578-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"FreeType is a free, high-quality, portable font engine that can open and\n manage font files. It also loads, hints, and renders individual glyphs\n efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide\n both the FreeType 1 and FreeType 2 font engines. The freetype packages for\n Red Hat Enterprise Linux 5 provide only the FreeType 2 font engine.\n\n An invalid memory management flaw was found in the way the FreeType font\n engine processed font files. If a user loaded a carefully-crafted font file\n with an application linked against FreeType, it could cause the application\n to crash or, possibly, execute arbitrary code with the privileges of the\n user running the application. (CVE-2010-2498)\n \n An integer overflow flaw was found in the way the FreeType font engine\n processed font files. If a user loaded a carefully-crafted font file with\n an application linked against FreeType, it could cause the application to\n crash or, possibly, execute arbitrary code with the privileges of the user\n running the application. (CVE-2010-2500)\n \n Several buffer overflow flaws were found in the way the FreeType font\n engine processed font files. If a user loaded a carefully-crafted font file\n with an application linked against FreeType, it could cause the application\n to crash or, possibly, execute arbitrary code with the privileges of the\n user running the application. (CVE-2010-2499, CVE-2010-2519)\n \n Several buffer overflow flaws were found in the FreeType demo applications.\n If a user loaded a carefully-crafted font file with a demo application, it\n could cause the application to crash or, possibly, execute arbitrary code\n with the privileges of the user running the application. (CVE-2010-2527,\n CVE-2010-2541)\n \n Red Hat would like to thank Robert Swiecki of the Google Security Team for\n the discovery of the CVE-2010-2498, CVE-2010-2500, CVE-2010-2499,\n CVE-2010-2519, and CVE-2010-2527 issues.\n \n Note: All of the issues in this erratum only affect the FreeType 2 font\n engine.\n \n Users are advised to upgrade to these updated packages, which contain\n backported patches to correct these issues. The X server must be restarted\n (log out, then log back in) for this update to take effect.\";\n\ntag_affected = \"freetype on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2010-July/msg00026.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870300\");\n script_version(\"$Revision: 8485 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-22 08:57:57 +0100 (Mon, 22 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-02 12:38:17 +0200 (Mon, 02 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2010:0578-01\");\n script_cve_id(\"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2527\", \"CVE-2010-2541\");\n script_name(\"RedHat Update for freetype RHSA-2010:0578-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of freetype\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.2.1~25.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-debuginfo\", rpm:\"freetype-debuginfo~2.2.1~25.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.2.1~25.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.2.1~25.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.1.9~14.el4.8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-debuginfo\", rpm:\"freetype-debuginfo~2.1.9~14.el4.8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.1.9~14.el4.8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.1.9~14.el4.8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-utils\", rpm:\"freetype-utils~2.1.9~14.el4.8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:10:01", "description": "This host is installed with FreeType and is prone to multiple\n vulnerabilities.", "cvss3": {}, "published": "2010-09-01T00:00:00", "type": "openvas", "title": "FreeType Memory Corruption and Buffer Overflow Vulnerabilities (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2500", "CVE-2010-2527", "CVE-2010-2520", "CVE-2010-2519", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2497"], "modified": "2017-02-22T00:00:00", "id": "OPENVAS:901143", "href": "http://plugins.openvas.org/nasl.php?oid=901143", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_freetype_mem_corruption_n_bof_vuln_win.nasl 5394 2017-02-22 09:22:42Z teissa $\n#\n# FreeType Memory Corruption and Buffer Overflow Vulnerabilities (Windows)\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2010 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation may allow attackers to execute arbitrary code in the\n context of an application that uses the affected library. Failed exploitation\n attempts will likely result in denial-of-service conditions.\n Impact Level: Application\";\ntag_affected = \"FreeType versions prior to 2.4.0\";\ntag_insight = \"Multiple flaws are due to,\n - An error in the 'demo' programs.\n - A heap-based buffer overflow in the 'Ins_IUP function()' in \n 'truetype/ttinterp.c' and 'Mac_Read_POST_Resource()' function in\n ' base/ftobjs.c'.\n - An integer overflow in the 'gray_render_span()' function in 'smooth/ftgrays.c'\n and integer underflow in 'glyph' handling.\n - A Buffer overflow in the 'Mac_Read_POST_Resource()' function in\n 'base/ftobjs.c'.\n - An error in the 'psh_glyph_find_strong_pointr()' function in \n 'pshinter/pshalgo.c'.\n when processing malformed font files,\";\ntag_solution = \"Upgrade to FreeType version 2.4.2 or later,\n For updates refer to http://www.freetype.org/\";\ntag_summary = \"This host is installed with FreeType and is prone to multiple\n vulnerabilities.\";\n\nif(description)\n{\n script_id(901143);\n script_version(\"$Revision: 5394 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-22 10:22:42 +0100 (Wed, 22 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-09-01 09:34:36 +0200 (Wed, 01 Sep 2010)\");\n script_cve_id(\"CVE-2010-2497\", \"CVE-2010-2498\", \"CVE-2010-2499\",\n \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2520\",\n \"CVE-2010-2527\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"FreeType Memory Corruption and Buffer Overflow Vulnerabilities (Windows)\");\n script_xref(name : \"URL\" , value : \"http://www.vupen.com/english/advisories/2010/1811\");\n script_xref(name : \"URL\" , value : \"http://sourceforge.net/projects/freetype/files/freetype2/2.4.0/NEWS/view\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 SecPod\");\n script_family(\"Denial of Service\");\n script_dependencies(\"secpod_freetype_detect_win.nasl\");\n script_require_keys(\"FreeType/Win/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n## Get FreeType Version From KB\nftVer = get_kb_item(\"FreeType/Win/Ver\");\nif(! ftVer) {\n exit(0);\n}\n\nif(ftVer != NULL)\n{\n ## Check for FreeType version prior to 2.4.0\n if(version_is_less(version: ftVer, test_version: \"2.4.0\")){\n security_message(0);\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-04-27T19:23:02", "description": "This host is installed with FreeType and is prone to multiple\n vulnerabilities.", "cvss3": {}, "published": "2010-09-01T00:00:00", "type": "openvas", "title": "FreeType Memory Corruption and Buffer Overflow Vulnerabilities (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2500", "CVE-2010-2527", "CVE-2010-2520", "CVE-2010-2519", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2497"], "modified": "2020-04-23T00:00:00", "id": "OPENVAS:1361412562310901143", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310901143", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# FreeType Memory Corruption and Buffer Overflow Vulnerabilities (Windows)\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2010 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.901143\");\n script_version(\"2020-04-23T12:22:09+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-23 12:22:09 +0000 (Thu, 23 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2010-09-01 09:34:36 +0200 (Wed, 01 Sep 2010)\");\n script_cve_id(\"CVE-2010-2497\", \"CVE-2010-2498\", \"CVE-2010-2499\",\n \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2520\",\n \"CVE-2010-2527\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"FreeType Memory Corruption and Buffer Overflow Vulnerabilities (Windows)\");\n script_xref(name:\"URL\", value:\"http://www.vupen.com/english/advisories/2010/1811\");\n script_xref(name:\"URL\", value:\"http://sourceforge.net/projects/freetype/files/freetype2/2.4.0/NEWS/view\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 SecPod\");\n script_family(\"Denial of Service\");\n script_dependencies(\"secpod_freetype_detect_win.nasl\");\n script_mandatory_keys(\"FreeType/Win/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation may allow attackers to execute arbitrary code in the\n context of an application that uses the affected library. Failed exploitation\n attempts will likely result in denial-of-service conditions.\");\n script_tag(name:\"affected\", value:\"FreeType versions prior to 2.4.0\");\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - An error in the 'demo' programs.\n\n - A heap-based buffer overflow in the 'Ins_IUP function()' in\n 'truetype/ttinterp.c' and 'Mac_Read_POST_Resource()' function in\n ' base/ftobjs.c'.\n\n - An integer overflow in the 'gray_render_span()' function in 'smooth/ftgrays.c'\n and integer underflow in 'glyph' handling.\n\n - A Buffer overflow in the 'Mac_Read_POST_Resource()' function in\n 'base/ftobjs.c'.\n\n - An error in the 'psh_glyph_find_strong_pointr()' function in\n 'pshinter/pshalgo.c'.\n when processing malformed font files.\");\n script_tag(name:\"solution\", value:\"Upgrade to FreeType version 2.4.2 or later.\");\n script_tag(name:\"summary\", value:\"This host is installed with FreeType and is prone to multiple\n vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://www.freetype.org/\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nftVer = get_kb_item(\"FreeType/Win/Ver\");\nif(! ftVer) {\n exit(0);\n}\n\nif(ftVer != NULL)\n{\n if(version_is_less(version: ftVer, test_version: \"2.4.0\")){\n report = report_fixed_ver(installed_version:ftVer, fixed_version:\"2.4.0\");\n security_message(port: 0, data: report);\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:49:25", "description": "The remote host is missing an update to freetype\nannounced via advisory DSA 2070-1.", "cvss3": {}, "published": "2010-07-22T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2070-1 (freetype)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2500", "CVE-2010-2527", "CVE-2010-2520", "CVE-2010-2519", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2497"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:67706", "href": "http://plugins.openvas.org/nasl.php?oid=67706", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2070_1.nasl 6614 2017-07-07 12:09:12Z cfischer $\n# Description: Auto-generated from advisory DSA 2070-1 (freetype)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Robert Swiecki discovered several vulnerabilities in the FreeType font\nlibrary, which could lead to the execution of arbitrary code if a\nmalformed font file is processed.\n\nAlso, several buffer overflows were found in the included demo programs.\n\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.3.7-2+lenny2.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.4.0-1.\n\nWe recommend that you upgrade your freetype packages.\";\ntag_summary = \"The remote host is missing an update to freetype\nannounced via advisory DSA 2070-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202070-1\";\n\n\nif(description)\n{\n script_id(67706);\n script_version(\"$Revision: 6614 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:12 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-22 17:43:43 +0200 (Thu, 22 Jul 2010)\");\n script_cve_id(\"CVE-2010-2497\", \"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2520\", \"CVE-2010-2527\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 2070-1 (freetype)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libfreetype6-dev\", ver:\"2.3.7-2+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.3.7-2+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"freetype2-demos\", ver:\"2.3.7-2+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-08T12:54:26", "description": "The remote host is missing an update to freetype\nannounced via advisory DSA 2070-1.", "cvss3": {}, "published": "2010-07-22T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2070-1 (freetype)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2500", "CVE-2010-2527", "CVE-2010-2520", "CVE-2010-2519", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2497"], "modified": "2018-01-05T00:00:00", "id": "OPENVAS:136141256231067706", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231067706", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2070_1.nasl 8296 2018-01-05 07:28:01Z teissa $\n# Description: Auto-generated from advisory DSA 2070-1 (freetype)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Robert Swiecki discovered several vulnerabilities in the FreeType font\nlibrary, which could lead to the execution of arbitrary code if a\nmalformed font file is processed.\n\nAlso, several buffer overflows were found in the included demo programs.\n\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.3.7-2+lenny2.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.4.0-1.\n\nWe recommend that you upgrade your freetype packages.\";\ntag_summary = \"The remote host is missing an update to freetype\nannounced via advisory DSA 2070-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202070-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.67706\");\n script_version(\"$Revision: 8296 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-05 08:28:01 +0100 (Fri, 05 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-22 17:43:43 +0200 (Thu, 22 Jul 2010)\");\n script_cve_id(\"CVE-2010-2497\", \"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2520\", \"CVE-2010-2527\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 2070-1 (freetype)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libfreetype6-dev\", ver:\"2.3.7-2+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.3.7-2+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"freetype2-demos\", ver:\"2.3.7-2+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:35:59", "description": "Oracle Linux Local Security Checks ELSA-2010-0889", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2010-0889", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2808", "CVE-2010-2805", "CVE-2010-2806", "CVE-2010-3311", "CVE-2010-3855"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122297", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122297", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2010-0889.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122297\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:16:13 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2010-0889\");\n script_tag(name:\"insight\", value:\"ELSA-2010-0889 - freetype security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2010-0889\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2010-0889.html\");\n script_cve_id(\"CVE-2010-2805\", \"CVE-2010-2806\", \"CVE-2010-2808\", \"CVE-2010-3311\", \"CVE-2010-3855\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.2.1~28.el5_5.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.2.1~28.el5_5.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.2.1~28.el5_5.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.3.11~6.el6_0.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.3.11~6.el6_0.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.3.11~6.el6_0.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:45", "description": "The remote host is missing updates announced in\nadvisory GLSA 201201-09.", "cvss3": {}, "published": "2012-02-12T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201201-09 (FreeType)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2500", "CVE-2010-2807", "CVE-2010-3053", "CVE-2010-2808", "CVE-2010-2527", "CVE-2010-2520", "CVE-2010-2805", "CVE-2011-3256", "CVE-2010-2806", "CVE-2010-3311", "CVE-2010-3054", "CVE-2010-2519", "CVE-2011-0226", "CVE-2010-2498", "CVE-2010-1797", "CVE-2010-3855", "CVE-2010-2499", "CVE-2010-2497", "CVE-2010-2541", "CVE-2010-3814", "CVE-2011-3439"], "modified": "2018-10-12T00:00:00", "id": "OPENVAS:136141256231070810", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070810", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa_201201_09.nasl 11859 2018-10-12 08:53:01Z cfischer $\n#\n# Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70810\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2010-1797\", \"CVE-2010-2497\", \"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2520\", \"CVE-2010-2527\", \"CVE-2010-2541\", \"CVE-2010-2805\", \"CVE-2010-2806\", \"CVE-2010-2807\", \"CVE-2010-2808\", \"CVE-2010-3053\", \"CVE-2010-3054\", \"CVE-2010-3311\", \"CVE-2010-3814\", \"CVE-2010-3855\", \"CVE-2011-0226\", \"CVE-2011-3256\", \"CVE-2011-3439\");\n script_version(\"$Revision: 11859 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:53:01 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-12 10:04:42 -0500 (Sun, 12 Feb 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201201-09 (FreeType)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been found in FreeType, allowing\n remote attackers to possibly execute arbitrary code or cause a Denial\nof\n Service.\");\n script_tag(name:\"solution\", value:\"All FreeType users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/freetype-2.4.8'\");\n\n script_xref(name:\"URL\", value:\"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201201-09\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=332701\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=342121\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=345843\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=377143\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=387535\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=390623\");\n script_tag(name:\"summary\", value:\"The remote host is missing updates announced in\nadvisory GLSA 201201-09.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-gentoo.inc\");\ninclude(\"revisions-lib.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"media-libs/freetype\", unaffected: make_list(\"ge 2.4.8\"), vulnerable: make_list(\"lt 2.4.8\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:50:27", "description": "The remote host is missing updates announced in\nadvisory GLSA 201201-09.", "cvss3": {}, "published": "2012-02-12T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201201-09 (FreeType)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2500", "CVE-2010-2807", "CVE-2010-3053", "CVE-2010-2808", "CVE-2010-2527", "CVE-2010-2520", "CVE-2010-2805", "CVE-2011-3256", "CVE-2010-2806", "CVE-2010-3311", "CVE-2010-3054", "CVE-2010-2519", "CVE-2011-0226", "CVE-2010-2498", "CVE-2010-1797", "CVE-2010-3855", "CVE-2010-2499", "CVE-2010-2497", "CVE-2010-2541", "CVE-2010-3814", "CVE-2011-3439"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:70810", "href": "http://plugins.openvas.org/nasl.php?oid=70810", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities have been found in FreeType, allowing\n remote attackers to possibly execute arbitrary code or cause a Denial\nof\n Service.\";\ntag_solution = \"All FreeType users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/freetype-2.4.8'\n \n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20201201-09\nhttp://bugs.gentoo.org/show_bug.cgi?id=332701\nhttp://bugs.gentoo.org/show_bug.cgi?id=342121\nhttp://bugs.gentoo.org/show_bug.cgi?id=345843\nhttp://bugs.gentoo.org/show_bug.cgi?id=377143\nhttp://bugs.gentoo.org/show_bug.cgi?id=387535\nhttp://bugs.gentoo.org/show_bug.cgi?id=390623\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 201201-09.\";\n\n \n \nif(description)\n{\n script_id(70810);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2010-1797\", \"CVE-2010-2497\", \"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2520\", \"CVE-2010-2527\", \"CVE-2010-2541\", \"CVE-2010-2805\", \"CVE-2010-2806\", \"CVE-2010-2807\", \"CVE-2010-2808\", \"CVE-2010-3053\", \"CVE-2010-3054\", \"CVE-2010-3311\", \"CVE-2010-3814\", \"CVE-2010-3855\", \"CVE-2011-0226\", \"CVE-2011-3256\", \"CVE-2011-3439\");\n script_version(\"$Revision: 6593 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:18:14 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-12 10:04:42 -0500 (Sun, 12 Feb 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201201-09 (FreeType)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"media-libs/freetype\", unaffected: make_list(\"ge 2.4.8\"), vulnerable: make_list(\"lt 2.4.8\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-25T10:55:08", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-972-1", "cvss3": {}, "published": "2010-08-20T00:00:00", "type": "openvas", "title": "Ubuntu Update for freetype vulnerabilities USN-972-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2807", "CVE-2010-2808", "CVE-2010-2805", "CVE-2010-2806", "CVE-2010-1797", "CVE-2010-2541"], "modified": "2018-01-24T00:00:00", "id": "OPENVAS:1361412562310840480", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840480", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_972_1.nasl 8510 2018-01-24 07:57:42Z teissa $\n#\n# Ubuntu Update for freetype vulnerabilities USN-972-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that FreeType did not correctly handle certain malformed\n font files. If a user were tricked into using a specially crafted font\n file, a remote attacker could cause FreeType to crash or possibly execute\n arbitrary code with user privileges.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-972-1\";\ntag_affected = \"freetype vulnerabilities on Ubuntu 6.06 LTS ,\n Ubuntu 8.04 LTS ,\n Ubuntu 9.04 ,\n Ubuntu 9.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-972-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840480\");\n script_version(\"$Revision: 8510 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-24 08:57:42 +0100 (Wed, 24 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-20 14:57:11 +0200 (Fri, 20 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"972-1\");\n script_cve_id(\"CVE-2010-1797\", \"CVE-2010-2541\", \"CVE-2010-2805\", \"CVE-2010-2806\", \"CVE-2010-2807\", \"CVE-2010-2808\");\n script_name(\"Ubuntu Update for freetype vulnerabilities USN-972-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-dev\", ver:\"2.3.9-5ubuntu0.2\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.3.9-5ubuntu0.2\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"freetype2-demos\", ver:\"2.3.9-5ubuntu0.2\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-udeb\", ver:\"2.3.9-5ubuntu0.2\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-dev\", ver:\"2.1.10-1ubuntu2.8\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.1.10-1ubuntu2.8\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"freetype2-demos\", ver:\"2.1.10-1ubuntu2.8\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-udeb\", ver:\"2.1.10-1ubuntu2.8\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-dev\", ver:\"2.3.11-1ubuntu2.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.3.11-1ubuntu2.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"freetype2-demos\", ver:\"2.3.11-1ubuntu2.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-udeb\", ver:\"2.3.11-1ubuntu2.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU9.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-dev\", ver:\"2.3.9-4ubuntu0.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.3.9-4ubuntu0.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"freetype2-demos\", ver:\"2.3.9-4ubuntu0.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-udeb\", ver:\"2.3.9-4ubuntu0.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-dev\", ver:\"2.3.5-1ubuntu4.8.04.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.3.5-1ubuntu4.8.04.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"freetype2-demos\", ver:\"2.3.5-1ubuntu4.8.04.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-udeb\", ver:\"2.3.5-1ubuntu4.8.04.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:17:57", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-972-1", "cvss3": {}, "published": "2010-08-20T00:00:00", "type": "openvas", "title": "Ubuntu Update for freetype vulnerabilities USN-972-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2807", "CVE-2010-2808", "CVE-2010-2805", "CVE-2010-2806", "CVE-2010-1797", "CVE-2010-2541"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840480", "href": "http://plugins.openvas.org/nasl.php?oid=840480", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_972_1.nasl 7965 2017-12-01 07:38:25Z santu $\n#\n# Ubuntu Update for freetype vulnerabilities USN-972-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that FreeType did not correctly handle certain malformed\n font files. If a user were tricked into using a specially crafted font\n file, a remote attacker could cause FreeType to crash or possibly execute\n arbitrary code with user privileges.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-972-1\";\ntag_affected = \"freetype vulnerabilities on Ubuntu 6.06 LTS ,\n Ubuntu 8.04 LTS ,\n Ubuntu 9.04 ,\n Ubuntu 9.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-972-1/\");\n script_id(840480);\n script_version(\"$Revision: 7965 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:38:25 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-20 14:57:11 +0200 (Fri, 20 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"972-1\");\n script_cve_id(\"CVE-2010-1797\", \"CVE-2010-2541\", \"CVE-2010-2805\", \"CVE-2010-2806\", \"CVE-2010-2807\", \"CVE-2010-2808\");\n script_name(\"Ubuntu Update for freetype vulnerabilities USN-972-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-dev\", ver:\"2.3.9-5ubuntu0.2\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.3.9-5ubuntu0.2\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"freetype2-demos\", ver:\"2.3.9-5ubuntu0.2\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-udeb\", ver:\"2.3.9-5ubuntu0.2\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-dev\", ver:\"2.1.10-1ubuntu2.8\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.1.10-1ubuntu2.8\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"freetype2-demos\", ver:\"2.1.10-1ubuntu2.8\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-udeb\", ver:\"2.1.10-1ubuntu2.8\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-dev\", ver:\"2.3.11-1ubuntu2.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.3.11-1ubuntu2.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"freetype2-demos\", ver:\"2.3.11-1ubuntu2.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-udeb\", ver:\"2.3.11-1ubuntu2.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU9.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-dev\", ver:\"2.3.9-4ubuntu0.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.3.9-4ubuntu0.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"freetype2-demos\", ver:\"2.3.9-4ubuntu0.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-udeb\", ver:\"2.3.9-4ubuntu0.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-dev\", ver:\"2.3.5-1ubuntu4.8.04.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.3.5-1ubuntu4.8.04.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"freetype2-demos\", ver:\"2.3.5-1ubuntu4.8.04.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-udeb\", ver:\"2.3.5-1ubuntu4.8.04.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-15T11:58:12", "description": "Check for the Version of freetype", "cvss3": {}, "published": "2010-08-20T00:00:00", "type": "openvas", "title": "CentOS Update for freetype CESA-2010:0577 centos3 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2500", "CVE-2010-2527", "CVE-2010-2541"], "modified": "2017-12-15T00:00:00", "id": "OPENVAS:880403", "href": "http://plugins.openvas.org/nasl.php?oid=880403", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for freetype CESA-2010:0577 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"FreeType is a free, high-quality, portable font engine that can open and\n manage font files. It also loads, hints, and renders individual glyphs\n efficiently. These packages provide both the FreeType 1 and FreeType 2 font\n engines.\n\n An integer overflow flaw was found in the way the FreeType font engine\n processed font files. If a user loaded a carefully-crafted font file with\n an application linked against FreeType, it could cause the application to\n crash or, possibly, execute arbitrary code with the privileges of the user\n running the application. (CVE-2010-2500)\n \n Several buffer overflow flaws were found in the FreeType demo applications.\n If a user loaded a carefully-crafted font file with a demo application, it\n could cause the application to crash or, possibly, execute arbitrary code\n with the privileges of the user running the application. (CVE-2010-2527,\n CVE-2010-2541)\n \n Red Hat would like to thank Robert Swiecki of the Google Security Team for\n the discovery of the CVE-2010-2500 and CVE-2010-2527 issues.\n \n Note: All of the issues in this erratum only affect the FreeType 2 font\n engine.\n \n Users are advised to upgrade to these updated packages, which contain\n backported patches to correct these issues. The X server must be restarted\n (log out, then log back in) for this update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"freetype on CentOS 3\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2010-August/016920.html\");\n script_id(880403);\n script_version(\"$Revision: 8130 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-15 07:31:09 +0100 (Fri, 15 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-20 14:57:11 +0200 (Fri, 20 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2010:0577\");\n script_cve_id(\"CVE-2010-2500\", \"CVE-2010-2527\", \"CVE-2010-2541\");\n script_name(\"CentOS Update for freetype CESA-2010:0577 centos3 i386\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of freetype\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.1.4~15.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.1.4~15.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.1.4~15.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-utils\", rpm:\"freetype-utils~2.1.4~15.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-03T10:54:53", "description": "Check for the Version of freetype", "cvss3": {}, "published": "2010-08-20T00:00:00", "type": "openvas", "title": "CentOS Update for freetype CESA-2010:0577 centos3 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2500", "CVE-2010-2527", "CVE-2010-2541"], "modified": "2018-01-02T00:00:00", "id": "OPENVAS:1361412562310880403", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880403", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for freetype CESA-2010:0577 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"FreeType is a free, high-quality, portable font engine that can open and\n manage font files. It also loads, hints, and renders individual glyphs\n efficiently. These packages provide both the FreeType 1 and FreeType 2 font\n engines.\n\n An integer overflow flaw was found in the way the FreeType font engine\n processed font files. If a user loaded a carefully-crafted font file with\n an application linked against FreeType, it could cause the application to\n crash or, possibly, execute arbitrary code with the privileges of the user\n running the application. (CVE-2010-2500)\n \n Several buffer overflow flaws were found in the FreeType demo applications.\n If a user loaded a carefully-crafted font file with a demo application, it\n could cause the application to crash or, possibly, execute arbitrary code\n with the privileges of the user running the application. (CVE-2010-2527,\n CVE-2010-2541)\n \n Red Hat would like to thank Robert Swiecki of the Google Security Team for\n the discovery of the CVE-2010-2500 and CVE-2010-2527 issues.\n \n Note: All of the issues in this erratum only affect the FreeType 2 font\n engine.\n \n Users are advised to upgrade to these updated packages, which contain\n backported patches to correct these issues. The X server must be restarted\n (log out, then log back in) for this update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"freetype on CentOS 3\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2010-August/016920.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880403\");\n script_version(\"$Revision: 8269 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-02 08:28:22 +0100 (Tue, 02 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-20 14:57:11 +0200 (Fri, 20 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2010:0577\");\n script_cve_id(\"CVE-2010-2500\", \"CVE-2010-2527\", \"CVE-2010-2541\");\n script_name(\"CentOS Update for freetype CESA-2010:0577 centos3 i386\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of freetype\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.1.4~15.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.1.4~15.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.1.4~15.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-utils\", rpm:\"freetype-utils~2.1.4~15.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-21T11:32:26", "description": "Check for the Version of freetype", "cvss3": {}, "published": "2010-08-02T00:00:00", "type": "openvas", "title": "RedHat Update for freetype RHSA-2010:0577-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2500", "CVE-2010-2527", "CVE-2010-2541"], "modified": "2017-12-21T00:00:00", "id": "OPENVAS:870301", "href": "http://plugins.openvas.org/nasl.php?oid=870301", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for freetype RHSA-2010:0577-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"FreeType is a free, high-quality, portable font engine that can open and\n manage font files. It also loads, hints, and renders individual glyphs\n efficiently. These packages provide both the FreeType 1 and FreeType 2 font\n engines.\n\n An integer overflow flaw was found in the way the FreeType font engine\n processed font files. If a user loaded a carefully-crafted font file with\n an application linked against FreeType, it could cause the application to\n crash or, possibly, execute arbitrary code with the privileges of the user\n running the application. (CVE-2010-2500)\n \n Several buffer overflow flaws were found in the FreeType demo applications.\n If a user loaded a carefully-crafted font file with a demo application, it\n could cause the application to crash or, possibly, execute arbitrary code\n with the privileges of the user running the application. (CVE-2010-2527,\n CVE-2010-2541)\n \n Red Hat would like to thank Robert Swiecki of the Google Security Team for\n the discovery of the CVE-2010-2500 and CVE-2010-2527 issues.\n \n Note: All of the issues in this erratum only affect the FreeType 2 font\n engine.\n \n Users are advised to upgrade to these updated packages, which contain\n backported patches to correct these issues. The X server must be restarted\n (log out, then log back in) for this update to take effect.\";\n\ntag_affected = \"freetype on Red Hat Enterprise Linux AS version 3,\n Red Hat Enterprise Linux ES version 3,\n Red Hat Enterprise Linux WS version 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2010-July/msg00025.html\");\n script_id(870301);\n script_version(\"$Revision: 8205 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-21 07:30:37 +0100 (Thu, 21 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-02 12:38:17 +0200 (Mon, 02 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2010:0577-01\");\n script_cve_id(\"CVE-2010-2500\", \"CVE-2010-2527\", \"CVE-2010-2541\");\n script_name(\"RedHat Update for freetype RHSA-2010:0577-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of freetype\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_3\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.1.4~15.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-debuginfo\", rpm:\"freetype-debuginfo~2.1.4~15.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.1.4~15.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-19T15:04:33", "description": "Check for the Version of freetype", "cvss3": {}, "published": "2010-08-02T00:00:00", "type": "openvas", "title": "RedHat Update for freetype RHSA-2010:0577-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2500", "CVE-2010-2527", "CVE-2010-2541"], "modified": "2018-01-19T00:00:00", "id": "OPENVAS:1361412562310870301", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870301", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for freetype RHSA-2010:0577-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"FreeType is a free, high-quality, portable font engine that can open and\n manage font files. It also loads, hints, and renders individual glyphs\n efficiently. These packages provide both the FreeType 1 and FreeType 2 font\n engines.\n\n An integer overflow flaw was found in the way the FreeType font engine\n processed font files. If a user loaded a carefully-crafted font file with\n an application linked against FreeType, it could cause the application to\n crash or, possibly, execute arbitrary code with the privileges of the user\n running the application. (CVE-2010-2500)\n \n Several buffer overflow flaws were found in the FreeType demo applications.\n If a user loaded a carefully-crafted font file with a demo application, it\n could cause the application to crash or, possibly, execute arbitrary code\n with the privileges of the user running the application. (CVE-2010-2527,\n CVE-2010-2541)\n \n Red Hat would like to thank Robert Swiecki of the Google Security Team for\n the discovery of the CVE-2010-2500 and CVE-2010-2527 issues.\n \n Note: All of the issues in this erratum only affect the FreeType 2 font\n engine.\n \n Users are advised to upgrade to these updated packages, which contain\n backported patches to correct these issues. The X server must be restarted\n (log out, then log back in) for this update to take effect.\";\n\ntag_affected = \"freetype on Red Hat Enterprise Linux AS version 3,\n Red Hat Enterprise Linux ES version 3,\n Red Hat Enterprise Linux WS version 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2010-July/msg00025.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870301\");\n script_version(\"$Revision: 8469 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-19 08:58:21 +0100 (Fri, 19 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-02 12:38:17 +0200 (Mon, 02 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2010:0577-01\");\n script_cve_id(\"CVE-2010-2500\", \"CVE-2010-2527\", \"CVE-2010-2541\");\n script_name(\"RedHat Update for freetype RHSA-2010:0577-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of freetype\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_3\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.1.4~15.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-debuginfo\", rpm:\"freetype-debuginfo~2.1.4~15.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.1.4~15.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-04-27T19:23:07", "description": "This host is installed with FreeType and is prone to multiple Denial\n of Service vulnerabilities.", "cvss3": {}, "published": "2010-09-01T00:00:00", "type": "openvas", "title": "FreeType Multiple denial of service vulnerabilities (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2807", "CVE-2010-3053", "CVE-2010-2808", "CVE-2010-2805", "CVE-2010-2806", "CVE-2010-2541"], "modified": "2020-04-23T00:00:00", "id": "OPENVAS:1361412562310901142", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310901142", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# FreeType Multiple Denial of Service Vulnerabilities (Windows)\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2010 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.901142\");\n script_version(\"2020-04-23T12:22:09+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-23 12:22:09 +0000 (Thu, 23 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2010-09-01 09:34:36 +0200 (Wed, 01 Sep 2010)\");\n script_bugtraq_id(42285);\n script_cve_id(\"CVE-2010-3053\", \"CVE-2010-2808\", \"CVE-2010-2807\",\n \"CVE-2010-2806\", \"CVE-2010-2805\", \"CVE-2010-2541\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"FreeType Multiple denial of service vulnerabilities (Windows)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/40816\");\n script_xref(name:\"URL\", value:\"http://www.vupen.com/english/advisories/2010/2018\");\n script_xref(name:\"URL\", value:\"http://sourceforge.net/projects/freetype/files/freetype2/2.4.2/NEWS/view\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 SecPod\");\n script_family(\"Denial of Service\");\n script_dependencies(\"secpod_freetype_detect_win.nasl\");\n script_mandatory_keys(\"FreeType/Win/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation may allow attackers to execute arbitrary code in the\n context of an application that uses the affected library. Failed exploitation\n attempts will likely result in denial-of-service conditions.\");\n script_tag(name:\"affected\", value:\"FreeType version 2.4.1 and prior.\");\n script_tag(name:\"insight\", value:\"- Buffer overflow error in the 'Mac_Read_POST_Resource()' [src/base/ftobjs.c]\n function when processing Adobe Type 1 Mac Font File (LWFN) fonts.\n\n - Errors related to the bdf/bdflib.c, t42_parse_sfnts function in\n type42/t42parse.c, FT_Stream_EnterFrame function in base/ftstream.c,\n ftmulti.c in the ftmulti demo program and to the 'BOUNDS' macro when\n processing fonts.\");\n script_tag(name:\"solution\", value:\"Upgrade to FreeType version 2.4.2 or later.\");\n script_tag(name:\"summary\", value:\"This host is installed with FreeType and is prone to multiple Denial\n of Service vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://www.freetype.org/\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nftVer = get_kb_item(\"FreeType/Win/Ver\");\nif(! ftVer) {\n exit(0);\n}\n\nif(ftVer != NULL)\n{\n if(version_is_less(version: ftVer, test_version: \"2.4.2\")){\n report = report_fixed_ver(installed_version:ftVer, fixed_version:\"2.4.2\");\n security_message(port: 0, data: report);\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-02T21:10:01", "description": "This host is installed with FreeType and is prone to multiple Denial\n of Service vulnerabilities.", "cvss3": {}, "published": "2010-09-01T00:00:00", "type": "openvas", "title": "FreeType Multiple denial of service vulnerabilities (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2807", "CVE-2010-3053", "CVE-2010-2808", "CVE-2010-2805", "CVE-2010-2806", "CVE-2010-2541"], "modified": "2017-02-22T00:00:00", "id": "OPENVAS:901142", "href": "http://plugins.openvas.org/nasl.php?oid=901142", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_freetype_mult_dos_vuln_win.nasl 5394 2017-02-22 09:22:42Z teissa $\n#\n# FreeType Multiple Denial of Service Vulnerabilities (Windows)\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2010 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation may allow attackers to execute arbitrary code in the\n context of an application that uses the affected library. Failed exploitation\n attempts will likely result in denial-of-service conditions.\n Impact Level: Application\";\ntag_affected = \"FreeType version 2.4.1 and prior.\";\ntag_insight = \"- Buffer overflow error in the 'Mac_Read_POST_Resource()' [src/base/ftobjs.c]\n function when processig Adobe Type 1 Mac Font File (LWFN) fonts.\n - Errors related to the bdf/bdflib.c, t42_parse_sfnts function in\n type42/t42parse.c, FT_Stream_EnterFrame function in base/ftstream.c,\n ftmulti.c in the ftmulti demo program and to the 'BOUNDS' macro when\n processing fonts.\";\ntag_solution = \"Upgrade to FreeType version 2.4.2 or later,\n For updates refer to http://www.freetype.org/\";\ntag_summary = \"This host is installed with FreeType and is prone to multiple Denial\n of Service vulnerabilities.\";\n\nif(description)\n{\n script_id(901142);\n script_version(\"$Revision: 5394 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-22 10:22:42 +0100 (Wed, 22 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-09-01 09:34:36 +0200 (Wed, 01 Sep 2010)\");\n script_bugtraq_id(42285);\n script_cve_id(\"CVE-2010-3053\", \"CVE-2010-2808\", \"CVE-2010-2807\",\n \"CVE-2010-2806\", \"CVE-2010-2805\", \"CVE-2010-2541\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"FreeType Multiple denial of service vulnerabilities (Windows)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/40816\");\n script_xref(name : \"URL\" , value : \"http://www.vupen.com/english/advisories/2010/2018\");\n script_xref(name : \"URL\" , value : \"http://sourceforge.net/projects/freetype/files/freetype2/2.4.2/NEWS/view\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 SecPod\");\n script_family(\"Denial of Service\");\n script_dependencies(\"secpod_freetype_detect_win.nasl\");\n script_require_keys(\"FreeType/Win/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n## Get FreeType Version From KB\nftVer = get_kb_item(\"FreeType/Win/Ver\");\nif(! ftVer) {\n exit(0);\n}\n\nif(ftVer != NULL)\n{\n ## Check for FreeType version prior to 2.4.2\n if(version_is_less(version: ftVer, test_version: \"2.4.2\")){\n security_message(0);\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:36:15", "description": "Oracle Linux Local Security Checks ELSA-2010-0737", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2010-0737", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2808", "CVE-2010-2806", "CVE-2010-3311", "CVE-2010-3054"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122314", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122314", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2010-0737.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122314\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:16:37 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2010-0737\");\n script_tag(name:\"insight\", value:\"ELSA-2010-0737 - freetype security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2010-0737\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2010-0737.html\");\n script_cve_id(\"CVE-2010-2806\", \"CVE-2010-2808\", \"CVE-2010-3054\", \"CVE-2010-3311\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.2.1~28.el5_5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.2.1~28.el5_5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.2.1~28.el5_5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-19T15:04:58", "description": "Check for the Version of freetype", "cvss3": {}, "published": "2010-10-19T00:00:00", "type": "openvas", "title": "RedHat Update for freetype RHSA-2010:0737-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2808", "CVE-2010-2806", "CVE-2010-3311", "CVE-2010-3054"], "modified": "2018-01-19T00:00:00", "id": "OPENVAS:1361412562310870339", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870339", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for freetype RHSA-2010:0737-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"FreeType is a free, high-quality, portable font engine that can open and\n manage font files. It also loads, hints, and renders individual glyphs\n efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide\n both the FreeType 1 and FreeType 2 font engines. The freetype packages for\n Red Hat Enterprise Linux 5 provide only the FreeType 2 font engine.\n\n It was discovered that the FreeType font rendering engine improperly\n validated certain position values when processing input streams. If a user\n loaded a specially-crafted font file with an application linked against\n FreeType, and the relevant font glyphs were subsequently rendered with the\n X FreeType library (libXft), it could trigger a heap-based buffer overflow\n in the libXft library, causing the application to crash or, possibly,\n execute arbitrary code with the privileges of the user running the\n application. (CVE-2010-3311)\n \n A stack-based buffer overflow flaw was found in the way the FreeType font\n rendering engine processed some PostScript Type 1 fonts. If a user loaded a\n specially-crafted font file with an application linked against FreeType, it\n could cause the application to crash or, possibly, execute arbitrary code\n with the privileges of the user running the application. (CVE-2010-2808)\n \n An array index error was found in the way the FreeType font rendering\n engine processed certain PostScript Type 42 font files. If a user loaded a\n specially-crafted font file with an application linked against FreeType, it\n could cause the application to crash or, possibly, execute arbitrary code\n with the privileges of the user running the application. (CVE-2010-2806)\n \n A stack overflow flaw was found in the way the FreeType font rendering\n engine processed PostScript Type 1 font files that contain nested Standard\n Encoding Accented Character (seac) calls. If a user loaded a\n specially-crafted font file with an application linked against FreeType, it\n could cause the application to crash. (CVE-2010-3054)\n \n Note: All of the issues in this erratum only affect the FreeType 2 font\n engine.\n \n Users are advised to upgrade to these updated packages, which contain\n backported patches to correct these issues. The X server must be restarted\n (log out, then log back in) for this update to take effect.\";\n\ntag_affected = \"freetype on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2010-October/msg00001.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870339\");\n script_version(\"$Revision: 8469 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-19 08:58:21 +0100 (Fri, 19 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-10-19 15:54:15 +0200 (Tue, 19 Oct 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2010:0737-01\");\n script_cve_id(\"CVE-2010-2806\", \"CVE-2010-2808\", \"CVE-2010-3054\", \"CVE-2010-3311\");\n script_name(\"RedHat Update for freetype RHSA-2010:0737-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of freetype\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.2.1~28.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-debuginfo\", rpm:\"freetype-debuginfo~2.2.1~28.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.2.1~28.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.2.1~28.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.1.9~17.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-debuginfo\", rpm:\"freetype-debuginfo~2.1.9~17.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.1.9~17.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.1.9~17.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-utils\", rpm:\"freetype-utils~2.1.9~17.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-20T13:17:53", "description": "Check for the Version of freetype", "cvss3": {}, "published": "2010-10-19T00:00:00", "type": "openvas", "title": "CentOS Update for freetype CESA-2010:0737 centos4 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2808", "CVE-2010-2806", "CVE-2010-3311", "CVE-2010-3054"], "modified": "2017-12-19T00:00:00", "id": "OPENVAS:880433", "href": "http://plugins.openvas.org/nasl.php?oid=880433", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for freetype CESA-2010:0737 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"FreeType is a free, high-quality, portable font engine that can open and\n manage font files. It also loads, hints, and renders individual glyphs\n efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide\n both the FreeType 1 and FreeType 2 font engines. The freetype packages for\n Red Hat Enterprise Linux 5 provide only the FreeType 2 font engine.\n\n It was discovered that the FreeType font rendering engine improperly\n validated certain position values when processing input streams. If a user\n loaded a specially-crafted font file with an application linked against\n FreeType, and the relevant font glyphs were subsequently rendered with the\n X FreeType library (libXft), it could trigger a heap-based buffer overflow\n in the libXft library, causing the application to crash or, possibly,\n execute arbitrary code with the privileges of the user running the\n application. (CVE-2010-3311)\n \n A stack-based buffer overflow flaw was found in the way the FreeType font\n rendering engine processed some PostScript Type 1 fonts. If a user loaded a\n specially-crafted font file with an application linked against FreeType, it\n could cause the application to crash or, possibly, execute arbitrary code\n with the privileges of the user running the application. (CVE-2010-2808)\n \n An array index error was found in the way the FreeType font rendering\n engine processed certain PostScript Type 42 font files. If a user loaded a\n specially-crafted font file with an application linked against FreeType, it\n could cause the application to crash or, possibly, execute arbitrary code\n with the privileges of the user running the application. (CVE-2010-2806)\n \n A stack overflow flaw was found in the way the FreeType font rendering\n engine processed PostScript Type 1 font files that contain nested Standard\n Encoding Accented Character (seac) calls. If a user loaded a\n specially-crafted font file with an application linked against FreeType, it\n could cause the application to crash. (CVE-2010-3054)\n \n Note: All of the issues in this erratum only affect the FreeType 2 font\n engine.\n \n Users are advised to upgrade to these updated packages, which contain\n backported patches to correct these issues. The X server must be restarted\n (log out, then log back in) for this update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"freetype on CentOS 4\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2010-October/017039.html\");\n script_id(880433);\n script_version(\"$Revision: 8164 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-19 07:30:41 +0100 (Tue, 19 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-10-19 15:54:15 +0200 (Tue, 19 Oct 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2010:0737\");\n script_cve_id(\"CVE-2010-2806\", \"CVE-2010-2808\", \"CVE-2010-3054\", \"CVE-2010-3311\");\n script_name(\"CentOS Update for freetype CESA-2010:0737 centos4 i386\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of freetype\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.1.9~17.el4.8\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.1.9~17.el4.8\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.1.9~17.el4.8\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-utils\", rpm:\"freetype-utils~2.1.9~17.el4.8\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:26", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for freetype CESA-2010:0737 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2808", "CVE-2010-2806", "CVE-2010-3311", "CVE-2010-3054"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310880564", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880564", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for freetype CESA-2010:0737 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2010-October/017034.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880564\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2010:0737\");\n script_cve_id(\"CVE-2010-2806\", \"CVE-2010-2808\", \"CVE-2010-3054\", \"CVE-2010-3311\");\n script_name(\"CentOS Update for freetype CESA-2010:0737 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'freetype'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"freetype on CentOS 5\");\n script_tag(name:\"insight\", value:\"FreeType is a free, high-quality, portable font engine that can open and\n manage font files. It also loads, hints, and renders individual glyphs\n efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide\n both the FreeType 1 and FreeType 2 font engines. The freetype packages for\n Red Hat Enterprise Linux 5 provide only the FreeType 2 font engine.\n\n It was discovered that the FreeType font rendering engine improperly\n validated certain position values when processing input streams. If a user\n loaded a specially-crafted font file with an application linked against\n FreeType, and the relevant font glyphs were subsequently rendered with the\n X FreeType library (libXft), it could trigger a heap-based buffer overflow\n in the libXft library, causing the application to crash or, possibly,\n execute arbitrary code with the privileges of the user running the\n application. (CVE-2010-3311)\n\n A stack-based buffer overflow flaw was found in the way the FreeType font\n rendering engine processed some PostScript Type 1 fonts. If a user loaded a\n specially-crafted font file with an application linked against FreeType, it\n could cause the application to crash or, possibly, execute arbitrary code\n with the privileges of the user running the application. (CVE-2010-2808)\n\n An array index error was found in the way the FreeType font rendering\n engine processed certain PostScript Type 42 font files. If a user loaded a\n specially-crafted font file with an application linked against FreeType, it\n could cause the application to crash or, possibly, execute arbitrary code\n with the privileges of the user running the application. (CVE-2010-2806)\n\n A stack overflow flaw was found in the way the FreeType font rendering\n engine processed PostScript Type 1 font files that contain nested Standard\n Encoding Accented Character (seac) calls. If a user loaded a\n specially-crafted font file with an application linked against FreeType, it\n could cause the application to crash. (CVE-2010-3054)\n\n Note: All of the issues in this erratum only affect the FreeType 2 font\n engine.\n\n Users are advised to upgrade to these updated packages, which contain\n backported patches to correct these issues. The X server must be restarted\n (log out, then log back in) for this update to take effect.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.2.1~28.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.2.1~28.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.2.1~28.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-25T10:55:31", "description": "Check for the Version of freetype", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for freetype CESA-2010:0737 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2808", "CVE-2010-2806", "CVE-2010-3311", "CVE-2010-3054"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880564", "href": "http://plugins.openvas.org/nasl.php?oid=880564", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for freetype CESA-2010:0737 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"FreeType is a free, high-quality, portable font engine that can open and\n manage font files. It also loads, hints, and renders individual glyphs\n efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide\n both the FreeType 1 and FreeType 2 font engines. The freetype packages for\n Red Hat Enterprise Linux 5 provide only the FreeType 2 font engine.\n\n It was discovered that the FreeType font rendering engine improperly\n validated certain position values when processing input streams. If a user\n loaded a specially-crafted font file with an application linked against\n FreeType, and the relevant font glyphs were subsequently rendered with the\n X FreeType library (libXft), it could trigger a heap-based buffer overflow\n in the libXft library, causing the application to crash or, possibly,\n execute arbitrary code with the privileges of the user running the\n application. (CVE-2010-3311)\n \n A stack-based buffer overflow flaw was found in the way the FreeType font\n rendering engine processed some PostScript Type 1 fonts. If a user loaded a\n specially-crafted font file with an application linked against FreeType, it\n could cause the application to crash or, possibly, execute arbitrary code\n with the privileges of the user running the application. (CVE-2010-2808)\n \n An array index error was found in the way the FreeType font rendering\n engine processed certain PostScript Type 42 font files. If a user loaded a\n specially-crafted font file with an application linked against FreeType, it\n could cause the application to crash or, possibly, execute arbitrary code\n with the privileges of the user running the application. (CVE-2010-2806)\n \n A stack overflow flaw was found in the way the FreeType font rendering\n engine processed PostScript Type 1 font files that contain nested Standard\n Encoding Accented Character (seac) calls. If a user loaded a\n specially-crafted font file with an application linked against FreeType, it\n could cause the application to crash. (CVE-2010-3054)\n \n Note: All of the issues in this erratum only affect the FreeType 2 font\n engine.\n \n Users are advised to upgrade to these updated packages, which contain\n backported patches to correct these issues. The X server must be restarted\n (log out, then log back in) for this update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"freetype on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2010-October/017034.html\");\n script_id(880564);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2010:0737\");\n script_cve_id(\"CVE-2010-2806\", \"CVE-2010-2808\", \"CVE-2010-3054\", \"CVE-2010-3311\");\n script_name(\"CentOS Update for freetype CESA-2010:0737 centos5 i386\");\n\n script_summary(\"Check for the Version of freetype\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.2.1~28.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.2.1~28.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.2.1~28.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-21T11:32:57", "description": "Check for the Version of freetype", "cvss3": {}, "published": "2010-10-19T00:00:00", "type": "openvas", "title": "RedHat Update for freetype RHSA-2010:0737-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2808", "CVE-2010-2806", "CVE-2010-3311", "CVE-2010-3054"], "modified": "2017-12-21T00:00:00", "id": "OPENVAS:870339", "href": "http://plugins.openvas.org/nasl.php?oid=870339", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for freetype RHSA-2010:0737-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"FreeType is a free, high-quality, portable font engine that can open and\n manage font files. It also loads, hints, and renders individual glyphs\n efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide\n both the FreeType 1 and FreeType 2 font engines. The freetype packages for\n Red Hat Enterprise Linux 5 provide only the FreeType 2 font engine.\n\n It was discovered that the FreeType font rendering engine improperly\n validated certain position values when processing input streams. If a user\n loaded a specially-crafted font file with an application linked against\n FreeType, and the relevant font glyphs were subsequently rendered with the\n X FreeType library (libXft), it could trigger a heap-based buffer overflow\n in the libXft library, causing the application to crash or, possibly,\n execute arbitrary code with the privileges of the user running the\n application. (CVE-2010-3311)\n \n A stack-based buffer overflow flaw was found in the way the FreeType font\n rendering engine processed some PostScript Type 1 fonts. If a user loaded a\n specially-crafted font file with an application linked against FreeType, it\n could cause the application to crash or, possibly, execute arbitrary code\n with the privileges of the user running the application. (CVE-2010-2808)\n \n An array index error was found in the way the FreeType font rendering\n engine processed certain PostScript Type 42 font files. If a user loaded a\n specially-crafted font file with an application linked against FreeType, it\n could cause the application to crash or, possibly, execute arbitrary code\n with the privileges of the user running the application. (CVE-2010-2806)\n \n A stack overflow flaw was found in the way the FreeType font rendering\n engine processed PostScript Type 1 font files that contain nested Standard\n Encoding Accented Character (seac) calls. If a user loaded a\n specially-crafted font file with an application linked against FreeType, it\n could cause the application to crash. (CVE-2010-3054)\n \n Note: All of the issues in this erratum only affect the FreeType 2 font\n engine.\n \n Users are advised to upgrade to these updated packages, which contain\n backported patches to correct these issues. The X server must be restarted\n (log out, then log back in) for this update to take effect.\";\n\ntag_affected = \"freetype on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2010-October/msg00001.html\");\n script_id(870339);\n script_version(\"$Revision: 8205 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-21 07:30:37 +0100 (Thu, 21 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-10-19 15:54:15 +0200 (Tue, 19 Oct 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2010:0737-01\");\n script_cve_id(\"CVE-2010-2806\", \"CVE-2010-2808\", \"CVE-2010-3054\", \"CVE-2010-3311\");\n script_name(\"RedHat Update for freetype RHSA-2010:0737-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of freetype\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.2.1~28.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-debuginfo\", rpm:\"freetype-debuginfo~2.2.1~28.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.2.1~28.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.2.1~28.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.1.9~17.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-debuginfo\", rpm:\"freetype-debuginfo~2.1.9~17.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.1.9~17.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.1.9~17.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-utils\", rpm:\"freetype-utils~2.1.9~17.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-17T11:05:22", "description": "Check for the Version of freetype", "cvss3": {}, "published": "2010-10-19T00:00:00", "type": "openvas", "title": "CentOS Update for freetype CESA-2010:0737 centos4 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2808", "CVE-2010-2806", "CVE-2010-3311", "CVE-2010-3054"], "modified": "2018-01-16T00:00:00", "id": "OPENVAS:1361412562310880433", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880433", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for freetype CESA-2010:0737 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"FreeType is a free, high-quality, portable font engine that can open and\n manage font files. It also loads, hints, and renders individual glyphs\n efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide\n both the FreeType 1 and FreeType 2 font engines. The freetype packages for\n Red Hat Enterprise Linux 5 provide only the FreeType 2 font engine.\n\n It was discovered that the FreeType font rendering engine improperly\n validated certain position values when processing input streams. If a user\n loaded a specially-crafted font file with an application linked against\n FreeType, and the relevant font glyphs were subsequently rendered with the\n X FreeType library (libXft), it could trigger a heap-based buffer overflow\n in the libXft library, causing the application to crash or, possibly,\n execute arbitrary code with the privileges of the user running the\n application. (CVE-2010-3311)\n \n A stack-based buffer overflow flaw was found in the way the FreeType font\n rendering engine processed some PostScript Type 1 fonts. If a user loaded a\n specially-crafted font file with an application linked against FreeType, it\n could cause the application to crash or, possibly, execute arbitrary code\n with the privileges of the user running the application. (CVE-2010-2808)\n \n An array index error was found in the way the FreeType font rendering\n engine processed certain PostScript Type 42 font files. If a user loaded a\n specially-crafted font file with an application linked against FreeType, it\n could cause the application to crash or, possibly, execute arbitrary code\n with the privileges of the user running the application. (CVE-2010-2806)\n \n A stack overflow flaw was found in the way the FreeType font rendering\n engine processed PostScript Type 1 font files that contain nested Standard\n Encoding Accented Character (seac) calls. If a user loaded a\n specially-crafted font file with an application linked against FreeType, it\n could cause the application to crash. (CVE-2010-3054)\n \n Note: All of the issues in this erratum only affect the FreeType 2 font\n engine.\n \n Users are advised to upgrade to these updated packages, which contain\n backported patches to correct these issues. The X server must be restarted\n (log out, then log back in) for this update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"freetype on CentOS 4\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2010-October/017039.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880433\");\n script_version(\"$Revision: 8438 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-16 18:38:23 +0100 (Tue, 16 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-10-19 15:54:15 +0200 (Tue, 19 Oct 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2010:0737\");\n script_cve_id(\"CVE-2010-2806\", \"CVE-2010-2808\", \"CVE-2010-3054\", \"CVE-2010-3311\");\n script_name(\"CentOS Update for freetype CESA-2010:0737 centos4 i386\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of freetype\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.1.9~17.el4.8\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.1.9~17.el4.8\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.1.9~17.el4.8\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-utils\", rpm:\"freetype-utils~2.1.9~17.el4.8\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-18T11:04:58", "description": "Check for the Version of freetype2", "cvss3": {}, "published": "2010-10-19T00:00:00", "type": "openvas", "title": "Mandriva Update for freetype2 MDVSA-2010:201 (freetype2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-3311", "CVE-2010-1797"], "modified": "2018-01-17T00:00:00", "id": "OPENVAS:1361412562310831204", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831204", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for freetype2 MDVSA-2010:201 (freetype2)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability was discovered and corrected in freetype2:\n\n Marc Schoenefeld found an input stream position error in the way\n FreeType font rendering engine processed input file streams. If\n a user loaded a specially-crafted font file with an application\n linked against FreeType and relevant font glyphs were subsequently\n rendered with the X FreeType library (libXft), it could cause the\n application to crash or, possibly execute arbitrary code (integer\n overflow leading to heap-based buffer overflow in the libXft library)\n with the privileges of the user running the application. Different\n vulnerability than CVE-2010-1797 (CVE-2010-3311).\n \n Packages for 2009.0 are provided as of the Extended Maintenance\n Program. Please visit this link to learn more:\n http://store.mandriva.com/product_info.php?cPath=149&products_id=490\n \n The updated packages have been patched to correct this issue.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"freetype2 on Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Linux 2009.1,\n Mandriva Linux 2009.1/X86_64,\n Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64,\n Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-10/msg00022.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831204\");\n script_version(\"$Revision: 8447 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 17:12:19 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-10-19 15:54:15 +0200 (Tue, 19 Oct 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2010:201\");\n script_cve_id(\"CVE-2010-1797\", \"CVE-2010-3311\");\n script_name(\"Mandriva Update for freetype2 MDVSA-2010:201 (freetype2)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of freetype2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libfreetype6\", rpm:\"libfreetype6~2.3.7~1.5mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-devel\", rpm:\"libfreetype6-devel~2.3.7~1.5mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-static-devel\", rpm:\"libfreetype6-static-devel~2.3.7~1.5mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype2\", rpm:\"freetype2~2.3.7~1.5mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6\", rpm:\"lib64freetype6~2.3.7~1.5mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6-devel\", rpm:\"lib64freetype6-devel~2.3.7~1.5mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6-static-devel\", rpm:\"lib64freetype6-static-devel~2.3.7~1.5mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libfreetype6\", rpm:\"libfreetype6~2.3.12~1.4mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-devel\", rpm:\"libfreetype6-devel~2.3.12~1.4mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-static-devel\", rpm:\"libfreetype6-static-devel~2.3.12~1.4mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype2\", rpm:\"freetype2~2.3.12~1.4mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6\", rpm:\"lib64freetype6~2.3.12~1.4mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6-devel\", rpm:\"lib64freetype6-devel~2.3.12~1.4mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6-static-devel\", rpm:\"lib64freetype6-static-devel~2.3.12~1.4mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libfreetype6\", rpm:\"libfreetype6~2.3.11~1.4mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-devel\", rpm:\"libfreetype6-devel~2.3.11~1.4mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-static-devel\", rpm:\"libfreetype6-static-devel~2.3.11~1.4mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype2\", rpm:\"freetype2~2.3.11~1.4mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6\", rpm:\"lib64freetype6~2.3.11~1.4mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6-devel\", rpm:\"lib64freetype6-devel~2.3.11~1.4mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6-static-devel\", rpm:\"lib64freetype6-static-devel~2.3.11~1.4mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libfreetype6\", rpm:\"libfreetype6~2.3.9~1.6mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-devel\", rpm:\"libfreetype6-devel~2.3.9~1.6mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-static-devel\", rpm:\"libfreetype6-static-devel~2.3.9~1.6mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype2\", rpm:\"freetype2~2.3.9~1.6mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6\", rpm:\"lib64freetype6~2.3.9~1.6mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6-devel\", rpm:\"lib64freetype6-devel~2.3.9~1.6mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6-static-devel\", rpm:\"lib64freetype6-static-devel~2.3.9~1.6mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libfreetype6\", rpm:\"libfreetype6~2.3.7~1.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-devel\", rpm:\"libfreetype6-devel~2.3.7~1.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-static-devel\", rpm:\"libfreetype6-static-devel~2.3.7~1.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype2\", rpm:\"freetype2~2.3.7~1.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6\", rpm:\"lib64freetype6~2.3.7~1.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6-devel\", rpm:\"lib64freetype6-devel~2.3.7~1.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6-static-devel\", rpm:\"lib64freetype6-static-devel~2.3.7~1.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-21T11:32:54", "description": "Check for the Version of freetype2", "cvss3": {}, "published": "2010-10-19T00:00:00", "type": "openvas", "title": "Mandriva Update for freetype2 MDVSA-2010:201 (freetype2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-3311", "CVE-2010-1797"], "modified": "2017-12-20T00:00:00", "id": "OPENVAS:831204", "href": "http://plugins.openvas.org/nasl.php?oid=831204", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for freetype2 MDVSA-2010:201 (freetype2)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability was discovered and corrected in freetype2:\n\n Marc Schoenefeld found an input stream position error in the way\n FreeType font rendering engine processed input file streams. If\n a user loaded a specially-crafted font file with an application\n linked against FreeType and relevant font glyphs were subsequently\n rendered with the X FreeType library (libXft), it could cause the\n application to crash or, possibly execute arbitrary code (integer\n overflow leading to heap-based buffer overflow in the libXft library)\n with the privileges of the user running the application. Different\n vulnerability than CVE-2010-1797 (CVE-2010-3311).\n \n Packages for 2009.0 are provided as of the Extended Maintenance\n Program. Please visit this link to learn more:\n http://store.mandriva.com/product_info.php?cPath=149&products_id=490\n \n The updated packages have been patched to correct this issue.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"freetype2 on Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Linux 2009.1,\n Mandriva Linux 2009.1/X86_64,\n Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64,\n Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-10/msg00022.php\");\n script_id(831204);\n script_version(\"$Revision: 8186 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-20 07:30:34 +0100 (Wed, 20 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-10-19 15:54:15 +0200 (Tue, 19 Oct 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2010:201\");\n script_cve_id(\"CVE-2010-1797\", \"CVE-2010-3311\");\n script_name(\"Mandriva Update for freetype2 MDVSA-2010:201 (freetype2)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of freetype2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libfreetype6\", rpm:\"libfreetype6~2.3.7~1.5mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-devel\", rpm:\"libfreetype6-devel~2.3.7~1.5mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-static-devel\", rpm:\"libfreetype6-static-devel~2.3.7~1.5mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype2\", rpm:\"freetype2~2.3.7~1.5mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6\", rpm:\"lib64freetype6~2.3.7~1.5mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6-devel\", rpm:\"lib64freetype6-devel~2.3.7~1.5mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6-static-devel\", rpm:\"lib64freetype6-static-devel~2.3.7~1.5mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libfreetype6\", rpm:\"libfreetype6~2.3.12~1.4mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-devel\", rpm:\"libfreetype6-devel~2.3.12~1.4mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-static-devel\", rpm:\"libfreetype6-static-devel~2.3.12~1.4mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype2\", rpm:\"freetype2~2.3.12~1.4mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6\", rpm:\"lib64freetype6~2.3.12~1.4mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6-devel\", rpm:\"lib64freetype6-devel~2.3.12~1.4mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6-static-devel\", rpm:\"lib64freetype6-static-devel~2.3.12~1.4mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libfreetype6\", rpm:\"libfreetype6~2.3.11~1.4mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-devel\", rpm:\"libfreetype6-devel~2.3.11~1.4mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-static-devel\", rpm:\"libfreetype6-static-devel~2.3.11~1.4mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype2\", rpm:\"freetype2~2.3.11~1.4mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6\", rpm:\"lib64freetype6~2.3.11~1.4mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6-devel\", rpm:\"lib64freetype6-devel~2.3.11~1.4mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6-static-devel\", rpm:\"lib64freetype6-static-devel~2.3.11~1.4mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libfreetype6\", rpm:\"libfreetype6~2.3.9~1.6mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-devel\", rpm:\"libfreetype6-devel~2.3.9~1.6mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-static-devel\", rpm:\"libfreetype6-static-devel~2.3.9~1.6mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype2\", rpm:\"freetype2~2.3.9~1.6mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6\", rpm:\"lib64freetype6~2.3.9~1.6mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6-devel\", rpm:\"lib64freetype6-devel~2.3.9~1.6mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6-static-devel\", rpm:\"lib64freetype6-static-devel~2.3.9~1.6mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libfreetype6\", rpm:\"libfreetype6~2.3.7~1.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-devel\", rpm:\"libfreetype6-devel~2.3.7~1.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-static-devel\", rpm:\"libfreetype6-static-devel~2.3.7~1.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype2\", rpm:\"freetype2~2.3.7~1.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6\", rpm:\"lib64freetype6~2.3.7~1.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6-devel\", rpm:\"lib64freetype6-devel~2.3.7~1.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6-static-devel\", rpm:\"lib64freetype6-static-devel~2.3.7~1.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-15T11:58:10", "description": "Check for the Version of freetype2", "cvss3": {}, "published": "2010-08-24T00:00:00", "type": "openvas", "title": "Mandriva Update for freetype2 MDVSA-2010:157 (freetype2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2807", "CVE-2010-3053", "CVE-2010-2808", "CVE-2010-2805", "CVE-2010-2806"], "modified": "2017-12-15T00:00:00", "id": "OPENVAS:831133", "href": "http://plugins.openvas.org/nasl.php?oid=831133", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for freetype2 MDVSA-2010:157 (freetype2)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been found and corrected in freetype2:\n\n The FT_Stream_EnterFrame function in base/ftstream.c in FreeType\n before 2.4.2 does not properly validate certain position values, which\n allows remote attackers to cause a denial of service (application\n crash) or possibly execute arbitrary code via a crafted font file\n (CVE-2010-2805).\n\n Array index error in the t42_parse_sfnts function in type42/t42parse.c\n in FreeType before 2.4.2 allows remote attackers to cause a denial of\n service (application crash) or possibly execute arbitrary code via\n negative size values for certain strings in FontType42 font files,\n leading to a heap-based buffer overflow (CVE-2010-2806).\n\n FreeType before 2.4.2 uses incorrect integer data types during bounds\n checking, which allows remote attackers to cause a denial of service\n (application crash) or possibly execute arbitrary code via a crafted\n font file (CVE-2010-2807).\n\n Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c\n in FreeType before 2.4.2 allows remote attackers to cause a denial of\n service (memory corruption and application crash) or possibly execute\n arbitrary code via a crafted Adobe Type 1 Mac Font File (aka LWFN)\n font (CVE-2010-2808).\n\n bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause\n a denial of service (application crash) via a crafted BDF font file,\n related to an attempted modification of a value in a static string\n (CVE-2010-3053).\n\n The updated packages have been patched to correct these issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"freetype2 on Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-08/msg00017.php\");\n script_id(831133);\n script_version(\"$Revision: 8130 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-15 07:31:09 +0100 (Fri, 15 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-24 07:04:19 +0200 (Tue, 24 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2010:157\");\n script_cve_id(\"CVE-2010-2805\", \"CVE-2010-2806\", \"CVE-2010-2807\", \"CVE-2010-2808\", \"CVE-2010-3053\");\n script_name(\"Mandriva Update for freetype2 MDVSA-2010:157 (freetype2)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of freetype2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libfreetype6\", rpm:\"libfreetype6~2.3.11~1.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-devel\", rpm:\"libfreetype6-devel~2.3.11~1.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-static-devel\", rpm:\"libfreetype6-static-devel~2.3.11~1.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype2\", rpm:\"freetype2~2.3.11~1.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6\", rpm:\"lib64freetype6~2.3.11~1.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6-devel\", rpm:\"lib64freetype6-devel~2.3.11~1.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6-static-devel\", rpm:\"lib64freetype6-static-devel~2.3.11~1.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-06T13:05:11", "description": "Check for the Version of freetype2", "cvss3": {}, "published": "2010-08-24T00:00:00", "type": "openvas", "title": "Mandriva Update for freetype2 MDVSA-2010:157 (freetype2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2807", "CVE-2010-3053", "CVE-2010-2808", "CVE-2010-2805", "CVE-2010-2806"], "modified": "2018-01-03T00:00:00", "id": "OPENVAS:1361412562310831133", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831133", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for freetype2 MDVSA-2010:157 (freetype2)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been found and corrected in freetype2:\n\n The FT_Stream_EnterFrame function in base/ftstream.c in FreeType\n before 2.4.2 does not properly validate certain position values, which\n allows remote attackers to cause a denial of service (application\n crash) or possibly execute arbitrary code via a crafted font file\n (CVE-2010-2805).\n\n Array index error in the t42_parse_sfnts function in type42/t42parse.c\n in FreeType before 2.4.2 allows remote attackers to cause a denial of\n service (application crash) or possibly execute arbitrary code via\n negative size values for certain strings in FontType42 font files,\n leading to a heap-based buffer overflow (CVE-2010-2806).\n\n FreeType before 2.4.2 uses incorrect integer data types during bounds\n checking, which allows remote attackers to cause a denial of service\n (application crash) or possibly execute arbitrary code via a crafted\n font file (CVE-2010-2807).\n\n Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c\n in FreeType before 2.4.2 allows remote attackers to cause a denial of\n service (memory corruption and application crash) or possibly execute\n arbitrary code via a crafted Adobe Type 1 Mac Font File (aka LWFN)\n font (CVE-2010-2808).\n\n bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause\n a denial of service (application crash) via a crafted BDF font file,\n related to an attempted modification of a value in a static string\n (CVE-2010-3053).\n\n The updated packages have been patched to correct these issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"freetype2 on Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-08/msg00017.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831133\");\n script_version(\"$Revision: 8274 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-03 08:28:17 +0100 (Wed, 03 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-24 07:04:19 +0200 (Tue, 24 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2010:157\");\n script_cve_id(\"CVE-2010-2805\", \"CVE-2010-2806\", \"CVE-2010-2807\", \"CVE-2010-2808\", \"CVE-2010-3053\");\n script_name(\"Mandriva Update for freetype2 MDVSA-2010:157 (freetype2)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of freetype2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libfreetype6\", rpm:\"libfreetype6~2.3.11~1.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-devel\", rpm:\"libfreetype6-devel~2.3.11~1.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-static-devel\", rpm:\"libfreetype6-static-devel~2.3.11~1.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype2\", rpm:\"freetype2~2.3.11~1.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6\", rpm:\"lib64freetype6~2.3.11~1.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6-devel\", rpm:\"lib64freetype6-devel~2.3.11~1.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6-static-devel\", rpm:\"lib64freetype6-static-devel~2.3.11~1.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-04T11:17:47", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1013-1", "cvss3": {}, "published": "2010-11-16T00:00:00", "type": "openvas", "title": "Ubuntu Update for freetype vulnerabilities USN-1013-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-3311", "CVE-2010-3855", "CVE-2010-3814"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840532", "href": "http://plugins.openvas.org/nasl.php?oid=840532", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1013_1.nasl 7965 2017-12-01 07:38:25Z santu $\n#\n# Ubuntu Update for freetype vulnerabilities USN-1013-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Marc Schoenefeld discovered that FreeType did not correctly handle certain\n malformed font files. If a user were tricked into using a specially crafted\n font file, a remote attacker could cause FreeType to crash or possibly\n execute arbitrary code with user privileges. This issue only affected\n Ubuntu 6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS. (CVE-2010-3311)\n\n Chris Evans discovered that FreeType did not correctly handle certain\n malformed TrueType font files. If a user were tricked into using a\n specially crafted TrueType file, a remote attacker could cause FreeType to\n crash or possibly execute arbitrary code with user privileges. This issue\n only affected Ubuntu 8.04 LTS, 9.10, 10.04 LTS and 10.10. (CVE-2010-3814)\n \n It was discovered that FreeType did not correctly handle certain malformed\n TrueType font files. If a user were tricked into using a specially crafted\n TrueType file, a remote attacker could cause FreeType to crash or possibly\n execute arbitrary code with user privileges. (CVE-2010-3855)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1013-1\";\ntag_affected = \"freetype vulnerabilities on Ubuntu 6.06 LTS ,\n Ubuntu 8.04 LTS ,\n Ubuntu 9.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1013-1/\");\n script_id(840532);\n script_version(\"$Revision: 7965 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:38:25 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-16 14:49:48 +0100 (Tue, 16 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1013-1\");\n script_cve_id(\"CVE-2010-3311\", \"CVE-2010-3814\", \"CVE-2010-3855\");\n script_name(\"Ubuntu Update for freetype vulnerabilities USN-1013-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-dev\", ver:\"2.3.9-5ubuntu0.4\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.3.9-5ubuntu0.4\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"freetype2-demos\", ver:\"2.3.9-5ubuntu0.4\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-udeb\", ver:\"2.3.9-5ubuntu0.4\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-dev\", ver:\"2.1.10-1ubuntu2.10\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.1.10-1ubuntu2.10\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"freetype2-demos\", ver:\"2.1.10-1ubuntu2.10\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-udeb\", ver:\"2.1.10-1ubuntu2.10\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-dev\", ver:\"2.3.11-1ubuntu2.4\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.3.11-1ubuntu2.4\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"freetype2-demos\", ver:\"2.3.11-1ubuntu2.4\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-udeb\", ver:\"2.3.11-1ubuntu2.4\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-dev\", ver:\"2.3.5-1ubuntu4.8.04.6\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.3.5-1ubuntu4.8.04.6\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"freetype2-demos\", ver:\"2.3.5-1ubuntu4.8.04.6\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-udeb\", ver:\"2.3.5-1ubuntu4.8.04.6\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-06T13:04:53", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1013-1", "cvss3": {}, "published": "2010-11-16T00:00:00", "type": "openvas", "title": "Ubuntu Update for freetype vulnerabilities USN-1013-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-3311", "CVE-2010-3855", "CVE-2010-3814"], "modified": "2018-01-04T00:00:00", "id": "OPENVAS:1361412562310840532", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840532", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1013_1.nasl 8287 2018-01-04 07:28:11Z teissa $\n#\n# Ubuntu Update for freetype vulnerabilities USN-1013-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Marc Schoenefeld discovered that FreeType did not correctly handle certain\n malformed font files. If a user were tricked into using a specially crafted\n font file, a remote attacker could cause FreeType to crash or possibly\n execute arbitrary code with user privileges. This issue only affected\n Ubuntu 6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS. (CVE-2010-3311)\n\n Chris Evans discovered that FreeType did not correctly handle certain\n malformed TrueType font files. If a user were tricked into using a\n specially crafted TrueType file, a remote attacker could cause FreeType to\n crash or possibly execute arbitrary code with user privileges. This issue\n only affected Ubuntu 8.04 LTS, 9.10, 10.04 LTS and 10.10. (CVE-2010-3814)\n \n It was discovered that FreeType did not correctly handle certain malformed\n TrueType font files. If a user were tricked into using a specially crafted\n TrueType file, a remote attacker could cause FreeType to crash or possibly\n execute arbitrary code with user privileges. (CVE-2010-3855)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1013-1\";\ntag_affected = \"freetype vulnerabilities on Ubuntu 6.06 LTS ,\n Ubuntu 8.04 LTS ,\n Ubuntu 9.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1013-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840532\");\n script_version(\"$Revision: 8287 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-04 08:28:11 +0100 (Thu, 04 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-16 14:49:48 +0100 (Tue, 16 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1013-1\");\n script_cve_id(\"CVE-2010-3311\", \"CVE-2010-3814\", \"CVE-2010-3855\");\n script_name(\"Ubuntu Update for freetype vulnerabilities USN-1013-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-dev\", ver:\"2.3.9-5ubuntu0.4\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.3.9-5ubuntu0.4\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"freetype2-demos\", ver:\"2.3.9-5ubuntu0.4\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-udeb\", ver:\"2.3.9-5ubuntu0.4\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-dev\", ver:\"2.1.10-1ubuntu2.10\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.1.10-1ubuntu2.10\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"freetype2-demos\", ver:\"2.1.10-1ubuntu2.10\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-udeb\", ver:\"2.1.10-1ubuntu2.10\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-dev\", ver:\"2.3.11-1ubuntu2.4\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.3.11-1ubuntu2.4\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"freetype2-demos\", ver:\"2.3.11-1ubuntu2.4\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-udeb\", ver:\"2.3.11-1ubuntu2.4\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-dev\", ver:\"2.3.5-1ubuntu4.8.04.6\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.3.5-1ubuntu4.8.04.6\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"freetype2-demos\", ver:\"2.3.5-1ubuntu4.8.04.6\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-udeb\", ver:\"2.3.5-1ubuntu4.8.04.6\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-17T11:05:18", "description": "Check for the Version of freetype", "cvss3": {}, "published": "2010-10-19T00:00:00", "type": "openvas", "title": "CentOS Update for freetype CESA-2010:0736 centos3 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2806", "CVE-2010-3311", "CVE-2010-3054"], "modified": "2018-01-16T00:00:00", "id": "OPENVAS:1361412562310880435", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880435", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for freetype CESA-2010:0736 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"FreeType is a free, high-quality, portable font engine that can open and\n manage font files. It also loads, hints, and renders individual glyphs\n efficiently. The freetype packages for Red Hat Enterprise Linux 3 provide\n both the FreeType 1 and FreeType 2 font engines.\n\n It was discovered that the FreeType font rendering engine improperly\n validated certain position values when processing input streams. If a user\n loaded a specially-crafted font file with an application linked against\n FreeType, and the relevant font glyphs were subsequently rendered with the\n X FreeType library (libXft), it could trigger a heap-based buffer overflow\n in the libXft library, causing the application to crash or, possibly,\n execute arbitrary code with the privileges of the user running the\n application. (CVE-2010-3311)\n \n An array index error was found in the way the FreeType font rendering\n engine processed certain PostScript Type 42 font files. If a user loaded a\n specially-crafted font file with an application linked against FreeType, it\n could cause the application to crash or, possibly, execute arbitrary code\n with the privileges of the user running the application. (CVE-2010-2806)\n \n A stack overflow flaw was found in the way the FreeType font rendering\n engine processed PostScript Type 1 font files that contain nested Standard\n Encoding Accented Character (seac) calls. If a user loaded a\n specially-crafted font file with an application linked against FreeType, it\n could cause the application to crash. (CVE-2010-3054)\n \n Note: All of the issues in this erratum only affect the FreeType 2 font\n engine.\n \n Users are advised to upgrade to these updated packages, which contain\n backported patches to correct these issues. The X server must be restarted\n (log out, then log back in) for this update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"freetype on CentOS 3\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2010-October/017037.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880435\");\n script_version(\"$Revision: 8438 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-16 18:38:23 +0100 (Tue, 16 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-10-19 15:54:15 +0200 (Tue, 19 Oct 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2010:0736\");\n script_cve_id(\"CVE-2010-2806\", \"CVE-2010-3054\", \"CVE-2010-3311\");\n script_name(\"CentOS Update for freetype CESA-2010:0736 centos3 i386\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of freetype\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.1.4~18.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.1.4~18.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.1.4~18.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-utils\", rpm:\"freetype-utils~2.1.4~18.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-18T11:04:32", "description": "Check for the Version of freetype", "cvss3": {}, "published": "2010-10-19T00:00:00", "type": "openvas", "title": "RedHat Update for freetype RHSA-2010:0736-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2806", "CVE-2010-3311", "CVE-2010-3054"], "modified": "2018-01-17T00:00:00", "id": "OPENVAS:1361412562310870330", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870330", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for freetype RHSA-2010:0736-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"FreeType is a free, high-quality, portable font engine that can open and\n manage font files. It also loads, hints, and renders individual glyphs\n efficiently. The freetype packages for Red Hat Enterprise Linux 3 provide\n both the FreeType 1 and FreeType 2 font engines.\n\n It was discovered that the FreeType font rendering engine improperly\n validated certain position values when processing input streams. If a user\n loaded a specially-crafted font file with an application linked against\n FreeType, and the relevant font glyphs were subsequently rendered with the\n X FreeType library (libXft), it could trigger a heap-based buffer overflow\n in the libXft library, causing the application to crash or, possibly,\n execute arbitrary code with the privileges of the user running the\n application. (CVE-2010-3311)\n \n An array index error was found in the way the FreeType font rendering\n engine processed certain PostScript Type 42 font files. If a user loaded a\n specially-crafted font file with an application linked against FreeType, it\n could cause the application to crash or, possibly, execute arbitrary code\n with the privileges of the user running the application. (CVE-2010-2806)\n \n A stack overflow flaw was found in the way the FreeType font rendering\n engine processed PostScript Type 1 font files that contain nested Standard\n Encoding Accented Character (seac) calls. If a user loaded a\n specially-crafted font file with an application linked against FreeType, it\n could cause the application to crash. (CVE-2010-3054)\n \n Note: All of the issues in this erratum only affect the FreeType 2 font\n engine.\n \n Users are advised to upgrade to these updated packages, which contain\n backported patches to correct these issues. The X server must be restarted\n (log out, then log back in) for this update to take effect.\";\n\ntag_affected = \"freetype on Red Hat Enterprise Linux AS version 3,\n Red Hat Enterprise Linux ES version 3,\n Red Hat Enterprise Linux WS version 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2010-October/msg00000.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870330\");\n script_version(\"$Revision: 8447 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 17:12:19 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-10-19 15:54:15 +0200 (Tue, 19 Oct 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2010:0736-01\");\n script_cve_id(\"CVE-2010-2806\", \"CVE-2010-3054\", \"CVE-2010-3311\");\n script_name(\"RedHat Update for freetype RHSA-2010:0736-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of freetype\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_3\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.1.4~18.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-debuginfo\", rpm:\"freetype-debuginfo~2.1.4~18.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.1.4~18.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-20T13:17:47", "description": "Check for the Version of freetype", "cvss3": {}, "published": "2010-10-19T00:00:00", "type": "openvas", "title": "CentOS Update for freetype CESA-2010:0736 centos3 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2806", "CVE-2010-3311", "CVE-2010-3054"], "modified": "2017-12-19T00:00:00", "id": "OPENVAS:880435", "href": "http://plugins.openvas.org/nasl.php?oid=880435", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for freetype CESA-2010:0736 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"FreeType is a free, high-quality, portable font engine that can open and\n manage font files. It also loads, hints, and renders individual glyphs\n efficiently. The freetype packages for Red Hat Enterprise Linux 3 provide\n both the FreeType 1 and FreeType 2 font engines.\n\n It was discovered that the FreeType font rendering engine improperly\n validated certain position values when processing input streams. If a user\n loaded a specially-crafted font file with an application linked against\n FreeType, and the relevant font glyphs were subsequently rendered with the\n X FreeType library (libXft), it could trigger a heap-based buffer overflow\n in the libXft library, causing the application to crash or, possibly,\n execute arbitrary code with the privileges of the user running the\n application. (CVE-2010-3311)\n \n An array index error was found in the way the FreeType font rendering\n engine processed certain PostScript Type 42 font files. If a user loaded a\n specially-crafted font file with an application linked against FreeType, it\n could cause the application to crash or, possibly, execute arbitrary code\n with the privileges of the user running the application. (CVE-2010-2806)\n \n A stack overflow flaw was found in the way the FreeType font rendering\n engine processed PostScript Type 1 font files that contain nested Standard\n Encoding Accented Character (seac) calls. If a user loaded a\n specially-crafted font file with an application linked against FreeType, it\n could cause the application to crash. (CVE-2010-3054)\n \n Note: All of the issues in this erratum only affect the FreeType 2 font\n engine.\n \n Users are advised to upgrade to these updated packages, which contain\n backported patches to correct these issues. The X server must be restarted\n (log out, then log back in) for this update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"freetype on CentOS 3\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2010-October/017037.html\");\n script_id(880435);\n script_version(\"$Revision: 8164 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-19 07:30:41 +0100 (Tue, 19 Dec 2017) $

[SECURITY] Fedora 12 Update: freetype-2.3.11-7.fc12

Description

Affected Package

Related