Lucene search
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.AL2_ALAS-2023-1909.NASLHistoryJan 23, 2023 - 12:00 a.m.
Amazon Linux 2 : freetype (ALAS-2023-1909)
2023-01-2300:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
95
The version of freetype installed on the remote host is prior to 2.8-14. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-1909 advisory.
-
FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face. (CVE-2022-27404)
-
FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNT_Size_Request. (CVE-2022-27405)
-
FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation violation via the function FT_Request_Size. (CVE-2022-27406)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux 2 Security Advisory ALAS-2023-1909.
##
include('compat.inc');
if (description)
{
script_id(170438);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/09/06");
script_cve_id("CVE-2022-27404", "CVE-2022-27405", "CVE-2022-27406");
script_name(english:"Amazon Linux 2 : freetype (ALAS-2023-1909)");
script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux 2 host is missing a security update.");
script_set_attribute(attribute:"description", value:
"The version of freetype installed on the remote host is prior to 2.8-14. It is, therefore, affected by multiple
vulnerabilities as referenced in the ALAS2-2023-1909 advisory.
- FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow
via the function sfnt_init_face. (CVE-2022-27404)
- FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation
violation via the function FNT_Size_Request. (CVE-2022-27405)
- FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation
violation via the function FT_Request_Size. (CVE-2022-27406)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/AL2/ALAS-2023-1909.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2022-27404.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2022-27405.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2022-27406.html");
script_set_attribute(attribute:"solution", value:
"Run 'yum update freetype' to update your system.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-27404");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/04/22");
script_set_attribute(attribute:"patch_publication_date", value:"2023/01/18");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/01/23");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:freetype");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:freetype-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:freetype-demos");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:freetype-devel");
script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Amazon Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
exit(0);
}
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var alas_release = get_kb_item("Host/AmazonLinux/release");
if (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, "Amazon Linux");
var os_ver = pregmatch(pattern: "^AL(A|\d+|-\d+)", string:alas_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "2")
{
if (os_ver == 'A') os_ver = 'AMI';
audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver);
}
if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var pkgs = [
{'reference':'freetype-2.8-14.amzn2.1.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
{'reference':'freetype-2.8-14.amzn2.1.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
{'reference':'freetype-2.8-14.amzn2.1.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
{'reference':'freetype-debuginfo-2.8-14.amzn2.1.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
{'reference':'freetype-debuginfo-2.8-14.amzn2.1.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
{'reference':'freetype-debuginfo-2.8-14.amzn2.1.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
{'reference':'freetype-demos-2.8-14.amzn2.1.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
{'reference':'freetype-demos-2.8-14.amzn2.1.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
{'reference':'freetype-demos-2.8-14.amzn2.1.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
{'reference':'freetype-devel-2.8-14.amzn2.1.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
{'reference':'freetype-devel-2.8-14.amzn2.1.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
{'reference':'freetype-devel-2.8-14.amzn2.1.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "freetype / freetype-debuginfo / freetype-demos / etc");
}| Vendor | Product | Version | CPE |
|---|---|---|---|
| amazon | linux | freetype | p-cpe:/a:amazon:linux:freetype |
| amazon | linux | freetype-debuginfo | p-cpe:/a:amazon:linux:freetype-debuginfo |
| amazon | linux | freetype-demos | p-cpe:/a:amazon:linux:freetype-demos |
| amazon | linux | freetype-devel | p-cpe:/a:amazon:linux:freetype-devel |
| amazon | linux | 2 | cpe:/o:amazon:linux:2 |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27404
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27405
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27406
alas.aws.amazon.com/AL2/ALAS-2023-1909.html
alas.aws.amazon.com/cve/html/CVE-2022-27404.html
alas.aws.amazon.com/cve/html/CVE-2022-27405.html
alas.aws.amazon.com/cve/html/CVE-2022-27406.html
Related
nessus
nessus
EulerOS 2.0 SP10 : freetype (EulerOS-SA-2022-2155)
2022-07-29 00:00:00
EulerOS Virtualization 2.9.0 : freetype (EulerOS-SA-2022-2379)
2022-09-24 00:00:00
EulerOS 2.0 SP10 : freetype (EulerOS-SA-2022-2130)
2022-07-29 00:00:00
redhat
redhat
(RHSA-2022:7745) Moderate: freetype security update
2022-11-08 06:27:55
(RHSA-2024:0420) Moderate: freetype security update
2024-01-24 14:40:27
(RHSA-2022:8340) Moderate: freetype security update
2022-11-15 06:21:54
almalinux
almalinux
Moderate: freetype security update
2022-11-08 00:00:00
Moderate: freetype security update
2022-11-15 00:00:00
rocky
rocky
freetype security update
2022-11-08 06:27:55
freetype security update
2022-11-15 06:21:54
openvas
openvas
Huawei EulerOS: Security Advisory for freetype (EulerOS-SA-2022-1994)
2022-07-08 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:3252-1)
2022-09-13 00:00:00
Huawei EulerOS: Security Advisory for freetype (EulerOS-SA-2022-2130)
2022-07-29 00:00:00
osv
osv
Moderate: freetype security update
2022-11-08 06:27:55
Moderate: freetype security update
2022-11-15 00:00:00
Moderate: freetype security update
2022-11-15 06:21:54
oraclelinux
oraclelinux
freetype security update
2022-11-22 00:00:00
freetype security update
2022-11-15 00:00:00
fedora
fedora
[SECURITY] Fedora 34 Update: freetype-2.10.4-6.fc34
2022-05-20 01:56:53
[SECURITY] Fedora 36 Update: freetype-2.12.1-1.fc36
2022-05-07 05:16:35
[SECURITY] Fedora 36 Update: mingw-freetype-2.12.1-1.fc36
2022-05-11 01:22:40
mageia
mageia
Updated freetype2 packages fix security vulnerability
2022-05-15 13:06:40
qt
qt
Security advisory: FreeType in Qt
2022-07-27 00:00:00
suse
suse
Security update for freetype2 (moderate)
2022-09-12 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2212
2023-08-08 08:21:24
amazon
amazon
Medium: freetype
2023-01-18 00:16:00
Medium: freetype
2023-06-05 16:39:00
gentoo
gentoo
FreeType: Multiple Vulnerabilities
2024-02-03 00:00:00
ubuntu
ubuntu
FreeType vulnerabilities
2022-07-20 00:00:00
FreeType vulnerability
2022-05-30 00:00:00
cloudfoundry
cloudfoundry
USN-5528-1: FreeType vulnerabilities | Cloud Foundry
2022-08-26 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2022-0394
2022-05-16 00:00:00
Important Photon OS Security Update - PHSA-2022-3.0-0394
2022-05-16 00:00:00
Critical Photon OS Security Update - PHSA-2022-0392
2022-05-10 00:00:00
ubuntucve
ubuntucve
cve
cve
alpinelinux
alpinelinux
cbl_mariner
cbl_mariner
CVE-2022-27404 affecting package freetype 2.11.1-1
2022-05-26 19:04:38
CVE-2022-27406 affecting package freetype 2.11.1-2
2022-08-24 22:05:05
CVE-2022-27406 affecting package qt5-qtbase 5.15.9-1
2023-05-25 09:38:10
veracode
veracode
Denial Of Service (DoS)
2022-05-19 15:31:03
Denial Of Service (DoS)
2022-05-09 00:19:20
Denial Of Service (DoS)
2022-05-19 15:31:15
prion
prion
Design/Logic Flaw
2022-04-22 14:15:00
Heap overflow
2022-04-22 14:15:00
Design/Logic Flaw
2022-04-22 14:15:00
redhatcve
redhatcve
debiancve
debiancve
qualysblog
qualysblog
Oracle Patch Tuesday April 2023 Security Update Review
2023-04-19 11:47:21
Oracle Patch Tuesday, July 2023 Security Update Review
2023-07-19 15:56:06
ics
ics
Siemens RUGGEDCOM APE1808 Product Family
2023-09-14 12:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2023
2023-01-17 00:00:00
Oracle Critical Patch Update Advisory - July 2023
2023-07-18 00:00:00
Oracle Critical Patch Update Advisory - April 2023
2023-04-18 00:00:00
androidsecurity
androidsecurity
Android 14 Security Release Notes
2023-10-04 00:00:00
Related for AL2_ALAS-2023-1909.NASL