Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DLA-185.NASL
HistoryApr 01, 2015 - 12:00 a.m.

Debian DLA-185-1 : freetype security update

2015-04-0100:00:00
This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12
JSON

Mateusz Jurczyk discovered multiple vulnerabilities in Freetype.
Opening malformed fonts may result in denial of service or the execution of arbitrary code.

For the oldstable distribution (squeeze), these problems have been fixed in version 2.4.2-2.1+squeeze5.

For the stable distribution (wheezy), these problems were fixed in version 2.4.9-1.1+deb7u1.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DLA-185-1. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(82479);
  script_version("1.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2014-9656", "CVE-2014-9657", "CVE-2014-9658", "CVE-2014-9660", "CVE-2014-9661", "CVE-2014-9663", "CVE-2014-9664", "CVE-2014-9665", "CVE-2014-9666", "CVE-2014-9667", "CVE-2014-9669", "CVE-2014-9670", "CVE-2014-9671", "CVE-2014-9672", "CVE-2014-9673", "CVE-2014-9674", "CVE-2014-9675");
  script_bugtraq_id(72986);

  script_name(english:"Debian DLA-185-1 : freetype security update");
  script_summary(english:"Checks dpkg output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Mateusz Jurczyk discovered multiple vulnerabilities in Freetype.
Opening malformed fonts may result in denial of service or the
execution of arbitrary code.

For the oldstable distribution (squeeze), these problems have been
fixed in version 2.4.2-2.1+squeeze5.

For the stable distribution (wheezy), these problems were fixed in
version 2.4.9-1.1+deb7u1.

NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.debian.org/debian-lts-announce/2015/03/msg00022.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/squeeze-lts/freetype"
  );
  script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:freetype2-demos");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libfreetype6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libfreetype6-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libfreetype6-udeb");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/02/08");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/03/31");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/04/01");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"6.0", prefix:"freetype2-demos", reference:"2.4.2-2.1+squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"libfreetype6", reference:"2.4.2-2.1+squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"libfreetype6-dev", reference:"2.4.2-2.1+squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"libfreetype6-udeb", reference:"2.4.2-2.1+squeeze5")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
debiandebian_linuxfreetype2-demosp-cpe:/a:debian:debian_linux:freetype2-demos
debiandebian_linuxlibfreetype6p-cpe:/a:debian:debian_linux:libfreetype6
debiandebian_linuxlibfreetype6-devp-cpe:/a:debian:debian_linux:libfreetype6-dev
debiandebian_linuxlibfreetype6-udebp-cpe:/a:debian:debian_linux:libfreetype6-udeb
debiandebian_linux6.0cpe:/o:debian:debian_linux:6.0

References

Related

debian 4
openvas 17
nessus 17
osv 2
veracode 13
f5 3
amazon 1
redhat 1
ibm 4
mageia 1
centos 1
oraclelinux 1
securityvulns 2
gentoo 1
fedora 2
ubuntu 1
ubuntucve 17
debiancve 17
cve 17
cvelist 17
prion 17
googleprojectzero 1
androidsecurity 1
debian
debian
[SECURITY] [DLA 185-1] freetype security update
2015-03-31 23:30:56
[SECURITY] [DSA 3188-1] freetype security update
2015-03-15 19:49:22
[SECURITY] [DSA 3461-1] freetype security update
2016-01-31 08:11:39
openvas
openvas
Debian: Security Advisory (DLA-185-1)
2023-03-08 00:00:00
Debian Security Advisory DSA 3188-1 (freetype - security update)
2015-03-15 00:00:00
Debian: Security Advisory (DSA-3188-1)
2015-03-14 00:00:00
nessus
nessus
Debian DSA-3188-1 : freetype - security update
2015-03-17 00:00:00
Oracle Linux 6 / 7 : freetype (ELSA-2015-0696)
2015-03-18 00:00:00
F5 Networks BIG-IP : Multiple FreeType vulnerabilities (K16900)
2016-05-31 00:00:00
osv
osv
freetype - security update
2015-03-15 00:00:00
freetype - security update
2015-04-01 00:00:00
veracode
veracode
Integer Overflow
2019-05-02 05:12:39
NULL Pointer Dereference
2019-05-02 05:12:38
Integer Overflow
2019-05-02 05:12:39
f5
f5
K16900 : Multiple FreeType vulnerabilities
2015-07-09 00:00:00
K16380 : FreeType vulnerabilities CVE-2014-9656 and CVE-2014-9659
2015-04-09 00:00:00
SOL16380 - FreeType vulnerabilities CVE-2014-9656 and CVE-2014-9659
2015-04-09 00:00:00
amazon
amazon
Important: freetype
2015-04-01 13:56:00
redhat
redhat
(RHSA-2015:0696) Important: freetype security update
2015-03-17 16:08:39
ibm
ibm
Security Bulletin: PowerKVM is affected by freetype vulnerabilities (Multiple CVEs)
2018-06-18 01:28:15
Security Bulletin: IBM Flex System Manager (FSM) is affected by multiple freetype2 vulnerabilities
2018-06-18 01:32:58
Security Bulletin: Vulnerabilities in krb5, giflib and freetype2 affect IBM BladeCenter Advanced Management Module (AMM) and IBM Flex System Chassis Management Module (CMM)
2023-04-14 14:32:25
mageia
mageia
Updated freetype2 packages fix security vulnerabilities
2015-02-25 00:20:13
centos
centos
freetype security update
2015-03-18 18:53:49
oraclelinux
oraclelinux
freetype security update
2015-03-17 00:00:00
securityvulns
securityvulns
Freetype multiple security vulnerabilities
2015-03-08 00:00:00
[USN-2510-1] FreeType vulnerabilities
2015-03-08 00:00:00
gentoo
gentoo
FreeType: Multiple vulnerabilities
2015-03-08 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: freetype-2.5.3-15.fc21
2015-02-19 18:01:31
[SECURITY] Fedora 20 Update: freetype-2.5.0-9.fc20
2015-02-20 08:31:09
ubuntu
ubuntu
FreeType vulnerabilities
2015-02-24 00:00:00
ubuntucve
ubuntucve
CVE-2014-9665
2015-02-08 00:00:00
CVE-2014-9666
2015-02-08 00:00:00
CVE-2014-9672
2015-02-08 00:00:00
debiancve
debiancve
CVE-2014-9666
2015-02-08 11:59:00
CVE-2014-9665
2015-02-08 11:59:00
CVE-2014-9672
2015-02-08 11:59:00
cve
cve
CVE-2014-9666
2015-02-08 11:59:00
CVE-2014-9672
2015-02-08 11:59:00
CVE-2014-9656
2015-02-08 11:59:00
cvelist
cvelist
CVE-2014-9665
2015-02-08 11:00:00
CVE-2014-9672
2015-02-08 11:00:00
CVE-2014-9666
2015-02-08 11:00:00
prion
prion
Out-of-bounds
2015-02-08 11:59:00
Integer overflow
2015-02-08 11:59:00
Integer overflow
2015-02-08 11:59:00
googleprojectzero
googleprojectzero
Dรฉjร  vu-lnerability
2021-02-03 00:00:00
androidsecurity
androidsecurity
Android Security Bulletinโ€”November 2016
2016-11-07 00:00:00
JSON
Related for DEBIAN_DLA-185.NASL
debian4openvas17nessus17osv2veracode13f53amazon1redhat1ibm4mageia1centos1oraclelinux1securityvulns2gentoo1fedora2ubuntu1ubuntucve17debiancve17cve17cvelist17prion17googleprojectzero1androidsecurity1