Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DSA-3370.NASL
HistoryOct 07, 2015 - 12:00 a.m.

Debian DSA-3370-1 : freetype - security update

2015-10-0700:00:00
This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12
JSON

It was discovered that FreeType did not properly handle some malformed inputs. This could allow remote attackers to cause a denial of service (crash) via crafted font files.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-3370. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(86304);
  script_version("2.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2014-9745", "CVE-2014-9746", "CVE-2014-9747");
  script_xref(name:"DSA", value:"3370");

  script_name(english:"Debian DSA-3370-1 : freetype - security update");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"It was discovered that FreeType did not properly handle some malformed
inputs. This could allow remote attackers to cause a denial of service
(crash) via crafted font files."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798619"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798620"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/wheezy/freetype"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/jessie/freetype"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.debian.org/security/2015/dsa-3370"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the freetype packages.

For the oldstable distribution (wheezy), these problems have been
fixed in version 2.4.9-1.1+deb7u2.

For the stable distribution (jessie), these problems have been fixed
in version 2.5.2-3+deb8u1."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:freetype");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2015/10/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/10/07");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"7.0", prefix:"freetype2-demos", reference:"2.4.9-1.1+deb7u2")) flag++;
if (deb_check(release:"7.0", prefix:"libfreetype6", reference:"2.4.9-1.1+deb7u2")) flag++;
if (deb_check(release:"7.0", prefix:"libfreetype6-dev", reference:"2.4.9-1.1+deb7u2")) flag++;
if (deb_check(release:"7.0", prefix:"libfreetype6-udeb", reference:"2.4.9-1.1+deb7u2")) flag++;
if (deb_check(release:"8.0", prefix:"freetype2-demos", reference:"2.5.2-3+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"libfreetype6", reference:"2.5.2-3+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"libfreetype6-dev", reference:"2.5.2-3+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"libfreetype6-udeb", reference:"2.5.2-3+deb8u1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
debiandebian_linuxfreetypep-cpe:/a:debian:debian_linux:freetype
debiandebian_linux7.0cpe:/o:debian:debian_linux:7.0
debiandebian_linux8.0cpe:/o:debian:debian_linux:8.0

Related

openvas 10
securityvulns 2
debian 2
nessus 9
f5 4
prion 3
ubuntucve 3
cve 3
debiancve 3
ubuntu 1
ibm 2
oracle 1
openvas
openvas
Debian: Security Advisory (DLA-319-1)
2023-03-08 00:00:00
Debian Security Advisory DSA 3370-1 (freetype - security update)
2015-10-06 00:00:00
Debian: Security Advisory (DSA-3370-1)
2015-10-05 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 3370-1] freetype security update
2015-10-11 00:00:00
FreeType DoS
2015-10-11 00:00:00
debian
debian
[SECURITY] [DLA 319-1] freetype security update
2015-09-30 07:06:52
[SECURITY] [DSA 3370-1] freetype security update
2015-10-06 21:52:34
nessus
nessus
Debian DLA-319-1 : freetype security update
2015-10-01 00:00:00
SUSE SLES11 Security Update : freetype2 (SUSE-SU-2016:1149-1)
2016-04-27 00:00:00
openSUSE Security Update : freetype2 (openSUSE-2015-639)
2015-10-12 00:00:00
f5
f5
K52439336 : FreeType vulnerabilities CVE-2014-9746 and CVE-2014-9747
2016-09-06 00:00:00
SOL52439336 - FreeType vulnerabilities CVE-2014-9746 and CVE-2014-9747
2016-09-06 00:00:00
K72372334 : FreeType vulnerability CVE-2014-9745
2016-09-28 00:00:00
prion
prion
Code injection
2016-06-07 14:06:00
Code injection
2015-09-14 20:59:00
Code injection
2016-06-07 14:06:00
ubuntucve
ubuntucve
CVE-2014-9747
2016-06-07 00:00:00
CVE-2014-9745
2015-09-14 00:00:00
CVE-2014-9746
2016-06-07 00:00:00
cve
cve
CVE-2014-9747
2016-06-07 14:06:00
CVE-2014-9746
2016-06-07 14:06:00
CVE-2014-9745
2015-09-14 20:59:00
debiancve
debiancve
CVE-2014-9745
2015-09-14 20:59:00
CVE-2014-9746
2016-06-07 14:06:00
CVE-2014-9747
2016-06-07 14:06:00
ubuntu
ubuntu
FreeType vulnerabilities
2015-09-10 00:00:00
ibm
ibm
Security Bulletin: IBM Flex System Manager (FSM) is affected by multiple freetype2 vulnerabilities
2018-06-18 01:32:58
Security Bulletin: Vulnerabilities in krb5, giflib and freetype2 affect IBM BladeCenter Advanced Management Module (AMM) and IBM Flex System Chassis Management Module (CMM)
2023-04-14 14:32:25
oracle
oracle
CPU July 2018
2018-07-17 00:00:00
JSON
Related for DEBIAN_DSA-3370.NASL
openvas10securityvulns2debian2nessus9f54prion3ubuntucve3cve3debiancve3ubuntu1ibm2oracle1