{"id": "MANDRIVA_MDVSA-2013-039.NASL", "bulletinFamily": "scanner", "title": "Mandriva Linux Security Advisory : freetype2 (MDVSA-2013:039)", "description": "Updated freetype2 packages fixes security vulnerabilities :\n\nA NULL pointer de-reference flaw was found in the way Freetype font rendering engine handled Glyph bitmap distribution format (BDF) fonts.\nA remote attacker could provide a specially crafted BDF font file, which once processed in an application linked against FreeType would lead to that application crash (CVE-2012-5668).\n\nAn out-of heap-based buffer read flaw was found in the way FreeType font rendering engine performed parsing of glyph information and relevant bitmaps for glyph bitmap distribution format (BDF). A remote attacker could provide a specially crafted BDF font file, which once opened in an application linked against FreeType would lead to that application crash (CVE-2012-5669).\n\nAn out-of heap-based buffer write flaw was found in the way FreeType font rendering engine performed parsing of glyph information and relevant bitmaps for glyph bitmap distribution format (BDF). A remote attacker could provide a specially crafted font file, which once opened in an application linked against FreeType would lead to that application crash, or, potentially, arbitrary code execution with the privileges of the user running the application (CVE-2012-5670).", "published": "2013-04-20T00:00:00", "modified": "2018-07-19T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=66053", "reporter": "Tenable", "references": [], "cvelist": ["CVE-2012-5670", "CVE-2012-5669", "CVE-2012-5668"], "type": "nessus", "lastseen": "2018-09-01T23:35:47", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:mandriva:business_server:1", "p-cpe:/a:mandriva:linux:lib64freetype6", "p-cpe:/a:mandriva:linux:lib64freetype6-static-devel", "p-cpe:/a:mandriva:linux:freetype2-demos", "p-cpe:/a:mandriva:linux:lib64freetype6-devel"], "cvelist": ["CVE-2012-5670", "CVE-2012-5669", "CVE-2012-5668"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Updated freetype2 packages fixes security vulnerabilities :\n\nA NULL pointer de-reference flaw was found in the way Freetype font rendering engine handled Glyph bitmap distribution format (BDF) fonts.\nA remote attacker could provide a specially crafted BDF font file, which once processed in an application linked against FreeType would lead to that application crash (CVE-2012-5668).\n\nAn out-of heap-based buffer read flaw was found in the way FreeType font rendering engine performed parsing of glyph information and relevant bitmaps for glyph bitmap distribution format (BDF). A remote attacker could provide a specially crafted BDF font file, which once opened in an application linked against FreeType would lead to that application crash (CVE-2012-5669).\n\nAn out-of heap-based buffer write flaw was found in the way FreeType font rendering engine performed parsing of glyph information and relevant bitmaps for glyph bitmap distribution format (BDF). A remote attacker could provide a specially crafted font file, which once opened in an application linked against FreeType would lead to that application crash, or, potentially, arbitrary code execution with the privileges of the user running the application (CVE-2012-5670).", "edition": 4, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "1ac5ea3456081663d64fa169d381f3cae3822bb6b34b6c7c5b1e8f349e2c9c17", "hashmap": [{"hash": "72bd37631099303d7950c100cbeb09b8", "key": "href"}, {"hash": "40d7555b16393646c35c57027926aac1", "key": "sourceData"}, {"hash": "603733efd45d186c54d63908ab1d323f", "key": "cpe"}, {"hash": "e2914120514a29eeccc01e381df164d8", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "56764ae2b7830c5ad15c6446c19a247a", "key": "description"}, {"hash": "b94f7a9d9658386805df04d967dc1a59", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "8277f4b5ed0321254b5e6e09ca4d3fd2", "key": "pluginID"}, {"hash": "62ac00828af2e0f19424992deefe9163", "key": "title"}, {"hash": "526837706681051344a466f9e51ac982", "key": "naslFamily"}, {"hash": "634d1af54c551c354e3204db0cbbc77a", "key": "published"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=66053", "id": "MANDRIVA_MDVSA-2013-039.NASL", "lastseen": "2018-08-30T19:32:59", "modified": "2018-07-19T00:00:00", "naslFamily": "Mandriva Local Security Checks", "objectVersion": "1.3", "pluginID": "66053", "published": "2013-04-20T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2013:039. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(66053);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/19 20:59:18\");\n\n script_cve_id(\"CVE-2012-5668\", \"CVE-2012-5669\", \"CVE-2012-5670\");\n script_bugtraq_id(57041);\n script_xref(name:\"MDVSA\", value:\"2013:039\");\n script_xref(name:\"MGASA\", value:\"2012-0369\");\n\n script_name(english:\"Mandriva Linux Security Advisory : freetype2 (MDVSA-2013:039)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated freetype2 packages fixes security vulnerabilities :\n\nA NULL pointer de-reference flaw was found in the way Freetype font\nrendering engine handled Glyph bitmap distribution format (BDF) fonts.\nA remote attacker could provide a specially crafted BDF font file,\nwhich once processed in an application linked against FreeType would\nlead to that application crash (CVE-2012-5668).\n\nAn out-of heap-based buffer read flaw was found in the way FreeType\nfont rendering engine performed parsing of glyph information and\nrelevant bitmaps for glyph bitmap distribution format (BDF). A remote\nattacker could provide a specially crafted BDF font file, which once\nopened in an application linked against FreeType would lead to that\napplication crash (CVE-2012-5669).\n\nAn out-of heap-based buffer write flaw was found in the way FreeType\nfont rendering engine performed parsing of glyph information and\nrelevant bitmaps for glyph bitmap distribution format (BDF). A remote\nattacker could provide a specially crafted font file, which once\nopened in an application linked against FreeType would lead to that\napplication crash, or, potentially, arbitrary code execution with the\nprivileges of the user running the application (CVE-2012-5670).\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:freetype2-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freetype6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freetype6-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freetype6-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/04/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/04/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"freetype2-demos-2.4.9-2.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64freetype6-2.4.9-2.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64freetype6-devel-2.4.9-2.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64freetype6-static-devel-2.4.9-2.1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Mandriva Linux Security Advisory : freetype2 (MDVSA-2013:039)", "type": "nessus", "viewCount": 1}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2018-08-30T19:32:59"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:mandriva:business_server:1", "p-cpe:/a:mandriva:linux:lib64freetype6", "p-cpe:/a:mandriva:linux:lib64freetype6-static-devel", "p-cpe:/a:mandriva:linux:freetype2-demos", "p-cpe:/a:mandriva:linux:lib64freetype6-devel"], "cvelist": ["CVE-2012-5670", "CVE-2012-5669", "CVE-2012-5668"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "Updated freetype2 packages fixes security vulnerabilities :\n\nA NULL pointer de-reference flaw was found in the way Freetype font rendering engine handled Glyph bitmap distribution format (BDF) fonts.\nA remote attacker could provide a specially crafted BDF font file, which once processed in an application linked against FreeType would lead to that application crash (CVE-2012-5668).\n\nAn out-of heap-based buffer read flaw was found in the way FreeType font rendering engine performed parsing of glyph information and relevant bitmaps for glyph bitmap distribution format (BDF). A remote attacker could provide a specially crafted BDF font file, which once opened in an application linked against FreeType would lead to that application crash (CVE-2012-5669).\n\nAn out-of heap-based buffer write flaw was found in the way FreeType font rendering engine performed parsing of glyph information and relevant bitmaps for glyph bitmap distribution format (BDF). A remote attacker could provide a specially crafted font file, which once opened in an application linked against FreeType would lead to that application crash, or, potentially, arbitrary code execution with the privileges of the user running the application (CVE-2012-5670).", "edition": 3, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "41bbb811d3f28c707654e479cb9bb360c9e205746b2cb512a47fe15ccd94a88f", "hashmap": [{"hash": "72bd37631099303d7950c100cbeb09b8", "key": "href"}, {"hash": "40d7555b16393646c35c57027926aac1", "key": "sourceData"}, {"hash": "603733efd45d186c54d63908ab1d323f", "key": "cpe"}, {"hash": "e2914120514a29eeccc01e381df164d8", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "56764ae2b7830c5ad15c6446c19a247a", "key": "description"}, {"hash": "b94f7a9d9658386805df04d967dc1a59", "key": "cvelist"}, {"hash": "3873c836ae45fd496c2b40bae50467ed", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "8277f4b5ed0321254b5e6e09ca4d3fd2", "key": "pluginID"}, {"hash": "62ac00828af2e0f19424992deefe9163", "key": "title"}, {"hash": "526837706681051344a466f9e51ac982", "key": "naslFamily"}, {"hash": "634d1af54c551c354e3204db0cbbc77a", "key": "published"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=66053", "id": "MANDRIVA_MDVSA-2013-039.NASL", "lastseen": "2018-08-02T07:38:59", "modified": "2018-07-19T00:00:00", "naslFamily": "Mandriva Local Security Checks", "objectVersion": "1.3", "pluginID": "66053", "published": "2013-04-20T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2013:039. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(66053);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/19 20:59:18\");\n\n script_cve_id(\"CVE-2012-5668\", \"CVE-2012-5669\", \"CVE-2012-5670\");\n script_bugtraq_id(57041);\n script_xref(name:\"MDVSA\", value:\"2013:039\");\n script_xref(name:\"MGASA\", value:\"2012-0369\");\n\n script_name(english:\"Mandriva Linux Security Advisory : freetype2 (MDVSA-2013:039)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated freetype2 packages fixes security vulnerabilities :\n\nA NULL pointer de-reference flaw was found in the way Freetype font\nrendering engine handled Glyph bitmap distribution format (BDF) fonts.\nA remote attacker could provide a specially crafted BDF font file,\nwhich once processed in an application linked against FreeType would\nlead to that application crash (CVE-2012-5668).\n\nAn out-of heap-based buffer read flaw was found in the way FreeType\nfont rendering engine performed parsing of glyph information and\nrelevant bitmaps for glyph bitmap distribution format (BDF). A remote\nattacker could provide a specially crafted BDF font file, which once\nopened in an application linked against FreeType would lead to that\napplication crash (CVE-2012-5669).\n\nAn out-of heap-based buffer write flaw was found in the way FreeType\nfont rendering engine performed parsing of glyph information and\nrelevant bitmaps for glyph bitmap distribution format (BDF). A remote\nattacker could provide a specially crafted font file, which once\nopened in an application linked against FreeType would lead to that\napplication crash, or, potentially, arbitrary code execution with the\nprivileges of the user running the application (CVE-2012-5670).\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:freetype2-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freetype6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freetype6-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freetype6-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/04/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/04/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"freetype2-demos-2.4.9-2.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64freetype6-2.4.9-2.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64freetype6-devel-2.4.9-2.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64freetype6-static-devel-2.4.9-2.1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Mandriva Linux Security Advisory : freetype2 (MDVSA-2013:039)", "type": "nessus", "viewCount": 1}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-02T07:38:59"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2012-5670", "CVE-2012-5669", "CVE-2012-5668"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "Updated freetype2 packages fixes security vulnerabilities :\n\nA NULL pointer de-reference flaw was found in the way Freetype font rendering engine handled Glyph bitmap distribution format (BDF) fonts.\nA remote attacker could provide a specially crafted BDF font file, which once processed in an application linked against FreeType would lead to that application crash (CVE-2012-5668).\n\nAn out-of heap-based buffer read flaw was found in the way FreeType font rendering engine performed parsing of glyph information and relevant bitmaps for glyph bitmap distribution format (BDF). A remote attacker could provide a specially crafted BDF font file, which once opened in an application linked against FreeType would lead to that application crash (CVE-2012-5669).\n\nAn out-of heap-based buffer write flaw was found in the way FreeType font rendering engine performed parsing of glyph information and relevant bitmaps for glyph bitmap distribution format (BDF). A remote attacker could provide a specially crafted font file, which once opened in an application linked against FreeType would lead to that application crash, or, potentially, arbitrary code execution with the privileges of the user running the application (CVE-2012-5670).", "edition": 1, "enchantments": {}, "hash": "80951f24061214027684cb6674fafa2773ed0352170d1b1fed63b9da8607f47f", "hashmap": [{"hash": "72bd37631099303d7950c100cbeb09b8", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "56764ae2b7830c5ad15c6446c19a247a", "key": "description"}, {"hash": "7f11b990e692d8bc6cd16c0eb5466e64", "key": "modified"}, {"hash": "b94f7a9d9658386805df04d967dc1a59", "key": "cvelist"}, {"hash": "3873c836ae45fd496c2b40bae50467ed", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "8277f4b5ed0321254b5e6e09ca4d3fd2", "key": "pluginID"}, {"hash": "62ac00828af2e0f19424992deefe9163", "key": "title"}, {"hash": "526837706681051344a466f9e51ac982", "key": "naslFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "e6be430702806057a08796665266c884", "key": "sourceData"}, {"hash": "634d1af54c551c354e3204db0cbbc77a", "key": "published"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=66053", "id": "MANDRIVA_MDVSA-2013-039.NASL", "lastseen": "2016-09-26T17:23:34", "modified": "2014-08-20T00:00:00", "naslFamily": "Mandriva Local Security Checks", "objectVersion": "1.2", "pluginID": "66053", "published": "2013-04-20T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2013:039. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(66053);\n script_version(\"$Revision: 1.6 $\");\n script_cvs_date(\"$Date: 2014/08/20 15:05:36 $\");\n\n script_cve_id(\"CVE-2012-5668\", \"CVE-2012-5669\", \"CVE-2012-5670\");\n script_bugtraq_id(57041);\n script_xref(name:\"MDVSA\", value:\"2013:039\");\n script_xref(name:\"MGASA\", value:\"2012-0369\");\n\n script_name(english:\"Mandriva Linux Security Advisory : freetype2 (MDVSA-2013:039)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated freetype2 packages fixes security vulnerabilities :\n\nA NULL pointer de-reference flaw was found in the way Freetype font\nrendering engine handled Glyph bitmap distribution format (BDF) fonts.\nA remote attacker could provide a specially crafted BDF font file,\nwhich once processed in an application linked against FreeType would\nlead to that application crash (CVE-2012-5668).\n\nAn out-of heap-based buffer read flaw was found in the way FreeType\nfont rendering engine performed parsing of glyph information and\nrelevant bitmaps for glyph bitmap distribution format (BDF). A remote\nattacker could provide a specially crafted BDF font file, which once\nopened in an application linked against FreeType would lead to that\napplication crash (CVE-2012-5669).\n\nAn out-of heap-based buffer write flaw was found in the way FreeType\nfont rendering engine performed parsing of glyph information and\nrelevant bitmaps for glyph bitmap distribution format (BDF). A remote\nattacker could provide a specially crafted font file, which once\nopened in an application linked against FreeType would lead to that\napplication crash, or, potentially, arbitrary code execution with the\nprivileges of the user running the application (CVE-2012-5670).\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:freetype2-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freetype6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freetype6-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freetype6-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/04/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/04/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"freetype2-demos-2.4.9-2.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64freetype6-2.4.9-2.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64freetype6-devel-2.4.9-2.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64freetype6-static-devel-2.4.9-2.1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Mandriva Linux Security Advisory : freetype2 (MDVSA-2013:039)", "type": "nessus", "viewCount": 1}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:23:34"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:mandriva:business_server:1", "p-cpe:/a:mandriva:linux:lib64freetype6", "p-cpe:/a:mandriva:linux:lib64freetype6-static-devel", "p-cpe:/a:mandriva:linux:freetype2-demos", "p-cpe:/a:mandriva:linux:lib64freetype6-devel"], "cvelist": ["CVE-2012-5670", "CVE-2012-5669", "CVE-2012-5668"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "Updated freetype2 packages fixes security vulnerabilities :\n\nA NULL pointer de-reference flaw was found in the way Freetype font rendering engine handled Glyph bitmap distribution format (BDF) fonts.\nA remote attacker could provide a specially crafted BDF font file, which once processed in an application linked against FreeType would lead to that application crash (CVE-2012-5668).\n\nAn out-of heap-based buffer read flaw was found in the way FreeType font rendering engine performed parsing of glyph information and relevant bitmaps for glyph bitmap distribution format (BDF). A remote attacker could provide a specially crafted BDF font file, which once opened in an application linked against FreeType would lead to that application crash (CVE-2012-5669).\n\nAn out-of heap-based buffer write flaw was found in the way FreeType font rendering engine performed parsing of glyph information and relevant bitmaps for glyph bitmap distribution format (BDF). A remote attacker could provide a specially crafted font file, which once opened in an application linked against FreeType would lead to that application crash, or, potentially, arbitrary code execution with the privileges of the user running the application (CVE-2012-5670).", "edition": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "1c066778a2cefe49d9365ad2f4d5e71ca04e76a0afe240e52fc3be855ce0a521", "hashmap": [{"hash": "72bd37631099303d7950c100cbeb09b8", "key": "href"}, {"hash": "603733efd45d186c54d63908ab1d323f", "key": "cpe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "56764ae2b7830c5ad15c6446c19a247a", "key": "description"}, {"hash": "7f11b990e692d8bc6cd16c0eb5466e64", "key": "modified"}, {"hash": "b94f7a9d9658386805df04d967dc1a59", "key": "cvelist"}, {"hash": "3873c836ae45fd496c2b40bae50467ed", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "8277f4b5ed0321254b5e6e09ca4d3fd2", "key": "pluginID"}, {"hash": "62ac00828af2e0f19424992deefe9163", "key": "title"}, {"hash": "526837706681051344a466f9e51ac982", "key": "naslFamily"}, {"hash": "e6be430702806057a08796665266c884", "key": "sourceData"}, {"hash": "634d1af54c551c354e3204db0cbbc77a", "key": "published"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=66053", "id": "MANDRIVA_MDVSA-2013-039.NASL", "lastseen": "2017-10-29T13:34:37", "modified": "2014-08-20T00:00:00", "naslFamily": "Mandriva Local Security Checks", "objectVersion": "1.3", "pluginID": "66053", "published": "2013-04-20T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2013:039. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(66053);\n script_version(\"$Revision: 1.6 $\");\n script_cvs_date(\"$Date: 2014/08/20 15:05:36 $\");\n\n script_cve_id(\"CVE-2012-5668\", \"CVE-2012-5669\", \"CVE-2012-5670\");\n script_bugtraq_id(57041);\n script_xref(name:\"MDVSA\", value:\"2013:039\");\n script_xref(name:\"MGASA\", value:\"2012-0369\");\n\n script_name(english:\"Mandriva Linux Security Advisory : freetype2 (MDVSA-2013:039)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated freetype2 packages fixes security vulnerabilities :\n\nA NULL pointer de-reference flaw was found in the way Freetype font\nrendering engine handled Glyph bitmap distribution format (BDF) fonts.\nA remote attacker could provide a specially crafted BDF font file,\nwhich once processed in an application linked against FreeType would\nlead to that application crash (CVE-2012-5668).\n\nAn out-of heap-based buffer read flaw was found in the way FreeType\nfont rendering engine performed parsing of glyph information and\nrelevant bitmaps for glyph bitmap distribution format (BDF). A remote\nattacker could provide a specially crafted BDF font file, which once\nopened in an application linked against FreeType would lead to that\napplication crash (CVE-2012-5669).\n\nAn out-of heap-based buffer write flaw was found in the way FreeType\nfont rendering engine performed parsing of glyph information and\nrelevant bitmaps for glyph bitmap distribution format (BDF). A remote\nattacker could provide a specially crafted font file, which once\nopened in an application linked against FreeType would lead to that\napplication crash, or, potentially, arbitrary code execution with the\nprivileges of the user running the application (CVE-2012-5670).\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:freetype2-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freetype6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freetype6-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freetype6-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/04/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/04/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"freetype2-demos-2.4.9-2.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64freetype6-2.4.9-2.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64freetype6-devel-2.4.9-2.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64freetype6-static-devel-2.4.9-2.1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Mandriva Linux Security Advisory : freetype2 (MDVSA-2013:039)", "type": "nessus", "viewCount": 1}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2017-10-29T13:34:37"}], "edition": 5, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "603733efd45d186c54d63908ab1d323f"}, {"key": "cvelist", "hash": "b94f7a9d9658386805df04d967dc1a59"}, {"key": "cvss", "hash": "3873c836ae45fd496c2b40bae50467ed"}, {"key": "description", "hash": "56764ae2b7830c5ad15c6446c19a247a"}, {"key": "href", "hash": "72bd37631099303d7950c100cbeb09b8"}, {"key": "modified", "hash": "e2914120514a29eeccc01e381df164d8"}, {"key": "naslFamily", "hash": "526837706681051344a466f9e51ac982"}, {"key": "pluginID", "hash": "8277f4b5ed0321254b5e6e09ca4d3fd2"}, {"key": "published", "hash": "634d1af54c551c354e3204db0cbbc77a"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "40d7555b16393646c35c57027926aac1"}, {"key": "title", "hash": "62ac00828af2e0f19424992deefe9163"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "41bbb811d3f28c707654e479cb9bb360c9e205746b2cb512a47fe15ccd94a88f", "viewCount": 1, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2013:039. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(66053);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/19 20:59:18\");\n\n script_cve_id(\"CVE-2012-5668\", \"CVE-2012-5669\", \"CVE-2012-5670\");\n script_bugtraq_id(57041);\n script_xref(name:\"MDVSA\", value:\"2013:039\");\n script_xref(name:\"MGASA\", value:\"2012-0369\");\n\n script_name(english:\"Mandriva Linux Security Advisory : freetype2 (MDVSA-2013:039)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated freetype2 packages fixes security vulnerabilities :\n\nA NULL pointer de-reference flaw was found in the way Freetype font\nrendering engine handled Glyph bitmap distribution format (BDF) fonts.\nA remote attacker could provide a specially crafted BDF font file,\nwhich once processed in an application linked against FreeType would\nlead to that application crash (CVE-2012-5668).\n\nAn out-of heap-based buffer read flaw was found in the way FreeType\nfont rendering engine performed parsing of glyph information and\nrelevant bitmaps for glyph bitmap distribution format (BDF). A remote\nattacker could provide a specially crafted BDF font file, which once\nopened in an application linked against FreeType would lead to that\napplication crash (CVE-2012-5669).\n\nAn out-of heap-based buffer write flaw was found in the way FreeType\nfont rendering engine performed parsing of glyph information and\nrelevant bitmaps for glyph bitmap distribution format (BDF). A remote\nattacker could provide a specially crafted font file, which once\nopened in an application linked against FreeType would lead to that\napplication crash, or, potentially, arbitrary code execution with the\nprivileges of the user running the application (CVE-2012-5670).\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:freetype2-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freetype6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freetype6-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freetype6-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/04/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/04/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"freetype2-demos-2.4.9-2.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64freetype6-2.4.9-2.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64freetype6-devel-2.4.9-2.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64freetype6-static-devel-2.4.9-2.1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Mandriva Local Security Checks", "pluginID": "66053", "cpe": ["cpe:/o:mandriva:business_server:1", "p-cpe:/a:mandriva:linux:lib64freetype6", "p-cpe:/a:mandriva:linux:lib64freetype6-static-devel", "p-cpe:/a:mandriva:linux:freetype2-demos", "p-cpe:/a:mandriva:linux:lib64freetype6-devel"]}

{"cve": [{"lastseen": "2017-04-18T15:53:34", "references": ["http://www.securitytracker.com/id?1027921", "http://lists.opensuse.org/opensuse-updates/2013-01/msg00056.html", "http://www.freetype.org/", "http://www.ubuntu.com/usn/USN-1686-1", "https://savannah.nongnu.org/bugs/?37907", "http://lists.opensuse.org/opensuse-updates/2013-01/msg00078.html", "http://www.openwall.com/lists/oss-security/2012/12/25/2", "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.520186", "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=7f2e4f4f553f6836be7683f66226afac3fa979b8"], "edition": 2, "description": "The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) via vectors related to BDF fonts and an ENCODING field with a negative value.", "reporter": "NVD", "published": "2013-01-24T16:55:01", "title": "CVE-2012-5670", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "cve", "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2012-5670"], "scanner": [], "modified": "2016-12-06T22:00:12", "cpe": ["cpe:/a:freetype:freetype:2.4.3", "cpe:/a:freetype:freetype:2.3.4", "cpe:/a:freetype:freetype:2.4.8", "cpe:/a:freetype:freetype:2.0.6", "cpe:/a:freetype:freetype:2.4.4", "cpe:/a:freetype:freetype:2.1", "cpe:/a:freetype:freetype:2.3.7", "cpe:/a:freetype:freetype:2.0.9", "cpe:/a:freetype:freetype:2.2.1", "cpe:/a:freetype:freetype:2.4.2", "cpe:/a:freetype:freetype:2.1.9", "cpe:/a:freetype:freetype:2.1.4", "cpe:/a:freetype:freetype:2.3.5", "cpe:/a:freetype:freetype:2.3.10", "cpe:/a:freetype:freetype:2.3.11", "cpe:/a:freetype:freetype:2.2", "cpe:/a:freetype:freetype:2.1.6", "cpe:/a:freetype:freetype:2.4.9", "cpe:/a:freetype:freetype:2.0.7", "cpe:/a:freetype:freetype:2.3.6", "cpe:/a:freetype:freetype:2.4.6", "cpe:/a:freetype:freetype:2.1.8", "cpe:/a:freetype:freetype:2.1.5", "cpe:/a:freetype:freetype:2.3.3", "cpe:/a:freetype:freetype:2.3.9", "cpe:/a:freetype:freetype:2.0.8", "cpe:/a:freetype:freetype:2.1.10", "cpe:/a:freetype:freetype:2.0.4", "cpe:/a:freetype:freetype:2.3.2", "cpe:/a:freetype:freetype:2.1.8:rc1", "cpe:/a:freetype:freetype:2.4.1", "cpe:/a:freetype:freetype:2.1.8_rc1", "cpe:/a:freetype:freetype:2.4.7", "cpe:/a:freetype:freetype:2.3.1", "cpe:/a:freetype:freetype:2.3.0", "cpe:/a:freetype:freetype:2.0.1", "cpe:/a:freetype:freetype:2.4.0", "cpe:/a:freetype:freetype:1.3.1", "cpe:/a:freetype:freetype:2.0.2", "cpe:/a:freetype:freetype:2.1.3", "cpe:/a:freetype:freetype:2.3.8", "cpe:/a:freetype:freetype:2.4.10", "cpe:/a:freetype:freetype:2.0", "cpe:/a:freetype:freetype:2.0.3", "cpe:/a:freetype:freetype:2.1.7", "cpe:/a:freetype:freetype:2.3.12", "cpe:/a:freetype:freetype:2.4.5", "cpe:/a:freetype:freetype:2.0.5"], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5670", "id": "CVE-2012-5670", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-04-18T15:53:34", "references": ["http://www.securitytracker.com/id?1027921", "http://lists.opensuse.org/opensuse-updates/2013-01/msg00068.html", "http://lists.opensuse.org/opensuse-updates/2013-01/msg00056.html", "http://www.freetype.org/", "http://www.ubuntu.com/usn/USN-1686-1", "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=9b6b5754b57c12b820e01305eb69b8863a161e5a", "http://lists.opensuse.org/opensuse-updates/2013-01/msg00078.html", "https://savannah.nongnu.org/bugs/?37905", "http://www.openwall.com/lists/oss-security/2012/12/25/2", "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.520186"], "edition": 2, "description": "FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to BDF fonts and the improper handling of an \"allocation error\" in the bdf_free_font function.", "reporter": "NVD", "published": "2013-01-24T16:55:01", "title": "CVE-2012-5668", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "cve", "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2012-5668"], "scanner": [], "modified": "2016-12-06T22:00:10", "cpe": ["cpe:/a:freetype:freetype:2.4.3", "cpe:/a:freetype:freetype:2.3.4", "cpe:/a:freetype:freetype:2.4.8", "cpe:/a:freetype:freetype:2.0.6", "cpe:/a:freetype:freetype:2.4.4", "cpe:/a:freetype:freetype:2.1", "cpe:/a:freetype:freetype:2.3.7", "cpe:/a:freetype:freetype:2.0.9", "cpe:/a:freetype:freetype:2.2.1", "cpe:/a:freetype:freetype:2.4.2", "cpe:/a:freetype:freetype:2.1.9", "cpe:/a:freetype:freetype:2.1.4", "cpe:/a:freetype:freetype:2.3.5", "cpe:/a:freetype:freetype:2.3.10", "cpe:/a:freetype:freetype:2.3.11", "cpe:/a:freetype:freetype:2.2", "cpe:/a:freetype:freetype:2.1.6", "cpe:/a:freetype:freetype:2.4.9", "cpe:/a:freetype:freetype:2.0.7", "cpe:/a:freetype:freetype:2.3.6", "cpe:/a:freetype:freetype:2.4.6", "cpe:/a:freetype:freetype:2.1.8", "cpe:/a:freetype:freetype:2.1.5", "cpe:/a:freetype:freetype:2.3.3", "cpe:/a:freetype:freetype:2.3.9", "cpe:/a:freetype:freetype:2.0.8", "cpe:/a:freetype:freetype:2.1.10", "cpe:/a:freetype:freetype:2.0.4", "cpe:/a:freetype:freetype:2.3.2", "cpe:/a:freetype:freetype:2.1.8:rc1", "cpe:/a:freetype:freetype:2.4.1", "cpe:/a:freetype:freetype:2.1.8_rc1", "cpe:/a:freetype:freetype:2.4.7", "cpe:/a:freetype:freetype:2.3.1", "cpe:/a:freetype:freetype:2.3.0", "cpe:/a:freetype:freetype:2.0.1", "cpe:/a:freetype:freetype:2.4.0", "cpe:/a:freetype:freetype:1.3.1", "cpe:/a:freetype:freetype:2.0.2", "cpe:/a:freetype:freetype:2.1.3", "cpe:/a:freetype:freetype:2.3.8", "cpe:/a:freetype:freetype:2.4.10", "cpe:/a:freetype:freetype:2.0", "cpe:/a:freetype:freetype:2.0.3", "cpe:/a:freetype:freetype:2.1.7", "cpe:/a:freetype:freetype:2.3.12", "cpe:/a:freetype:freetype:2.4.5", "cpe:/a:freetype:freetype:2.0.5"], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5668", "id": "CVE-2012-5668", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-04-18T15:53:34", "references": ["http://www.securitytracker.com/id?1027921", "http://lists.opensuse.org/opensuse-updates/2013-01/msg00068.html", "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=07bdb6e289c7954e2a533039dc93c1c136099d2d", "http://rhn.redhat.com/errata/RHSA-2013-0216.html", "http://lists.opensuse.org/opensuse-updates/2013-01/msg00056.html", "http://www.freetype.org/", "http://www.ubuntu.com/usn/USN-1686-1", "http://lists.opensuse.org/opensuse-updates/2013-01/msg00078.html", "https://savannah.nongnu.org/bugs/?37906", "http://www.openwall.com/lists/oss-security/2012/12/25/2", "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.520186"], "edition": 2, "description": "The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to BDF fonts and an incorrect calculation that triggers an out-of-bounds read.", "reporter": "NVD", "published": "2013-01-24T16:55:01", "title": "CVE-2012-5669", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "cve", "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2012-5669"], "scanner": [], "modified": "2016-12-06T22:00:11", "cpe": ["cpe:/a:freetype:freetype:2.4.3", "cpe:/a:freetype:freetype:2.3.4", "cpe:/a:freetype:freetype:2.4.8", "cpe:/a:freetype:freetype:2.0.6", "cpe:/a:freetype:freetype:2.4.4", "cpe:/a:freetype:freetype:2.1", "cpe:/a:freetype:freetype:2.3.7", "cpe:/a:freetype:freetype:2.0.9", "cpe:/a:freetype:freetype:2.2.1", "cpe:/a:freetype:freetype:2.4.2", "cpe:/a:freetype:freetype:2.1.9", "cpe:/a:freetype:freetype:2.1.4", "cpe:/a:freetype:freetype:2.3.5", "cpe:/a:freetype:freetype:2.3.10", "cpe:/a:freetype:freetype:2.3.11", "cpe:/a:freetype:freetype:2.2", "cpe:/a:freetype:freetype:2.1.6", "cpe:/a:freetype:freetype:2.4.9", "cpe:/a:freetype:freetype:2.0.7", "cpe:/a:freetype:freetype:2.3.6", "cpe:/a:freetype:freetype:2.4.6", "cpe:/a:freetype:freetype:2.1.8", "cpe:/a:freetype:freetype:2.1.5", "cpe:/a:freetype:freetype:2.3.3", "cpe:/a:freetype:freetype:2.3.9", "cpe:/a:freetype:freetype:2.0.8", "cpe:/a:freetype:freetype:2.1.10", "cpe:/a:freetype:freetype:2.0.4", "cpe:/a:freetype:freetype:2.3.2", "cpe:/a:freetype:freetype:2.1.8:rc1", "cpe:/a:freetype:freetype:2.4.1", "cpe:/a:freetype:freetype:2.1.8_rc1", "cpe:/a:freetype:freetype:2.4.7", "cpe:/a:freetype:freetype:2.3.1", "cpe:/a:freetype:freetype:2.3.0", "cpe:/a:freetype:freetype:2.0.1", "cpe:/a:freetype:freetype:2.4.0", "cpe:/a:freetype:freetype:1.3.1", "cpe:/a:freetype:freetype:2.0.2", "cpe:/a:freetype:freetype:2.1.3", "cpe:/a:freetype:freetype:2.3.8", "cpe:/a:freetype:freetype:2.4.10", "cpe:/a:freetype:freetype:2.0", "cpe:/a:freetype:freetype:2.0.3", "cpe:/a:freetype:freetype:2.1.7", "cpe:/a:freetype:freetype:2.3.12", "cpe:/a:freetype:freetype:2.4.5", "cpe:/a:freetype:freetype:2.0.5"], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5669", "id": "CVE-2012-5669", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:09:08", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2012-5669", "https://people.canonical.com/~ubuntu-security/cve/CVE-2012-5670", "https://people.canonical.com/~ubuntu-security/cve/CVE-2012-5668"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "12.10", "packageVersion": "2.4.10-0ubuntu1.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libfreetype6", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "2.3.11-1ubuntu2.7", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libfreetype6", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "2.4.8-1ubuntu2.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libfreetype6", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "11.10", "packageVersion": "2.4.4-2ubuntu1.3", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libfreetype6", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "8.04", "packageVersion": "2.3.5-1ubuntu4.8.04.10", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libfreetype6", "operator": "lt"}], "description": "Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed BDF font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges.", "edition": 3, "reporter": "Ubuntu", "published": "2013-01-14T00:00:00", "title": "FreeType vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2012-5670", "CVE-2012-5669", "CVE-2012-5668"], "modified": "2013-01-14T00:00:00", "id": "USN-1686-1", "href": "https://usn.ubuntu.com/1686-1/", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:50", "references": ["https://vulners.com/securityvulns/securityvulns:doc:28962"], "description": "Multiple vulnerabilities on BDF fonts parsing.", "edition": 1, "reporter": "BUGTRAQ", "published": "2013-01-14T00:00:00", "title": "FreeType security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:50", "vector": "NONE", "value": 10.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "FreeType", "version": "2.4", "operator": "eq"}], "cvelist": ["CVE-2012-5670", "CVE-2012-5669", "CVE-2012-5668"], "modified": "2013-01-14T00:00:00", "id": "SECURITYVULNS:VULN:12834", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12834", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:46", "references": [], "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-1686-1\r\nJanuary 14, 2013\r\n\r\nfreetype vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 12.10\r\n- Ubuntu 12.04 LTS\r\n- Ubuntu 11.10\r\n- Ubuntu 10.04 LTS\r\n- Ubuntu 8.04 LTS\r\n\r\nSummary:\r\n\r\nFreeType could be made to crash or run programs as your login if it opened\r\na specially crafted file.\r\n\r\nSoftware Description:\r\n- freetype: FreeType 2 is a font engine library\r\n\r\nDetails:\r\n\r\nMateusz Jurczyk discovered that FreeType did not correctly handle certain\r\nmalformed BDF font files. If a user were tricked into using a specially\r\ncrafted font file, a remote attacker could cause FreeType to crash or\r\npossibly execute arbitrary code with user privileges.\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 12.10:\r\n libfreetype6 2.4.10-0ubuntu1.1\r\n\r\nUbuntu 12.04 LTS:\r\n libfreetype6 2.4.8-1ubuntu2.1\r\n\r\nUbuntu 11.10:\r\n libfreetype6 2.4.4-2ubuntu1.3\r\n\r\nUbuntu 10.04 LTS:\r\n libfreetype6 2.3.11-1ubuntu2.7\r\n\r\nUbuntu 8.04 LTS:\r\n libfreetype6 2.3.5-1ubuntu4.8.04.10\r\n\r\nAfter a standard system update you need to restart your session to make all\r\nthe necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-1686-1\r\n CVE-2012-5668, CVE-2012-5669, CVE-2012-5670\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/freetype/2.4.10-0ubuntu1.1\r\n https://launchpad.net/ubuntu/+source/freetype/2.4.8-1ubuntu2.1\r\n https://launchpad.net/ubuntu/+source/freetype/2.4.4-2ubuntu1.3\r\n https://launchpad.net/ubuntu/+source/freetype/2.3.11-1ubuntu2.7\r\n https://launchpad.net/ubuntu/+source/freetype/2.3.5-1ubuntu4.8.04.10\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2013-01-14T00:00:00", "title": "[USN-1686-1] FreeType vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:46", "vector": "NONE", "value": 9.3}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2012-5670", "CVE-2012-5669", "CVE-2012-5668"], "modified": "2013-01-14T00:00:00", "id": "SECURITYVULNS:DOC:28962", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28962", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "slackware": [{"lastseen": "2018-08-31T02:36:34", "references": [], "affectedPackage": [{"OS": "Slackware", "OSVersion": "12.2", "packageVersion": "2.4.11", "arch": "i486", "packageFilename": "freetype-2.4.11-i486-1_slack12.2.tgz", "packageName": "freetype", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.0", "packageVersion": "2.4.11", "arch": "x86_64", "packageFilename": "freetype-2.4.11-x86_64-1_slack14.0.txz", "packageName": "freetype", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.1", "packageVersion": "2.4.11", "arch": "i486", "packageFilename": "freetype-2.4.11-i486-1_slack13.1.txz", "packageName": "freetype", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.37", "packageVersion": "2.4.11", "arch": "i486", "packageFilename": "freetype-2.4.11-i486-1_slack13.37.txz", "packageName": "freetype", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.1", "packageVersion": "2.4.11", "arch": "x86_64", "packageFilename": "freetype-2.4.11-x86_64-1_slack13.1.txz", "packageName": "freetype", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.0", "packageVersion": "2.4.11", "arch": "i486", "packageFilename": "freetype-2.4.11-i486-1_slack14.0.txz", "packageName": "freetype", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.0", "packageVersion": "2.4.11", "arch": "i486", "packageFilename": "freetype-2.4.11-i486-1_slack13.0.txz", "packageName": "freetype", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.37", "packageVersion": "2.4.11", "arch": "x86_64", "packageFilename": "freetype-2.4.11-x86_64-1_slack13.37.txz", "packageName": "freetype", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.0", "packageVersion": "2.4.11", "arch": "x86_64", "packageFilename": "freetype-2.4.11-x86_64-1_slack13.0.txz", "packageName": "freetype", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "12.1", "packageVersion": "2.4.11", "arch": "i486", "packageFilename": "freetype-2.4.11-i486-1_slack12.1.tgz", "packageName": "freetype", "operator": "lt"}], "description": "New freetype packages are available for Slackware 12.1, 12.2, 13.0, 13.1,\n13.37, 14.0, and -current to fix security issues.\n\n\nHere are the details from the Slackware 14.0 ChangeLog:\n\npatches/packages/freetype-2.4.11-i486-1_slack14.0.txz: Upgraded.\n This release fixes several security bugs that could cause freetype to\n crash or run programs upon opening a specially crafted file.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5668\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5669\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5670\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the &quot;Get Slack&quot; section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/freetype-2.4.11-i486-1_slack12.1.tgz\n\nUpdated package for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/freetype-2.4.11-i486-1_slack12.2.tgz\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/freetype-2.4.11-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/freetype-2.4.11-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/freetype-2.4.11-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/freetype-2.4.11-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/freetype-2.4.11-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/freetype-2.4.11-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/freetype-2.4.11-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/freetype-2.4.11-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/freetype-2.4.11-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/freetype-2.4.11-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 12.1 package:\n4d5295c13a8a4499d0adf3999b3de868 freetype-2.4.11-i486-1_slack12.1.tgz\n\nSlackware 12.2 package:\nfd6d0cb912feb28ca1e4ef5afaf4e374 freetype-2.4.11-i486-1_slack12.2.tgz\n\nSlackware 13.0 package:\n2d36e3d0feabecf05377265bba7fb212 freetype-2.4.11-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n396fbce466003efe9943b727c3fc8781 freetype-2.4.11-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\n9e3a839ad4e10824f5e3c4d4ab929787 freetype-2.4.11-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\ne4f445a443e2c35349f2862c69ac094e freetype-2.4.11-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\n9eae4d85099556bd0cf83b2421e751cd freetype-2.4.11-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\n0480a082207c0cd323c3937ac36e043a freetype-2.4.11-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\n5a105c177d2efc56ad13cac3a4e8da10 freetype-2.4.11-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\ne07e161d4b9018cc8b8d5cbb98c8b2c5 freetype-2.4.11-x86_64-1_slack14.0.txz\n\nSlackware -current package:\n10fa0b771447a25afe289f0e5f4785f6 l/freetype-2.4.11-i486-1.txz\n\nSlackware x86_64 -current package:\nd560da3a4928881d89d19ccdafd94e25 l/freetype-2.4.11-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg freetype-2.4.11-i486-1_slack14.0.txz", "edition": 3, "reporter": "Slackware Linux Project", "published": "2013-01-15T20:21:38", "title": "freetype", "type": "slackware", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2012-5670", "CVE-2012-5669", "CVE-2012-5668"], "modified": "2013-01-15T20:21:38", "id": "SSA-2013-015-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.520186", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "openvas": [{"lastseen": "2018-02-05T11:11:05", "references": ["http://www.ubuntu.com/usn/usn-1686-1/", "1686-1"], "pluginID": "841275", "description": "Check for the Version of freetype", "edition": 4, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-01-15T00:00:00", "title": "Ubuntu Update for freetype USN-1686-1", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5670", "CVE-2012-5669", "CVE-2012-5668"], "modified": "2018-02-03T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=841275", "id": "OPENVAS:841275", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1686_1.nasl 8650 2018-02-03 12:16:59Z teissa $\n#\n# Ubuntu Update for freetype USN-1686-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"freetype on Ubuntu 12.10 ,\n Ubuntu 12.04 LTS ,\n Ubuntu 11.10 ,\n Ubuntu 10.04 LTS ,\n Ubuntu 8.04 LTS\";\ntag_insight = \"Mateusz Jurczyk discovered that FreeType did not correctly handle certain\n malformed BDF font files. If a user were tricked into using a specially\n crafted font file, a remote attacker could cause FreeType to crash or\n possibly execute arbitrary code with user privileges.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1686-1/\");\n script_id(841275);\n script_version(\"$Revision: 8650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-02-03 13:16:59 +0100 (Sat, 03 Feb 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-15 18:07:52 +0530 (Tue, 15 Jan 2013)\");\n script_cve_id(\"CVE-2012-5668\", \"CVE-2012-5669\", \"CVE-2012-5670\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"USN\", value: \"1686-1\");\n script_name(\"Ubuntu Update for freetype USN-1686-1\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of freetype\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.4.8-1ubuntu2.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.4.4-2ubuntu1.3\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.3.11-1ubuntu2.7\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.3.5-1ubuntu4.8.04.10\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.4.10-0ubuntu1.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:56:34", "references": ["http://www.ubuntu.com/usn/usn-1686-1/", "1686-1"], "pluginID": "1361412562310841275", "description": "Check for the Version of freetype", "edition": 5, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-01-15T00:00:00", "title": "Ubuntu Update for freetype USN-1686-1", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5670", "CVE-2012-5669", "CVE-2012-5668"], "modified": "2018-08-17T00:00:00", "id": "OPENVAS:1361412562310841275", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841275", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1686_1.nasl 11037 2018-08-17 11:51:16Z cfischer $\n#\n# Ubuntu Update for freetype USN-1686-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\n\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1686-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.841275\");\n script_version(\"$Revision: 11037 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-08-17 13:51:16 +0200 (Fri, 17 Aug 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-15 18:07:52 +0530 (Tue, 15 Jan 2013)\");\n script_cve_id(\"CVE-2012-5668\", \"CVE-2012-5669\", \"CVE-2012-5670\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"USN\", value:\"1686-1\");\n script_name(\"Ubuntu Update for freetype USN-1686-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of freetype\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(12\\.04 LTS|11\\.10|10\\.04 LTS|8\\.04 LTS|12\\.10)\");\n script_tag(name:\"affected\", value:\"freetype on Ubuntu 12.10,\n Ubuntu 12.04 LTS,\n Ubuntu 11.10,\n Ubuntu 10.04 LTS,\n Ubuntu 8.04 LTS\");\n script_tag(name:\"insight\", value:\"Mateusz Jurczyk discovered that FreeType did not correctly handle certain\n malformed BDF font files. If a user were tricked into using a specially\n crafted font file, a remote attacker could cause FreeType to crash or\n possibly execute arbitrary code with user privileges.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.4.8-1ubuntu2.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.4.4-2ubuntu1.3\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.3.11-1ubuntu2.7\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.3.5-1ubuntu4.8.04.10\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.4.10-0ubuntu1.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:50:58", "references": ["https://security.gentoo.org/glsa/201402-16"], "pluginID": "1361412562310121147", "description": "Gentoo Linux Local Security Checks https://security.gentoo.org/glsa/201402-16", "edition": 5, "reporter": "Eero Volotinen", "published": "2015-09-29T00:00:00", "title": "Gentoo Linux Local Check: https://security.gentoo.org/glsa/201402-16", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5670", "CVE-2012-5669", "CVE-2012-5668"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310121147", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121147", "sourceData": "# OpenVAS Vulnerability Test\n# Description: Gentoo Linux security check\n# $Id: glsa-201402-16.nasl 9374 2018-04-06 08:58:12Z cfischer $\n\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\nif(description)\n {\nscript_oid(\"1.3.6.1.4.1.25623.1.0.121147\");\nscript_version(\"$Revision: 9374 $\");\nscript_tag(name:\"creation_date\", value:\"2015-09-29 11:26:53 +0300 (Tue, 29 Sep 2015)\");\nscript_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:58:12 +0200 (Fri, 06 Apr 2018) $\");\nscript_name(\"Gentoo Linux Local Check: https://security.gentoo.org/glsa/201402-16\");\nscript_tag(name: \"insight\", value: \"Multiple vulnerabilities have been discovered in FreeType. Please review the CVE identifiers referenced below for details.\"); \nscript_tag(name : \"solution\", value : \"update software\");\nscript_tag(name : \"solution_type\", value : \"VendorFix\");\nscript_xref(name : \"URL\" , value : \"https://security.gentoo.org/glsa/201402-16\");\nscript_cve_id(\"CVE-2012-5668\",\"CVE-2012-5669\",\"CVE-2012-5670\");\nscript_tag(name:\"cvss_base\", value:\"4.3\");\nscript_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\nscript_tag(name:\"qod_type\", value:\"package\");\nscript_dependencies(\"gather-package-list.nasl\");\nscript_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\nscript_category(ACT_GATHER_INFO);\nscript_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks https://security.gentoo.org/glsa/201402-16\");\nscript_copyright(\"Eero Volotinen\");\nscript_family(\"Gentoo Local Security Checks\");\nexit(0);\n}\ninclude(\"revisions-lib.inc\");\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"media-libs/freetype\", unaffected: make_list(\"ge 2.4.11\"), vulnerable: make_list(\"lt 2.4.11\"))) != NULL) {\n\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:52:12", "references": ["2013:0216", "http://lists.centos.org/pipermail/centos-announce/2013-January/019217.html"], "pluginID": "881584", "description": "Check for the Version of freetype", "edition": 2, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-02-04T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "CentOS Update for freetype CESA-2013:0216 centos5 ", "type": "openvas", "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5669"], "modified": "2017-07-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=881584", "id": "OPENVAS:881584", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for freetype CESA-2013:0216 centos5 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"FreeType is a free, high-quality, portable font engine that can open and\n manage font files. It also loads, hints, and renders individual glyphs\n efficiently.\n\n A flaw was found in the way the FreeType font rendering engine processed\n certain Glyph Bitmap Distribution Format (BDF) fonts. If a user loaded a\n specially-crafted font file with an application linked against FreeType, it\n could cause the application to crash or, possibly, execute arbitrary code\n with the privileges of the user running the application. (CVE-2012-5669)\n \n Users are advised to upgrade to these updated packages, which contain a\n backported patch to correct this issue. The X server must be restarted (log\n out, then log back in) for this update to take effect.\";\n\n\ntag_affected = \"freetype on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2013-January/019217.html\");\n script_id(881584);\n script_version(\"$Revision: 6655 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:48:58 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-04 09:54:44 +0530 (Mon, 04 Feb 2013)\");\n script_cve_id(\"CVE-2012-5669\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2013:0216\");\n script_name(\"CentOS Update for freetype CESA-2013:0216 centos5 \");\n\n script_summary(\"Check for the Version of freetype\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.2.1~32.el5_9.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.2.1~32.el5_9.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.2.1~32.el5_9.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:57:42", "references": ["2013:0216", "http://lists.centos.org/pipermail/centos-announce/2013-February/019224.html"], "pluginID": "1361412562310881589", "description": "Check for the Version of freetype", "edition": 3, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-02-04T00:00:00", "title": "CentOS Update for freetype CESA-2013:0216 centos6 ", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5669"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310881589", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881589", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for freetype CESA-2013:0216 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"FreeType is a free, high-quality, portable font engine that can open and\n manage font files. It also loads, hints, and renders individual glyphs\n efficiently.\n\n A flaw was found in the way the FreeType font rendering engine processed\n certain Glyph Bitmap Distribution Format (BDF) fonts. If a user loaded a\n specially-crafted font file with an application linked against FreeType, it\n could cause the application to crash or, possibly, execute arbitrary code\n with the privileges of the user running the application. (CVE-2012-5669)\n \n Users are advised to upgrade to these updated packages, which contain a\n backported patch to correct this issue. The X server must be restarted (log\n out, then log back in) for this update to take effect.\";\n\n\ntag_affected = \"freetype on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2013-February/019224.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881589\");\n script_version(\"$Revision: 9353 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:14:20 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-04 09:55:19 +0530 (Mon, 04 Feb 2013)\");\n script_cve_id(\"CVE-2012-5669\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2013:0216\");\n script_name(\"CentOS Update for freetype CESA-2013:0216 centos6 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of freetype\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.3.11~14.el6_3.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.3.11~14.el6_3.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.3.11~14.el6_3.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-19T15:09:15", "references": ["2013:0216", "http://lists.centos.org/pipermail/centos-announce/2013-February/019224.html"], "pluginID": "881589", "description": "Check for the Version of freetype", "edition": 3, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-02-04T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "CentOS Update for freetype CESA-2013:0216 centos6 ", "type": "openvas", "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5669"], "modified": "2018-01-19T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=881589", "id": "OPENVAS:881589", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for freetype CESA-2013:0216 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"FreeType is a free, high-quality, portable font engine that can open and\n manage font files. It also loads, hints, and renders individual glyphs\n efficiently.\n\n A flaw was found in the way the FreeType font rendering engine processed\n certain Glyph Bitmap Distribution Format (BDF) fonts. If a user loaded a\n specially-crafted font file with an application linked against FreeType, it\n could cause the application to crash or, possibly, execute arbitrary code\n with the privileges of the user running the application. (CVE-2012-5669)\n \n Users are advised to upgrade to these updated packages, which contain a\n backported patch to correct this issue. The X server must be restarted (log\n out, then log back in) for this update to take effect.\";\n\n\ntag_affected = \"freetype on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2013-February/019224.html\");\n script_id(881589);\n script_version(\"$Revision: 8466 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-19 07:58:30 +0100 (Fri, 19 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-04 09:55:19 +0530 (Mon, 04 Feb 2013)\");\n script_cve_id(\"CVE-2012-5669\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2013:0216\");\n script_name(\"CentOS Update for freetype CESA-2013:0216 centos6 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of freetype\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.3.11~14.el6_3.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.3.11~14.el6_3.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.3.11~14.el6_3.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:56:58", "references": ["https://alas.aws.amazon.com/ALAS-2013-150.html"], "pluginID": "1361412562310120232", "description": "Amazon Linux Local Security Checks", "edition": 4, "reporter": "Eero Volotinen", "published": "2015-09-08T00:00:00", "title": "Amazon Linux Local Check: ALAS-2013-150", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Amazon Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5669"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:1361412562310120232", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120232", "sourceData": "# OpenVAS Vulnerability Test \n# Description: Amazon Linux security check \n# $Id: alas-2013-150.nasl 6577 2017-07-06 13:43:46Z cfischer $\n \n# Authors: \n# Eero Volotinen <eero.volotinen@iki.fi> \n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://ping-viini.org \n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\nif(description)\n {\nscript_oid(\"1.3.6.1.4.1.25623.1.0.120232\");\nscript_version(\"$Revision: 6577 $\");\nscript_tag(name:\"creation_date\", value:\"2015-09-08 13:20:59 +0200 (Tue, 08 Sep 2015)\");\nscript_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:43:46 +0200 (Thu, 06 Jul 2017) $\");\nscript_name(\"Amazon Linux Local Check: ALAS-2013-150\");\nscript_tag(name: \"insight\", value: \"A flaw was found in the way the FreeType font rendering engine processed certain Glyph Bitmap Distribution Format (BDF) fonts. If a user loaded a specially-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2012-5669 )\"); \nscript_tag(name : \"solution\", value : \"Run yum update freetype to update your system.\");\nscript_tag(name : \"solution_type\", value : \"VendorFix\");\nscript_xref(name : \"URL\" , value : \"https://alas.aws.amazon.com/ALAS-2013-150.html\");\nscript_cve_id(\"CVE-2012-5669\");\nscript_tag(name:\"cvss_base\", value:\"4.3\");\nscript_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\nscript_tag(name:\"qod_type\", value:\"package\");\nscript_dependencies(\"gather-package-list.nasl\");\nscript_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\nscript_category(ACT_GATHER_INFO);\nscript_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\nscript_copyright(\"Eero Volotinen\");\nscript_family(\"Amazon Linux Local Security Checks\");\nexit(0);\n}\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\nrelease = get_kb_item(\"ssh/login/release\");\nres = \"\";\nif(release == NULL)\n{\n exit(0);\n}\nif(release == \"AMAZON\")\n{\nif ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.3.11~14.13.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"freetype-debuginfo\", rpm:\"freetype-debuginfo~2.3.11~14.13.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.3.11~14.13.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.3.11~14.13.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99); #Not vulnerable\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-19T15:08:47", "references": ["2013:0216-01", "https://www.redhat.com/archives/rhsa-announce/2013-January/msg00063.html"], "pluginID": "870901", "description": "Check for the Version of freetype", "edition": 3, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-02-04T00:00:00", "title": "RedHat Update for freetype RHSA-2013:0216-01", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5669"], "modified": "2018-01-19T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870901", "id": "OPENVAS:870901", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for freetype RHSA-2013:0216-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"FreeType is a free, high-quality, portable font engine that can open and\n manage font files. It also loads, hints, and renders individual glyphs\n efficiently.\n\n A flaw was found in the way the FreeType font rendering engine processed\n certain Glyph Bitmap Distribution Format (BDF) fonts. If a user loaded a\n specially-crafted font file with an application linked against FreeType, it\n could cause the application to crash or, possibly, execute arbitrary code\n with the privileges of the user running the application. (CVE-2012-5669)\n\n Users are advised to upgrade to these updated packages, which contain a\n backported patch to correct this issue. The X server must be restarted (log\n out, then log back in) for this update to take effect.\";\n\n\ntag_affected = \"freetype on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2013-January/msg00063.html\");\n script_id(870901);\n script_version(\"$Revision: 8466 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-19 07:58:30 +0100 (Fri, 19 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-04 09:54:23 +0530 (Mon, 04 Feb 2013)\");\n script_cve_id(\"CVE-2012-5669\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"RHSA\", value: \"2013:0216-01\");\n script_name(\"RedHat Update for freetype RHSA-2013:0216-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of freetype\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.3.11~14.el6_3.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-debuginfo\", rpm:\"freetype-debuginfo~2.3.11~14.el6_3.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.3.11~14.el6_3.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.2.1~32.el5_9.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-debuginfo\", rpm:\"freetype-debuginfo~2.2.1~32.el5_9.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.2.1~32.el5_9.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.2.1~32.el5_9.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:57:44", "references": ["2013:0216-01", "https://www.redhat.com/archives/rhsa-announce/2013-January/msg00063.html"], "pluginID": "1361412562310870901", "description": "Check for the Version of freetype", "edition": 3, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-02-04T00:00:00", "title": "RedHat Update for freetype RHSA-2013:0216-01", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5669"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310870901", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870901", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for freetype RHSA-2013:0216-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"FreeType is a free, high-quality, portable font engine that can open and\n manage font files. It also loads, hints, and renders individual glyphs\n efficiently.\n\n A flaw was found in the way the FreeType font rendering engine processed\n certain Glyph Bitmap Distribution Format (BDF) fonts. If a user loaded a\n specially-crafted font file with an application linked against FreeType, it\n could cause the application to crash or, possibly, execute arbitrary code\n with the privileges of the user running the application. (CVE-2012-5669)\n\n Users are advised to upgrade to these updated packages, which contain a\n backported patch to correct this issue. The X server must be restarted (log\n out, then log back in) for this update to take effect.\";\n\n\ntag_affected = \"freetype on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2013-January/msg00063.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870901\");\n script_version(\"$Revision: 9353 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:14:20 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-04 09:54:23 +0530 (Mon, 04 Feb 2013)\");\n script_cve_id(\"CVE-2012-5669\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"RHSA\", value: \"2013:0216-01\");\n script_name(\"RedHat Update for freetype RHSA-2013:0216-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of freetype\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.3.11~14.el6_3.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-debuginfo\", rpm:\"freetype-debuginfo~2.3.11~14.el6_3.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.3.11~14.el6_3.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.2.1~32.el5_9.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-debuginfo\", rpm:\"freetype-debuginfo~2.2.1~32.el5_9.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.2.1~32.el5_9.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.2.1~32.el5_9.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-02-05T11:11:17", "references": ["2013-1492", "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098256.html"], "pluginID": "865327", "description": "Check for the Version of freetype", "edition": 3, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-02-08T00:00:00", "title": "Fedora Update for freetype FEDORA-2013-1492", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5669"], "modified": "2018-02-03T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=865327", "id": "OPENVAS:865327", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for freetype FEDORA-2013-1492\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"freetype on Fedora 18\";\ntag_insight = \"The FreeType engine is a free and portable font rendering\n engine, developed to provide advanced font support for a variety of\n platforms and environments. FreeType is a library which can open and\n manages font files as well as efficiently load, hint and render\n individual glyphs. FreeType is not a font server or a complete\n text-rendering library.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098256.html\");\n script_id(865327);\n script_version(\"$Revision: 8650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-02-03 13:16:59 +0100 (Sat, 03 Feb 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-08 10:15:28 +0530 (Fri, 08 Feb 2013)\");\n script_cve_id(\"CVE-2012-5669\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2013-1492\");\n script_name(\"Fedora Update for freetype FEDORA-2013-1492\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of freetype\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.4.10~3.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "nessus": [{"lastseen": "2018-09-01T23:43:47", "references": ["https://security.gentoo.org/glsa/201402-16"], "pluginID": "72453", "description": "The remote host is affected by the vulnerability described in GLSA-201402-16 (FreeType: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in FreeType. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A context-dependent attacker could entice a user to open a specially crafted font, possibly resulting in execution of arbitrary code with the privileges of the user running the application, or a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time.", "edition": 5, "reporter": "Tenable", "published": "2014-02-12T00:00:00", "title": "GLSA-201402-16 : FreeType: Multiple vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5670", "CVE-2012-5669", "CVE-2012-5668"], "modified": "2018-07-12T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:freetype", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201402-16.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=72453", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201402-16.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(72453);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/07/12 19:01:15\");\n\n script_cve_id(\"CVE-2012-5668\", \"CVE-2012-5669\", \"CVE-2012-5670\");\n script_bugtraq_id(57041);\n script_xref(name:\"GLSA\", value:\"201402-16\");\n\n script_name(english:\"GLSA-201402-16 : FreeType: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201402-16\n(FreeType: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in FreeType. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A context-dependent attacker could entice a user to open a specially\n crafted font, possibly resulting in execution of arbitrary code with the\n privileges of the user running the application, or a Denial of Service\n condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201402-16\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Freetype users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/freetype-2.4.11'\n Packages which depend on this library may need to be recompiled. Tools\n such as revdep-rebuild may assist in identifying these packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-libs/freetype\", unaffected:make_list(\"ge 2.4.11\"), vulnerable:make_list(\"lt 2.4.11\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"FreeType\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:10:47", "references": ["http://www.nessus.org/u?e983120e"], "pluginID": "63555", "description": "New freetype packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix security issues.", "edition": 4, "reporter": "Tenable", "published": "2013-01-16T00:00:00", "title": "Slackware 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / 14.0 / current : freetype (SSA:2013-015-01)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Slackware Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5670", "CVE-2012-5669", "CVE-2012-5668"], "modified": "2014-02-13T00:00:00", "cpe": ["cpe:/o:slackware:slackware_linux:13.37", "cpe:/o:slackware:slackware_linux:14.0", "p-cpe:/a:slackware:slackware_linux:freetype", "cpe:/o:slackware:slackware_linux:12.2", "cpe:/o:slackware:slackware_linux:13.0", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:12.1", "cpe:/o:slackware:slackware_linux:13.1"], "id": "SLACKWARE_SSA_2013-015-01.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=63555", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2013-015-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(63555);\n script_version(\"$Revision: 1.5 $\");\n script_cvs_date(\"$Date: 2014/02/13 14:10:08 $\");\n\n script_cve_id(\"CVE-2012-5668\", \"CVE-2012-5669\", \"CVE-2012-5670\");\n script_bugtraq_id(57041);\n script_xref(name:\"SSA\", value:\"2013-015-01\");\n\n script_name(english:\"Slackware 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / 14.0 / current : freetype (SSA:2013-015-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New freetype packages are available for Slackware 12.1, 12.2, 13.0,\n13.1, 13.37, 14.0, and -current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.520186\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e983120e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freetype package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.37\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"12.1\", pkgname:\"freetype\", pkgver:\"2.4.11\", pkgarch:\"i486\", pkgnum:\"1_slack12.1\")) flag++;\n\nif (slackware_check(osver:\"12.2\", pkgname:\"freetype\", pkgver:\"2.4.11\", pkgarch:\"i486\", pkgnum:\"1_slack12.2\")) flag++;\n\nif (slackware_check(osver:\"13.0\", pkgname:\"freetype\", pkgver:\"2.4.11\", pkgarch:\"i486\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"freetype\", pkgver:\"2.4.11\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.0\")) flag++;\n\nif (slackware_check(osver:\"13.1\", pkgname:\"freetype\", pkgver:\"2.4.11\", pkgarch:\"i486\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"freetype\", pkgver:\"2.4.11\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.1\")) flag++;\n\nif (slackware_check(osver:\"13.37\", pkgname:\"freetype\", pkgver:\"2.4.11\", pkgarch:\"i486\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"freetype\", pkgver:\"2.4.11\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.37\")) flag++;\n\nif (slackware_check(osver:\"14.0\", pkgname:\"freetype\", pkgver:\"2.4.11\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"freetype\", pkgver:\"2.4.11\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"freetype\", pkgver:\"2.4.11\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"freetype\", pkgver:\"2.4.11\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:47:16", "references": ["http://lists.opensuse.org/opensuse-updates/2013-01/msg00056.html"], "pluginID": "75015", "description": "- BNC#795826, CVE-2012-5668.patch [bdf] Fix Savannah bug #37905.\n\n - src/bdf/bdflib.c (_bdf_parse_start): Reset `props_size' to zero in case of allocation error; this value gets used in a loop in\n\n - BNC#795826, CVE-2012-5669.patch [bdf] Fix Savannah bug #37906.\n\n - src/bdf/bdflib.c (_bdf_parse_glyphs): Use correct array size for checking `glyph_enc'.\n\n - BNC#795826, CVE-2012-5670.patch [bdf] Fix Savannah bug #37907.\n\n - src/bdf/bdflib.c (_bdf_parse_glyphs) <ENCODING>:\n Normalize negative second parameter of `ENCODING' field also.", "edition": 5, "reporter": "Tenable", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : freetype2 (openSUSE-SU-2013:0165-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5670", "CVE-2012-5669", "CVE-2012-5668"], "modified": "2018-07-16T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:freetype2-devel-32bit", "p-cpe:/a:novell:opensuse:freetype2-debugsource", "p-cpe:/a:novell:opensuse:libfreetype6-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libfreetype6-debuginfo", "p-cpe:/a:novell:opensuse:libfreetype6", "p-cpe:/a:novell:opensuse:ft2demos-debugsource", "p-cpe:/a:novell:opensuse:ft2demos", "p-cpe:/a:novell:opensuse:freetype2-devel", "p-cpe:/a:novell:opensuse:ft2demos-debuginfo", "p-cpe:/a:novell:opensuse:libfreetype6-32bit", "cpe:/o:novell:opensuse:12.2"], "id": "OPENSUSE-2013-44.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=75015", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-44.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75015);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/07/16 14:09:14\");\n\n script_cve_id(\"CVE-2012-5668\", \"CVE-2012-5669\", \"CVE-2012-5670\");\n\n script_name(english:\"openSUSE Security Update : freetype2 (openSUSE-SU-2013:0165-1)\");\n script_summary(english:\"Check for the openSUSE-2013-44 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - BNC#795826, CVE-2012-5668.patch [bdf] Fix Savannah bug\n #37905.\n\n - src/bdf/bdflib.c (_bdf_parse_start): Reset `props_size'\n to zero in case of allocation error; this value gets\n used in a loop in\n\n - BNC#795826, CVE-2012-5669.patch [bdf] Fix Savannah bug\n #37906.\n\n - src/bdf/bdflib.c (_bdf_parse_glyphs): Use correct array\n size for checking `glyph_enc'.\n\n - BNC#795826, CVE-2012-5670.patch [bdf] Fix Savannah bug\n #37907.\n\n - src/bdf/bdflib.c (_bdf_parse_glyphs) <ENCODING>:\n Normalize negative second parameter of `ENCODING' field\n also.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.opensuse.org/opensuse-updates/2013-01/msg00056.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freetype2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freetype2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freetype2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freetype2-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ft2demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ft2demos-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ft2demos-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreetype6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreetype6-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreetype6-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreetype6-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.2\", reference:\"freetype2-debugsource-2.4.9-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"freetype2-devel-2.4.9-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"ft2demos-2.4.9-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"ft2demos-debuginfo-2.4.9-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"ft2demos-debugsource-2.4.9-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libfreetype6-2.4.9-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libfreetype6-debuginfo-2.4.9-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"freetype2-devel-32bit-2.4.9-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libfreetype6-32bit-2.4.9-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libfreetype6-debuginfo-32bit-2.4.9-4.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype2-debugsource / freetype2-devel / freetype2-devel-32bit / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:50:40", "references": [], "pluginID": "63536", "description": "Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed BDF font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "reporter": "Tenable", "published": "2013-01-15T00:00:00", "title": "Ubuntu 8.04 LTS / 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : freetype vulnerabilities (USN-1686-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5670", "CVE-2012-5669", "CVE-2012-5668"], "modified": "2018-08-01T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:11.10", "p-cpe:/a:canonical:ubuntu_linux:libfreetype6", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "cpe:/o:canonical:ubuntu_linux:12.10", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-1686-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=63536", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1686-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(63536);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/08/01 17:36:14\");\n\n script_cve_id(\"CVE-2012-5668\", \"CVE-2012-5669\", \"CVE-2012-5670\");\n script_bugtraq_id(57041);\n script_xref(name:\"USN\", value:\"1686-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : freetype vulnerabilities (USN-1686-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed BDF font files. If a user were tricked into using a\nspecially crafted font file, a remote attacker could cause FreeType to\ncrash or possibly execute arbitrary code with user privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libfreetype6 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libfreetype6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2018 Canonical, Inc. / NASL script (C) 2013-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(8\\.04|10\\.04|11\\.10|12\\.04|12\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 10.04 / 11.10 / 12.04 / 12.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libfreetype6\", pkgver:\"2.3.5-1ubuntu4.8.04.10\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libfreetype6\", pkgver:\"2.3.11-1ubuntu2.7\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"libfreetype6\", pkgver:\"2.4.4-2ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libfreetype6\", pkgver:\"2.4.8-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"libfreetype6\", pkgver:\"2.4.10-0ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libfreetype6\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:34:19", "references": ["http://www.nessus.org/u?b5f8def1", "http://www.nessus.org/u?002e043c"], "pluginID": "80614", "description": "The remote Solaris system is missing necessary patches to address security updates :\n\n - FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to BDF fonts and the improper handling of an 'allocation error' in the bdf_free_font function. (CVE-2012-5668)\n\n - The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to BDF fonts and an incorrect calculation that triggers an out-of-bounds read.\n (CVE-2012-5669)\n\n - The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) via vectors related to BDF fonts and an ENCODING field with a negative value. (CVE-2012-5670)", "edition": 4, "reporter": "Tenable", "published": "2015-01-19T00:00:00", "title": "Oracle Solaris Third-Party Patch Update : freetype (multiple_buffer_errors_vulnerabilities_in)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Solaris Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5670", "CVE-2012-5669", "CVE-2012-5668"], "modified": "2015-01-19T00:00:00", "cpe": ["p-cpe:/a:oracle:solaris:freetype", "cpe:/o:oracle:solaris:11.1"], "id": "SOLARIS11_FREETYPE_20140415.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=80614", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle Third Party software advisories.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80614);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2015/01/19 15:17:51 $\");\n\n script_cve_id(\"CVE-2012-5668\", \"CVE-2012-5669\", \"CVE-2012-5670\");\n\n script_name(english:\"Oracle Solaris Third-Party Patch Update : freetype (multiple_buffer_errors_vulnerabilities_in)\");\n script_summary(english:\"Check for the 'entire' version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch for third-party\nsoftware.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - FreeType before 2.4.11 allows context-dependent\n attackers to cause a denial of service (NULL pointer\n dereference and crash) via vectors related to BDF fonts\n and the improper handling of an 'allocation error' in\n the bdf_free_font function. (CVE-2012-5668)\n\n - The _bdf_parse_glyphs function in FreeType before 2.4.11\n allows context-dependent attackers to cause a denial of\n service (crash) and possibly execute arbitrary code via\n vectors related to BDF fonts and an incorrect\n calculation that triggers an out-of-bounds read.\n (CVE-2012-5669)\n\n - The _bdf_parse_glyphs function in FreeType before 2.4.11\n allows context-dependent attackers to cause a denial of\n service (out-of-bounds write and crash) via vectors\n related to BDF fonts and an ENCODING field with a\n negative value. (CVE-2012-5670)\"\n );\n # http://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b5f8def1\"\n );\n # https://blogs.oracle.com/sunsecurity/entry/multiple_buffer_errors_vulnerabilities_in\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?002e043c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Solaris 11.1.18.5.0.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:freetype\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\", \"Host/Solaris11/pkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\npkg_list = solaris_pkg_list_leaves();\nif (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, \"Solaris pkg-list packages\");\n\nif (empty_or_null(egrep(string:pkg_list, pattern:\"^freetype-\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype\");\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.1.18.0.5.0\", sru:\"SRU 11.1.18.5.0\") > 0) flag++;\n\nif (flag)\n{\n error_extra = 'Affected package : freetype\\n' + solaris_get_report2();\n error_extra = ereg_replace(pattern:\"version\", replace:\"OS version\", string:error_extra);\n if (report_verbosity > 0) security_warning(port:0, extra:error_extra);\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"freetype\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:34:05", "references": ["http://support.novell.com/security/cve/CVE-2012-5669.html", "https://bugzilla.novell.com/show_bug.cgi?id=795826", "http://support.novell.com/security/cve/CVE-2012-5668.html"], "pluginID": "64144", "description": "This update fixes :\n\n - OOB access in bdf_free_font() and _bdf_parse_glyphs() (CVE-2012-5668 / CVE-2012-5669) As well as the following non-security bugs :\n\n - [bdf] Savannah bug #37905.\n\n - src/bdf/bdflib.c (_bdf_parse_start): Reset `props_size' to zero in case of allocation error; this value gets used in a loop in\n\n - [bdf] Fix Savannah bug #37906.\n\n - src/bdf/bdflib.c (_bdf_parse_glyphs): Use correct array size for checking `glyph_enc'.", "edition": 4, "reporter": "Tenable", "published": "2013-01-25T00:00:00", "title": "SuSE 11.2 Security Update : freetype2 (SAT Patch Number 7232)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5669", "CVE-2012-5668"], "modified": "2013-10-25T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:freetype2", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:freetype2-devel", "p-cpe:/a:novell:suse_linux:11:freetype2-32bit", "p-cpe:/a:novell:suse_linux:11:ft2demos"], "id": "SUSE_11_FREETYPE2-130115.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=64144", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64144);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2013/10/25 23:46:53 $\");\n\n script_cve_id(\"CVE-2012-5668\", \"CVE-2012-5669\");\n\n script_name(english:\"SuSE 11.2 Security Update : freetype2 (SAT Patch Number 7232)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes :\n\n - OOB access in bdf_free_font() and _bdf_parse_glyphs()\n (CVE-2012-5668 / CVE-2012-5669) As well as the following\n non-security bugs :\n\n - [bdf] Savannah bug #37905.\n\n - src/bdf/bdflib.c (_bdf_parse_start): Reset `props_size'\n to zero in case of allocation error; this value gets\n used in a loop in\n\n - [bdf] Fix Savannah bug #37906.\n\n - src/bdf/bdflib.c (_bdf_parse_glyphs): Use correct array\n size for checking `glyph_enc'.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=795826\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-5668.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-5669.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 7232.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:freetype2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:freetype2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:freetype2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:ft2demos\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, \"SuSE 11.2\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"freetype2-2.3.7-25.32.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"freetype2-devel-2.3.7-25.32.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"ft2demos-2.3.7-25.32.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"freetype2-2.3.7-25.32.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"freetype2-32bit-2.3.7-25.32.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"freetype2-devel-2.3.7-25.32.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"ft2demos-2.3.7-25.32.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"freetype2-2.3.7-25.32.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"ft2demos-2.3.7-25.32.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"s390x\", reference:\"freetype2-32bit-2.3.7-25.32.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"freetype2-32bit-2.3.7-25.32.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:35:35", "references": [], "pluginID": "64504", "description": "Multiple vulnerabilities has been found and corrected in freetype2 :\n\nA NULL pointer de-reference flaw was found in the way Freetype font rendering engine handled Glyph bitmap distribution format (BDF) fonts.\nA remote attacker could provide a specially crafted BDF font file, which once processed in an application linked against FreeType would lead to that application crash (CVE-2012-5668).\n\nAn out-of heap-based buffer read flaw was found in the way FreeType font rendering engine performed parsing of glyph information and relevant bitmaps for glyph bitmap distribution format (BDF). A remote attacker could provide a specially crafted BDF font file, which once opened in an application linked against FreeType would lead to that application crash (CVE-2012-5669).\n\nThe updated packages have been patched to correct these issues.", "edition": 5, "reporter": "Tenable", "published": "2013-02-09T00:00:00", "title": "Mandriva Linux Security Advisory : freetype2 (MDVSA-2013:006)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Mandriva Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5669", "CVE-2012-5668"], "modified": "2018-07-19T00:00:00", "cpe": ["cpe:/o:mandriva:linux:2011", "p-cpe:/a:mandriva:linux:lib64freetype6", "p-cpe:/a:mandriva:linux:lib64freetype6-static-devel", "p-cpe:/a:mandriva:linux:freetype2-demos", "p-cpe:/a:mandriva:linux:libfreetype6", "p-cpe:/a:mandriva:linux:libfreetype6-devel", "p-cpe:/a:mandriva:linux:libfreetype6-static-devel", "p-cpe:/a:mandriva:linux:lib64freetype6-devel"], "id": "MANDRIVA_MDVSA-2013-006.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=64504", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2013:006. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64504);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/19 20:59:18\");\n\n script_cve_id(\"CVE-2012-5668\", \"CVE-2012-5669\");\n script_bugtraq_id(57041);\n script_xref(name:\"MDVSA\", value:\"2013:006\");\n\n script_name(english:\"Mandriva Linux Security Advisory : freetype2 (MDVSA-2013:006)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been found and corrected in freetype2 :\n\nA NULL pointer de-reference flaw was found in the way Freetype font\nrendering engine handled Glyph bitmap distribution format (BDF) fonts.\nA remote attacker could provide a specially crafted BDF font file,\nwhich once processed in an application linked against FreeType would\nlead to that application crash (CVE-2012-5668).\n\nAn out-of heap-based buffer read flaw was found in the way FreeType\nfont rendering engine performed parsing of glyph information and\nrelevant bitmaps for glyph bitmap distribution format (BDF). A remote\nattacker could provide a specially crafted BDF font file, which once\nopened in an application linked against FreeType would lead to that\napplication crash (CVE-2012-5669).\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:freetype2-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freetype6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freetype6-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freetype6-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libfreetype6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libfreetype6-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libfreetype6-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2011\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2011\", reference:\"freetype2-demos-2.4.5-2.4-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64freetype6-2.4.5-2.4-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64freetype6-devel-2.4.5-2.4-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64freetype6-static-devel-2.4.5-2.4-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libfreetype6-2.4.5-2.4-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libfreetype6-devel-2.4.5-2.4-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libfreetype6-static-devel-2.4.5-2.4-mdv2011.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:05:31", "references": ["http://lists.opensuse.org/opensuse-updates/2013-01/msg00068.html"], "pluginID": "75003", "description": "- new license string.\n\n - BNC#795826, CVE-2012-5668.patch\n\n - BNC#795826, CVE-2012-5669.patch [bdf] Fix Savannah bug #37906.\n\n - src/bdf/bdflib.c (_bdf_parse_glyphs): Use correct array size for checking `glyph_enc'.", "edition": 4, "reporter": "Tenable", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : freetype2 (openSUSE-SU-2013:0177-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5669", "CVE-2012-5668"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:freetype2-devel-32bit", "p-cpe:/a:novell:opensuse:freetype2-debugsource", "p-cpe:/a:novell:opensuse:libfreetype6-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libfreetype6-debuginfo", "cpe:/o:novell:opensuse:12.1", "p-cpe:/a:novell:opensuse:libfreetype6", "p-cpe:/a:novell:opensuse:freetype2-devel", "p-cpe:/a:novell:opensuse:libfreetype6-32bit"], "id": "OPENSUSE-2013-42.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=75003", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-42.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75003);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2014/06/13 21:09:13 $\");\n\n script_cve_id(\"CVE-2012-5668\", \"CVE-2012-5669\");\n\n script_name(english:\"openSUSE Security Update : freetype2 (openSUSE-SU-2013:0177-1)\");\n script_summary(english:\"Check for the openSUSE-2013-42 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - new license string.\n\n - BNC#795826, CVE-2012-5668.patch\n\n - BNC#795826, CVE-2012-5669.patch [bdf] Fix Savannah bug\n #37906.\n\n - src/bdf/bdflib.c (_bdf_parse_glyphs): Use correct array\n size for checking `glyph_enc'.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.opensuse.org/opensuse-updates/2013-01/msg00068.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freetype2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freetype2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freetype2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freetype2-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreetype6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreetype6-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreetype6-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreetype6-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"freetype2-debugsource-2.4.7-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"freetype2-devel-2.4.7-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libfreetype6-2.4.7-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libfreetype6-debuginfo-2.4.7-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"freetype2-devel-32bit-2.4.7-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libfreetype6-32bit-2.4.7-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libfreetype6-debuginfo-32bit-2.4.7-9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype2-debugsource / freetype2-devel / freetype2-devel-32bit / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:10:15", "references": ["http://support.novell.com/security/cve/CVE-2012-5668.html"], "pluginID": "64092", "description": "This update fixes :\n\n - OOB access in bdf_free_font() (CVE-2012-5668) As well as non-security bugs :\n\n - [bdf] Savannah bug #37905. o src/bdf/bdflib.c (_bdf_parse_start): Reset `props_size' to zero in case of allocation error; this value gets used in a loop in", "edition": 4, "reporter": "Tenable", "published": "2013-01-25T00:00:00", "title": "SuSE 10 Security Update : freetype2 (ZYPP Patch Number 8433)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5668"], "modified": "2013-01-27T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_FREETYPE2-8433.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=64092", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64092);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2013/01/27 01:13:33 $\");\n\n script_cve_id(\"CVE-2012-5668\");\n\n script_name(english:\"SuSE 10 Security Update : freetype2 (ZYPP Patch Number 8433)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes :\n\n - OOB access in bdf_free_font() (CVE-2012-5668) As well as\n non-security bugs :\n\n - [bdf] Savannah bug #37905. o src/bdf/bdflib.c\n (_bdf_parse_start): Reset `props_size' to zero in case\n of allocation error; this value gets used in a loop in\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-5668.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 8433.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"freetype2-2.1.10-18.31.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"freetype2-devel-2.1.10-18.31.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"ft2demos-2.1.10-19.31.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"freetype2-32bit-2.1.10-18.31.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"freetype2-devel-32bit-2.1.10-18.31.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"freetype2-2.1.10-18.31.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"freetype2-devel-2.1.10-18.31.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"ft2demos-2.1.10-19.31.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"freetype2-32bit-2.1.10-18.31.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"freetype2-devel-32bit-2.1.10-18.31.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:38:57", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=890088", "http://www.nessus.org/u?a99f13ee"], "pluginID": "64593", "description": "This update fixes CVE-2012-5669.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2013-02-13T00:00:00", "title": "Fedora 17 : freetype-2.4.8-4.fc17 (2013-1466)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5669"], "modified": "2015-10-19T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:17", "p-cpe:/a:fedoraproject:fedora:freetype"], "id": "FEDORA_2013-1466.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=64593", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-1466.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64593);\n script_version(\"$Revision: 1.7 $\");\n script_cvs_date(\"$Date: 2015/10/19 21:12:41 $\");\n\n script_cve_id(\"CVE-2012-5669\");\n script_bugtraq_id(57041);\n script_xref(name:\"FEDORA\", value:\"2013-1466\");\n\n script_name(english:\"Fedora 17 : freetype-2.4.8-4.fc17 (2013-1466)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes CVE-2012-5669.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=890088\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-February/098659.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a99f13ee\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freetype package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"freetype-2.4.8-4.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:47:00", "references": ["http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5670", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5669", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5668", "https://bugs.gentoo.org/show_bug.cgi?id=448550"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "2.4.11", "packageName": "media-libs/freetype", "packageFilename": "UNKNOWN", "arch": "all", "operator": "lt"}], "description": "### Background\n\nFreeType is a high-quality and portable font engine.\n\n### Description\n\nMultiple vulnerabilities have been discovered in FreeType. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA context-dependent attacker could entice a user to open a specially crafted font, possibly resulting in execution of arbitrary code with the privileges of the user running the application, or a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Freetype users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/freetype-2.4.11\"\n \n\nPackages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying these packages.", "edition": 1, "reporter": "Gentoo Foundation", "published": "2014-02-11T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "type": "gentoo", "title": "FreeType: Multiple vulnerabilities", "bulletinFamily": "unix", "cvelist": ["CVE-2012-5670", "CVE-2012-5669", "CVE-2012-5668"], "modified": "2014-02-11T00:00:00", "id": "GLSA-201402-16", "href": "https://security.gentoo.org/glsa/201402-16", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "f5": [{"lastseen": "2016-09-26T17:23:16", "references": ["https://support.f5.com/kb/en-us/solutions/public/13000/100/sol13123.html", "https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9970.html", "https://support.f5.com/kb/en-us/solutions/public/4000/900/sol4918.html", "https://support.f5.com/kb/en-us/solutions/public/9000/500/sol9502.html", "https://support.f5.com/kb/en-us/solutions/public/4000/600/sol4602.html", "https://support.f5.com/kb/en-us/solutions/public/10000/000/sol10025.html", "https://support.f5.com/kb/en-us/solutions/public/0000/100/sol167.html", "https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9957.html"], "edition": 1, "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable **column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x - 12.x)\n * SOL10025: Managing BIG-IP product hotfixes (10.x)\n * SOL9502: BIG-IP hotfix matrix\n", "reporter": "f5", "published": "2016-02-01T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "f5", "title": "SOL15095307 - BDF parsing vulnerability CVE-2012-5669", "bulletinFamily": "software", "affectedSoftware": [{"name": "BIG-IP PSM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP AAM", "version": "12.0.0", "operator": "le"}, {"name": "BIG-IP AFM", "version": "12.0.0", "operator": "le"}, {"name": "BIG-IP APM", "version": "12.0.0", "operator": "le"}, {"name": "BIG-IP Edge Gateway", "version": "11.3.0", "operator": "le"}, {"name": "BIG-IP Link Controller", "version": "11.4.1", "operator": "le"}, {"name": "Enterprise Manager", "version": "3.1.1", "operator": "le"}, {"name": "BIG-IP APM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP AFM", "version": "11.4.1", "operator": "le"}, {"name": "BIG-IP GTM", "version": "11.4.1", "operator": "le"}, {"name": "BIG-IP WebAccelerator", "version": "11.3.0", "operator": "le"}, {"name": "BIG-IP Analytics", "version": "12.0.0", "operator": "le"}, {"name": "BIG-IP LTM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP PSM", "version": "11.4.1", "operator": "le"}, {"name": "BIG-IP PEM", "version": "11.4.1", "operator": "le"}, {"name": "BIG-IP ASM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP WebAccelerator", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP PEM", "version": "12.0.0", "operator": "le"}, {"name": "BIG-IP LTM", "version": "11.4.1", "operator": "le"}, {"name": "BIG-IP DNS", "version": "12.0.0", "operator": "le"}, {"name": "BIG-IP Link Controller", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP Edge Gateway", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP Link Controller", "version": "12.0.0", "operator": "le"}, {"name": "BIG-IP WOM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP GTM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP LTM", "version": "12.0.0", "operator": "le"}, {"name": "BIG-IP WOM", "version": "11.3.0", "operator": "le"}, {"name": "ARX", "version": "6.4.0", "operator": "le"}, {"name": "BIG-IP ASM", "version": "11.4.1", "operator": "le"}, {"name": "BIG-IP APM", "version": "11.4.1", "operator": "le"}, {"name": "BIG-IP Analytics", "version": "11.4.1", "operator": "le"}, {"name": "BIG-IP ASM", "version": "12.0.0", "operator": "le"}, {"name": "BIG-IP AAM", "version": "11.4.1", "operator": "le"}], "cvelist": ["CVE-2012-5669"], "modified": "2016-08-16T00:00:00", "id": "SOL15095307", "href": "http://support.f5.com/kb/en-us/solutions/public/k/15/sol15095307.html", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-11-07T20:34:07", "references": [], "edition": 1, "description": "\nF5 Product Development has assigned ID 384002, ID 570430 (BIG-IP), ID 570513 (Enterprise Manager), and ID 513595 (ARX) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | 12.0.0 \n11.0.0 - 11.4.1 \n10.1.0 - 10.2.4 | 12.1.0 \n11.5.0 - 11.6.0 \n11.2.1 HF16 | Low | FreeType \nBIG-IP AAM | 12.0.0 \n11.4.0 - 11.4.1 | 12.1.0 \n11.5.0 - 11.6.0 | Low | FreeType \nBIG-IP AFM | 12.0.0 \n11.3.0 - 11.4.1 | 12.1.0 \n11.5.0 - 11.6.0 | Low | FreeType \nBIG-IP Analytics | 12.0.0 \n11.0.0 - 11.4.1 | 12.1.0 \n11.5.0 - 11.6.0 \n11.2.1 HF16 | Low | FreeType \nBIG-IP APM | 12.0.0 \n11.0.0 - 11.4.1 \n10.1.0 - 10.2.4 | 12.1.0 \n11.5.0 - 11.6.0 \n11.2.1 HF16 | Low | FreeType \nBIG-IP ASM | 12.0.0 \n11.0.0 - 11.4.1 \n10.1.0 - 10.2.4 | 12.1.0 \n11.5.0 - 11.6.0 \n11.2.1 HF16 | Low | FreeType \nBIG-IP DNS | 12.0.0 | 12.1.0 | Low | FreeType \nBIG-IP Edge Gateway | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 | 11.2.1 HF16 | Low | FreeType \nBIG-IP GTM | 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4 | 11.5.0 - 11.6.0 \n11.2.1 HF16 | Low | FreeType \nBIG-IP Link Controller | 12.0.0 \n11.0.0 - 11.4.1 \n10.1.0 - 10.2.4 | 12.1.0 \n11.5.0 - 11.6.0 \n11.2.1 HF16 | Low | FreeType \nBIG-IP PEM | 12.0.0 \n11.3.0 - 11.4.1 | 12.1.0 \n11.5.0 - 11.6.0 | Low | FreeType \nBIG-IP PSM | 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4 | 11.2.1 HF16 | Low | FreeType \nBIG-IP WebAccelerator | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 | 11.2.1 HF16 | Low | FreeType \nBIG-IP WOM | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 | 11.2.1 HF16 | Low | FreeType \nARX | 6.0.0 - 6.4.0 | None | Low | FreeType \nEnterprise Manager | 3.0.0 - 3.1.1 | None | Low | FreeType \nFirePass | None | 7.0.0 \n6.0.0 - 6.1.0 | Not vulnerable | None \nBIG-IQ Cloud | None | 4.0.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Device | None | 4.2.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Security | None | 4.0.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ ADC | None | 4.5.0 | Not vulnerable | None \nBIG-IQ Centralized Management | None | 4.6.0 | Not vulnerable | None \nBIG-IQ Cloud and Orchestration | None | 1.0.0 | Not vulnerable | None \nLineRate | None | 2.5.0 - 2.6.1 | Not vulnerable | None \nF5 WebSafe | None | 1.0.0 | Not vulnerable | None \nTraffix SDC | None | 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1 | Not vulnerable | None\n\nIf you are running a version listed in the **Versions known to be vulnerable **column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 12.x)](<https://support.f5.com/csp/article/K13123>)\n * [K10025: Managing BIG-IP product hotfixes (10.x)](<https://support.f5.com/csp/article/K10025>)\n * [K9502: BIG-IP hotfix matrix](<https://support.f5.com/csp/article/K9502>)\n", "reporter": "f5", "published": "2016-02-02T09:42:00", "type": "f5", "title": "BDF parsing vulnerability CVE-2012-5669", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2012-5669"], "modified": "2017-11-07T20:19:00", "href": "https://support.f5.com/csp/article/K15095307", "id": "F5:K15095307", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "amazon": [{"lastseen": "2016-09-28T21:03:58", "references": ["https://rhn.redhat.com/errata/RHSA-2013-0216.html"], "affectedPackage": [{"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.3.11-14.13", "arch": "x86_64", "packageFilename": "freetype-2.3.11-14.13.amzn1.x86_64", "packageName": "freetype", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.3.11-14.13", "arch": "x86_64", "packageFilename": "freetype-demos-2.3.11-14.13.amzn1.x86_64", "packageName": "freetype-demos", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.3.11-14.13", "arch": "i686", "packageFilename": "freetype-2.3.11-14.13.amzn1.i686", "packageName": "freetype", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.3.11-14.13", "arch": "x86_64", "packageFilename": "freetype-devel-2.3.11-14.13.amzn1.x86_64", "packageName": "freetype-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.3.11-14.13", "arch": "i686", "packageFilename": "freetype-demos-2.3.11-14.13.amzn1.i686", "packageName": "freetype-demos", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.3.11-14.13", "arch": "i686", "packageFilename": "freetype-debuginfo-2.3.11-14.13.amzn1.i686", "packageName": "freetype-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.3.11-14.13", "arch": "x86_64", "packageFilename": "freetype-debuginfo-2.3.11-14.13.amzn1.x86_64", "packageName": "freetype-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.3.11-14.13", "arch": "i686", "packageFilename": "freetype-devel-2.3.11-14.13.amzn1.i686", "packageName": "freetype-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.3.11-14.13", "arch": "src", "packageFilename": "freetype-2.3.11-14.13.amzn1.src", "packageName": "freetype", "operator": "lt"}], "edition": 1, "description": "**Issue Overview:**\n\nA flaw was found in the way the FreeType font rendering engine processed certain Glyph Bitmap Distribution Format (BDF) fonts. If a user loaded a specially-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. ([CVE-2012-5669 __](<https://access.redhat.com/security/cve/CVE-2012-5669>))\n\n \n**Affected Packages:** \n\n\nfreetype\n\n \n**Issue Correction:** \nRun _yum update freetype_ to update your system. \n\n \n**New Packages:**\n \n \n i686: \n freetype-devel-2.3.11-14.13.amzn1.i686 \n freetype-debuginfo-2.3.11-14.13.amzn1.i686 \n freetype-2.3.11-14.13.amzn1.i686 \n freetype-demos-2.3.11-14.13.amzn1.i686 \n \n src: \n freetype-2.3.11-14.13.amzn1.src \n \n x86_64: \n freetype-devel-2.3.11-14.13.amzn1.x86_64 \n freetype-2.3.11-14.13.amzn1.x86_64 \n freetype-demos-2.3.11-14.13.amzn1.x86_64 \n freetype-debuginfo-2.3.11-14.13.amzn1.x86_64 \n \n \n", "reporter": "Amazon", "published": "2013-02-03T12:34:00", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "type": "amazon", "title": "Important: freetype", "bulletinFamily": "unix", "cvelist": ["CVE-2012-5669"], "modified": "2014-09-14T17:22:00", "id": "ALAS-2013-150", "href": "https://alas.aws.amazon.com/ALAS-2013-150.html", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "redhat": [{"lastseen": "2018-06-12T21:10:34", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.2.1-32.el5_9.1", "arch": "i386", "packageName": "freetype-debuginfo", "packageFilename": "freetype-debuginfo-2.2.1-32.el5_9.1.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.2.1-32.el5_9.1", "arch": "x86_64", "packageName": "freetype-debuginfo", "packageFilename": "freetype-debuginfo-2.2.1-32.el5_9.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.2.1-32.el5_9.1", "arch": "src", "packageName": "freetype", "packageFilename": "freetype-2.2.1-32.el5_9.1.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.2.1-32.el5_9.1", "arch": "i386", "packageName": "freetype", "packageFilename": "freetype-2.2.1-32.el5_9.1.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.2.1-32.el5_9.1", "arch": "x86_64", "packageName": "freetype", "packageFilename": "freetype-2.2.1-32.el5_9.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.2.1-32.el5_9.1", "arch": "ppc64", "packageName": "freetype-debuginfo", "packageFilename": "freetype-debuginfo-2.2.1-32.el5_9.1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.2.1-32.el5_9.1", "arch": "ppc", "packageName": "freetype-debuginfo", "packageFilename": "freetype-debuginfo-2.2.1-32.el5_9.1.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.2.1-32.el5_9.1", "arch": "ppc", "packageName": "freetype", "packageFilename": "freetype-2.2.1-32.el5_9.1.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.2.1-32.el5_9.1", "arch": "ppc", "packageName": "freetype-demos", "packageFilename": "freetype-demos-2.2.1-32.el5_9.1.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.2.1-32.el5_9.1", "arch": "ppc64", "packageName": "freetype", "packageFilename": "freetype-2.2.1-32.el5_9.1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.2.1-32.el5_9.1", "arch": "ppc", "packageName": "freetype-devel", "packageFilename": "freetype-devel-2.2.1-32.el5_9.1.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.2.1-32.el5_9.1", "arch": "ppc64", "packageName": "freetype-devel", "packageFilename": "freetype-devel-2.2.1-32.el5_9.1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.2.1-32.el5_9.1", "arch": "s390x", "packageName": "freetype-debuginfo", "packageFilename": "freetype-debuginfo-2.2.1-32.el5_9.1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.2.1-32.el5_9.1", "arch": "s390", "packageName": "freetype-debuginfo", "packageFilename": "freetype-debuginfo-2.2.1-32.el5_9.1.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.2.1-32.el5_9.1", "arch": "s390", "packageName": "freetype", "packageFilename": "freetype-2.2.1-32.el5_9.1.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.2.1-32.el5_9.1", "arch": "s390", "packageName": "freetype-devel", "packageFilename": "freetype-devel-2.2.1-32.el5_9.1.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.2.1-32.el5_9.1", "arch": "s390x", "packageName": "freetype", "packageFilename": "freetype-2.2.1-32.el5_9.1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.2.1-32.el5_9.1", "arch": "s390x", "packageName": "freetype-demos", "packageFilename": "freetype-demos-2.2.1-32.el5_9.1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.2.1-32.el5_9.1", "arch": "s390x", "packageName": "freetype-devel", "packageFilename": "freetype-devel-2.2.1-32.el5_9.1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.2.1-32.el5_9.1", "arch": "ia64", "packageName": "freetype-debuginfo", "packageFilename": "freetype-debuginfo-2.2.1-32.el5_9.1.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.2.1-32.el5_9.1", "arch": "i386", "packageName": "freetype-demos", "packageFilename": "freetype-demos-2.2.1-32.el5_9.1.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.2.1-32.el5_9.1", "arch": "i386", "packageName": "freetype-devel", "packageFilename": "freetype-devel-2.2.1-32.el5_9.1.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.2.1-32.el5_9.1", "arch": "x86_64", "packageName": "freetype-demos", "packageFilename": "freetype-demos-2.2.1-32.el5_9.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.2.1-32.el5_9.1", "arch": "x86_64", "packageName": "freetype-devel", "packageFilename": "freetype-devel-2.2.1-32.el5_9.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.2.1-32.el5_9.1", "arch": "ia64", "packageName": "freetype-demos", "packageFilename": "freetype-demos-2.2.1-32.el5_9.1.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.2.1-32.el5_9.1", "arch": "ia64", "packageName": "freetype", "packageFilename": "freetype-2.2.1-32.el5_9.1.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.2.1-32.el5_9.1", "arch": "ia64", "packageName": "freetype-devel", "packageFilename": "freetype-devel-2.2.1-32.el5_9.1.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.3.11-14.el6_3.1", "arch": "i686", "packageName": "freetype-debuginfo", "packageFilename": "freetype-debuginfo-2.3.11-14.el6_3.1.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.3.11-14.el6_3.1", "arch": "src", "packageName": "freetype", "packageFilename": "freetype-2.3.11-14.el6_3.1.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.3.11-14.el6_3.1", "arch": "x86_64", "packageName": "freetype-debuginfo", "packageFilename": "freetype-debuginfo-2.3.11-14.el6_3.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.3.11-14.el6_3.1", "arch": "i686", "packageName": "freetype-devel", "packageFilename": "freetype-devel-2.3.11-14.el6_3.1.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.3.11-14.el6_3.1", "arch": "i686", "packageName": "freetype-demos", "packageFilename": "freetype-demos-2.3.11-14.el6_3.1.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.3.11-14.el6_3.1", "arch": "x86_64", "packageName": "freetype-demos", "packageFilename": "freetype-demos-2.3.11-14.el6_3.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.3.11-14.el6_3.1", "arch": "x86_64", "packageName": "freetype-devel", "packageFilename": "freetype-devel-2.3.11-14.el6_3.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.3.11-14.el6_3.1", "arch": "i686", "packageName": "freetype", "packageFilename": "freetype-2.3.11-14.el6_3.1.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.3.11-14.el6_3.1", "arch": "x86_64", "packageName": "freetype", "packageFilename": "freetype-2.3.11-14.el6_3.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.3.11-14.el6_3.1", "arch": "ppc", "packageName": "freetype-debuginfo", "packageFilename": "freetype-debuginfo-2.3.11-14.el6_3.1.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.3.11-14.el6_3.1", "arch": "ppc64", "packageName": "freetype-debuginfo", "packageFilename": "freetype-debuginfo-2.3.11-14.el6_3.1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.3.11-14.el6_3.1", "arch": "ppc64", "packageName": "freetype-demos", "packageFilename": "freetype-demos-2.3.11-14.el6_3.1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.3.11-14.el6_3.1", "arch": "ppc64", "packageName": "freetype-devel", "packageFilename": "freetype-devel-2.3.11-14.el6_3.1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.3.11-14.el6_3.1", "arch": "ppc", "packageName": "freetype", "packageFilename": "freetype-2.3.11-14.el6_3.1.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.3.11-14.el6_3.1", "arch": "ppc", "packageName": "freetype-devel", "packageFilename": "freetype-devel-2.3.11-14.el6_3.1.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.3.11-14.el6_3.1", "arch": "ppc64", "packageName": "freetype", "packageFilename": "freetype-2.3.11-14.el6_3.1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.3.11-14.el6_3.1", "arch": "s390x", "packageName": "freetype-debuginfo", "packageFilename": "freetype-debuginfo-2.3.11-14.el6_3.1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.3.11-14.el6_3.1", "arch": "s390", "packageName": "freetype-debuginfo", "packageFilename": "freetype-debuginfo-2.3.11-14.el6_3.1.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.3.11-14.el6_3.1", "arch": "s390x", "packageName": "freetype-demos", "packageFilename": "freetype-demos-2.3.11-14.el6_3.1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.3.11-14.el6_3.1", "arch": "s390x", "packageName": "freetype", "packageFilename": "freetype-2.3.11-14.el6_3.1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.3.11-14.el6_3.1", "arch": "s390", "packageName": "freetype", "packageFilename": "freetype-2.3.11-14.el6_3.1.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.3.11-14.el6_3.1", "arch": "s390", "packageName": "freetype-devel", "packageFilename": "freetype-devel-2.3.11-14.el6_3.1.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.3.11-14.el6_3.1", "arch": "s390x", "packageName": "freetype-devel", "packageFilename": "freetype-devel-2.3.11-14.el6_3.1.s390x.rpm", "operator": "lt"}], "description": "FreeType is a free, high-quality, portable font engine that can open and\nmanage font files. It also loads, hints, and renders individual glyphs\nefficiently.\n\nA flaw was found in the way the FreeType font rendering engine processed\ncertain Glyph Bitmap Distribution Format (BDF) fonts. If a user loaded a\nspecially-crafted font file with an application linked against FreeType, it\ncould cause the application to crash or, possibly, execute arbitrary code\nwith the privileges of the user running the application. (CVE-2012-5669)\n\nUsers are advised to upgrade to these updated packages, which contain a\nbackported patch to correct this issue. The X server must be restarted (log\nout, then log back in) for this update to take effect.\n", "reporter": "RedHat", "published": "2013-01-31T05:00:00", "type": "redhat", "title": "(RHSA-2013:0216) Important: freetype security update", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2012-5669"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-06T20:24:05", "id": "RHSA-2013:0216", "href": "https://access.redhat.com/errata/RHSA-2013:0216", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "centos": [{"lastseen": "2017-11-13T10:43:37", "references": ["https://rhn.redhat.com/errata/RHSA-2013-0216.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.3.11-14.el6_3.1", "packageFilename": "freetype-2.3.11-14.el6_3.1.src.rpm", "packageName": "freetype", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.2.1-32.el5_9.1", "packageFilename": "freetype-2.2.1-32.el5_9.1.src.rpm", "packageName": "freetype", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.2.1-32.el5_9.1", "packageFilename": "freetype-2.2.1-32.el5_9.1.x86_64.rpm", "packageName": "freetype", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.3.11-14.el6_3.1", "packageFilename": "freetype-devel-2.3.11-14.el6_3.1.x86_64.rpm", "packageName": "freetype-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.3.11-14.el6_3.1", "packageFilename": "freetype-devel-2.3.11-14.el6_3.1.i686.rpm", "packageName": "freetype-devel", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.3.11-14.el6_3.1", "packageFilename": "freetype-devel-2.3.11-14.el6_3.1.i686.rpm", "packageName": "freetype-devel", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.3.11-14.el6_3.1", "packageFilename": "freetype-2.3.11-14.el6_3.1.i686.rpm", "packageName": "freetype", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.3.11-14.el6_3.1", "packageFilename": "freetype-2.3.11-14.el6_3.1.i686.rpm", "packageName": "freetype", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.3.11-14.el6_3.1", "packageFilename": "freetype-demos-2.3.11-14.el6_3.1.i686.rpm", "packageName": "freetype-demos", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.3.11-14.el6_3.1", "packageFilename": "freetype-demos-2.3.11-14.el6_3.1.x86_64.rpm", "packageName": "freetype-demos", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.2.1-32.el5_9.1", "packageFilename": "freetype-devel-2.2.1-32.el5_9.1.i386.rpm", "packageName": "freetype-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.2.1-32.el5_9.1", "packageFilename": "freetype-devel-2.2.1-32.el5_9.1.i386.rpm", "packageName": "freetype-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.2.1-32.el5_9.1", "packageFilename": "freetype-2.2.1-32.el5_9.1.i386.rpm", "packageName": "freetype", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.2.1-32.el5_9.1", "packageFilename": "freetype-2.2.1-32.el5_9.1.i386.rpm", "packageName": "freetype", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.2.1-32.el5_9.1", "packageFilename": "freetype-demos-2.2.1-32.el5_9.1.x86_64.rpm", "packageName": "freetype-demos", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.2.1-32.el5_9.1", "packageFilename": "freetype-demos-2.2.1-32.el5_9.1.i386.rpm", "packageName": "freetype-demos", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.3.11-14.el6_3.1", "packageFilename": "freetype-2.3.11-14.el6_3.1.x86_64.rpm", "packageName": "freetype", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.2.1-32.el5_9.1", "packageFilename": "freetype-devel-2.2.1-32.el5_9.1.x86_64.rpm", "packageName": "freetype-devel", "arch": "x86_64", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2013:0216\n\n\nFreeType is a free, high-quality, portable font engine that can open and\nmanage font files. It also loads, hints, and renders individual glyphs\nefficiently.\n\nA flaw was found in the way the FreeType font rendering engine processed\ncertain Glyph Bitmap Distribution Format (BDF) fonts. If a user loaded a\nspecially-crafted font file with an application linked against FreeType, it\ncould cause the application to crash or, possibly, execute arbitrary code\nwith the privileges of the user running the application. (CVE-2012-5669)\n\nUsers are advised to upgrade to these updated packages, which contain a\nbackported patch to correct this issue. The X server must be restarted (log\nout, then log back in) for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-February/019224.html\nhttp://lists.centos.org/pipermail/centos-announce/2013-January/019217.html\n\n**Affected packages:**\nfreetype\nfreetype-demos\nfreetype-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0216.html", "edition": 3, "reporter": "CentOS Project", "published": "2013-01-31T21:55:44", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "title": "freetype security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2012-5669"], "modified": "2013-02-01T00:54:19", "href": "http://lists.centos.org/pipermail/centos-announce/2013-January/019217.html", "id": "CESA-2013:0216", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:39:28", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.3.11-14.el6_3.1", "arch": "x86_64", "packageFilename": "freetype-2.3.11-14.el6_3.1.x86_64.rpm", "packageName": "freetype", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.3.11-14.el6_3.1", "arch": "i686", "packageFilename": "freetype-devel-2.3.11-14.el6_3.1.i686.rpm", "packageName": "freetype-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.3.11-14.el6_3.1", "arch": "i686", "packageFilename": "freetype-devel-2.3.11-14.el6_3.1.i686.rpm", "packageName": "freetype-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.2.1-32.el5_9.1", "arch": "ia64", "packageFilename": "freetype-demos-2.2.1-32.el5_9.1.ia64.rpm", "packageName": "freetype-demos", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.2.1-32.el5_9.1", "arch": "i386", "packageFilename": "freetype-devel-2.2.1-32.el5_9.1.i386.rpm", "packageName": "freetype-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.2.1-32.el5_9.1", "arch": "i386", "packageFilename": "freetype-devel-2.2.1-32.el5_9.1.i386.rpm", "packageName": "freetype-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.2.1-32.el5_9.1", "arch": "ia64", "packageFilename": "freetype-devel-2.2.1-32.el5_9.1.ia64.rpm", "packageName": "freetype-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.2.1-32.el5_9.1", "arch": "x86_64", "packageFilename": "freetype-devel-2.2.1-32.el5_9.1.x86_64.rpm", "packageName": "freetype-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.3.11-14.el6_3.1", "arch": "src", "packageFilename": "freetype-2.3.11-14.el6_3.1.src.rpm", "packageName": "freetype", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.3.11-14.el6_3.1", "arch": "src", "packageFilename": "freetype-2.3.11-14.el6_3.1.src.rpm", "packageName": "freetype", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.3.11-14.el6_3.1", "arch": "i686", "packageFilename": "freetype-demos-2.3.11-14.el6_3.1.i686.rpm", "packageName": "freetype-demos", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.3.11-14.el6_3.1", "arch": "x86_64", "packageFilename": "freetype-demos-2.3.11-14.el6_3.1.x86_64.rpm", "packageName": "freetype-demos", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.2.1-32.el5_9.1", "arch": "i386", "packageFilename": "freetype-2.2.1-32.el5_9.1.i386.rpm", "packageName": "freetype", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.2.1-32.el5_9.1", "arch": "i386", "packageFilename": "freetype-2.2.1-32.el5_9.1.i386.rpm", "packageName": "freetype", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.2.1-32.el5_9.1", "arch": "i386", "packageFilename": "freetype-2.2.1-32.el5_9.1.i386.rpm", "packageName": "freetype", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.3.11-14.el6_3.1", "arch": "x86_64", "packageFilename": "freetype-devel-2.3.11-14.el6_3.1.x86_64.rpm", "packageName": "freetype-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.2.1-32.el5_9.1", "arch": "src", "packageFilename": "freetype-2.2.1-32.el5_9.1.src.rpm", "packageName": "freetype", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.2.1-32.el5_9.1", "arch": "src", "packageFilename": "freetype-2.2.1-32.el5_9.1.src.rpm", "packageName": "freetype", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.2.1-32.el5_9.1", "arch": "src", "packageFilename": "freetype-2.2.1-32.el5_9.1.src.rpm", "packageName": "freetype", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.2.1-32.el5_9.1", "arch": "i386", "packageFilename": "freetype-demos-2.2.1-32.el5_9.1.i386.rpm", "packageName": "freetype-demos", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.2.1-32.el5_9.1", "arch": "x86_64", "packageFilename": "freetype-2.2.1-32.el5_9.1.x86_64.rpm", "packageName": "freetype", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.2.1-32.el5_9.1", "arch": "x86_64", "packageFilename": "freetype-demos-2.2.1-32.el5_9.1.x86_64.rpm", "packageName": "freetype-demos", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.2.1-32.el5_9.1", "arch": "ia64", "packageFilename": "freetype-2.2.1-32.el5_9.1.ia64.rpm", "packageName": "freetype", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.3.11-14.el6_3.1", "arch": "i686", "packageFilename": "freetype-2.3.11-14.el6_3.1.i686.rpm", "packageName": "freetype", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.3.11-14.el6_3.1", "arch": "i686", "packageFilename": "freetype-2.3.11-14.el6_3.1.i686.rpm", "packageName": "freetype", "operator": "lt"}], "description": "[2.3.11-14.el6_3.1]\n- Fix CVE-2012-5669\n (Use correct array size for checking 'glyph_enc')\n- Resolves: #903542\n[2.3.11-14]\n- A little change in configure part\n- Related: #723468\n[2.3.11-13]\n- Fix CVE-2012-{1126, 1127, 1130, 1131, 1132, 1134, 1136,\n 1137, 1139, 1140, 1141, 1142, 1143, 1144}\n- Properly initialize array 'result' in\n FT_Outline_Get_Orientation()\n- Check bytes per row for overflow in _bdf_parse_glyphs()\n- Resolves: #806269\n[2.3.11-12]\n- Add freetype-2.3.11-CVE-2011-3439.patch\n (Various loading fixes.)\n- Resolves: #754012\n[2.3.11-11]\n- Add freetype-2.3.11-CVE-2011-3256.patch\n (Handle some border cases.)\n- Resolves: #747084\n[2.3.11-10]\n- Use -fno-strict-aliasing instead of __attribute__((__may_alias__))\n- Resolves: #723468\n[2.3.11-9]\n- Allow FT_Glyph to alias (to pass Rpmdiff)\n- Resolves: #723468\n[2.3.11-8]\n- Add freetype-2.3.11-CVE-2011-0226.patch\n (Add better argument check for 'callothersubr'.)\n - based on patches by Werner Lemberg,\n Alexei Podtelezhnikov and Matthias Drochner\n- Resolves: #723468\n[2.3.11-7]\n- Add freetype-2.3.11-CVE-2010-3855.patch\n (Protect against invalid 'runcnt' values.)\n- Resolves: #651762", "edition": 3, "reporter": "Oracle", "published": "2013-01-31T00:00:00", "title": "freetype security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2011-3256", "CVE-2011-0226", "CVE-2012-5669", "CVE-2010-3855", "CVE-2011-3439"], "modified": "2013-01-31T00:00:00", "id": "ELSA-2013-0216", "href": "http://linux.oracle.com/errata/ELSA-2013-0216.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:48:12", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.3.11-15.el6_6.1", "arch": "x86_64", "packageFilename": "freetype-demos-2.3.11-15.el6_6.1.x86_64.rpm", "packageName": "freetype-demos", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.3.11-15.el6_6.1", "arch": "i686", "packageFilename": "freetype-devel-2.3.11-15.el6_6.1.i686.rpm", "packageName": "freetype-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.3.11-15.el6_6.1", "arch": "i686", "packageFilename": "freetype-devel-2.3.11-15.el6_6.1.i686.rpm", "packageName": "freetype-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.3.11-15.el6_6.1", "arch": "src", "packageFilename": "freetype-2.3.11-15.el6_6.1.src.rpm", "packageName": "freetype", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.3.11-15.el6_6.1", "arch": "src", "packageFilename": "freetype-2.3.11-15.el6_6.1.src.rpm", "packageName": "freetype", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "2.4.11-10.el7_1.1", "arch": "src", "packageFilename": "freetype-2.4.11-10.el7_1.1.src.rpm", "packageName": "freetype", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "2.4.11-10.el7_1.1", "arch": "i686", "packageFilename": "freetype-devel-2.4.11-10.el7_1.1.i686.rpm", "packageName": "freetype-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.3.11-15.el6_6.1", "arch": "x86_64", "packageFilename": "freetype-devel-2.3.11-15.el6_6.1.x86_64.rpm", "packageName": "freetype-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "2.4.11-10.el7_1.1", "arch": "x86_64", "packageFilename": "freetype-demos-2.4.11-10.el7_1.1.x86_64.rpm", "packageName": "freetype-demos", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.3.11-15.el6_6.1", "arch": "i686", "packageFilename": "freetype-2.3.11-15.el6_6.1.i686.rpm", "packageName": "freetype", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.3.11-15.el6_6.1", "arch": "i686", "packageFilename": "freetype-2.3.11-15.el6_6.1.i686.rpm", "packageName": "freetype", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.3.11-15.el6_6.1", "arch": "x86_64", "packageFilename": "freetype-2.3.11-15.el6_6.1.x86_64.rpm", "packageName": "freetype", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "2.4.11-10.el7_1.1", "arch": "x86_64", "packageFilename": "freetype-2.4.11-10.el7_1.1.x86_64.rpm", "packageName": "freetype", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.3.11-15.el6_6.1", "arch": "i686", "packageFilename": "freetype-demos-2.3.11-15.el6_6.1.i686.rpm", "packageName": "freetype-demos", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "2.4.11-10.el7_1.1", "arch": "x86_64", "packageFilename": "freetype-devel-2.4.11-10.el7_1.1.x86_64.rpm", "packageName": "freetype-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "2.4.11-10.el7_1.1", "arch": "i686", "packageFilename": "freetype-2.4.11-10.el7_1.1.i686.rpm", "packageName": "freetype", "operator": "lt"}], "description": "[2.3.11-15.el6_6.1]\n- Fixes CVE-2014-9657\n - Check minimum size of record_size.\n- Fixes CVE-2014-9658\n - Use correct value for minimum table length test.\n- Fixes CVE-2014-9675\n - New macro that checks one character more than strncmp.\n- Fixes CVE-2014-9660\n - Check _BDF_GLYPH_BITS.\n- Fixes CVE-2014-9661\n - Initialize face->ttf_size.\n - Always set face->ttf_size directly.\n - Exclusively use the truetype font driver for loading\n the font contained in the sfnts array.\n- Fixes CVE-2014-9663\n - Fix order of validity tests.\n- Fixes CVE-2014-9664\n - Add another boundary testing.\n - Fix boundary testing.\n- Fixes CVE-2014-9667\n - Protect against addition overflow.\n- Fixes CVE-2014-9669\n - Protect against overflow in additions and multiplications.\n- Fixes CVE-2014-9670\n - Add sanity checks for row and column values.\n- Fixes CVE-2014-9671\n - Check size and offset values.\n- Fixes CVE-2014-9673\n - Fix integer overflow by a broken POST table in resource-fork.\n- Fixes CVE-2014-9674\n - Fix integer overflow by a broken POST table in resource-fork.\n - Additional overflow check in the summation of POST fragment lengths.\n- Work around behaviour of X11s pcfWriteFont and pcfReadFont functions\n- Resolves: #1197737\n[2.3.11-15]\n- Fix CVE-2012-5669\n (Use correct array size for checking glyph_enc)\n- Resolves: #903543", "edition": 3, "reporter": "Oracle", "published": "2015-03-17T00:00:00", "title": "freetype security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-9657", "CVE-2014-9675", "CVE-2014-9664", "CVE-2014-9660", "CVE-2014-9671", "CVE-2014-9658", "CVE-2014-9674", "CVE-2014-9669", "CVE-2012-5669", "CVE-2014-9673", "CVE-2014-9670", "CVE-2014-9667", "CVE-2014-9663", "CVE-2014-9661"], "modified": "2015-03-17T00:00:00", "id": "ELSA-2015-0696", "href": "http://linux.oracle.com/errata/ELSA-2015-0696.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}