Lucene search
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2013-42.NASLHistoryJun 13, 2014 - 12:00 a.m.
openSUSE Security Update : freetype2 (openSUSE-SU-2013:0177-1)
2014-06-1300:00:00
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
10
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.018 Low
EPSS
Percentile
88.2%
-
new license string.
-
BNC#795826, CVE-2012-5668.patch
-
BNC#795826, CVE-2012-5669.patch [bdf] Fix Savannah bug #37906.
-
src/bdf/bdflib.c (_bdf_parse_glyphs): Use correct array size for checking `glyph_enc’.
-
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2013-42.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(75003);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2012-5668", "CVE-2012-5669");
script_name(english:"openSUSE Security Update : freetype2 (openSUSE-SU-2013:0177-1)");
script_summary(english:"Check for the openSUSE-2013-42 patch");
script_set_attribute(
attribute:"synopsis",
value:"The remote openSUSE host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
" - new license string.
- BNC#795826, CVE-2012-5668.patch
- BNC#795826, CVE-2012-5669.patch [bdf] Fix Savannah bug
#37906.
- src/bdf/bdflib.c (_bdf_parse_glyphs): Use correct array
size for checking `glyph_enc'."
);
script_set_attribute(
attribute:"see_also",
value:"https://lists.opensuse.org/opensuse-updates/2013-01/msg00068.html"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected freetype2 packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:freetype2-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:freetype2-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:freetype2-devel-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreetype6");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreetype6-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreetype6-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreetype6-debuginfo-32bit");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.1");
script_set_attribute(attribute:"patch_publication_date", value:"2013/01/15");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE12\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE12.1", reference:"freetype2-debugsource-2.4.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"freetype2-devel-2.4.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"libfreetype6-2.4.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"libfreetype6-debuginfo-2.4.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"freetype2-devel-32bit-2.4.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"libfreetype6-32bit-2.4.7-9.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"libfreetype6-debuginfo-32bit-2.4.7-9.1") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "freetype2-debugsource / freetype2-devel / freetype2-devel-32bit / etc");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | opensuse | freetype2-debugsource | p-cpe:/a:novell:opensuse:freetype2-debugsource |
| novell | opensuse | freetype2-devel | p-cpe:/a:novell:opensuse:freetype2-devel |
| novell | opensuse | freetype2-devel-32bit | p-cpe:/a:novell:opensuse:freetype2-devel-32bit |
| novell | opensuse | libfreetype6 | p-cpe:/a:novell:opensuse:libfreetype6 |
| novell | opensuse | libfreetype6-32bit | p-cpe:/a:novell:opensuse:libfreetype6-32bit |
| novell | opensuse | libfreetype6-debuginfo | p-cpe:/a:novell:opensuse:libfreetype6-debuginfo |
| novell | opensuse | libfreetype6-debuginfo-32bit | p-cpe:/a:novell:opensuse:libfreetype6-debuginfo-32bit |
| novell | opensuse | 12.1 | cpe:/o:novell:opensuse:12.1 |
Related
nessus
nessus
Mandriva Linux Security Advisory : freetype2 (MDVSA-2013:006)
2013-02-09 00:00:00
SuSE 11.2 Security Update : freetype2 (SAT Patch Number 7232)
2013-01-25 00:00:00
GLSA-201402-16 : FreeType: Multiple vulnerabilities
2014-02-12 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2013:0195-1)
2021-06-09 00:00:00
Ubuntu: Security Advisory (USN-1686-1)
2013-01-15 00:00:00
Slackware: Security Advisory (SSA:2013-015-01)
2022-04-21 00:00:00
gentoo
gentoo
FreeType: Multiple vulnerabilities
2014-02-11 00:00:00
ubuntu
ubuntu
FreeType vulnerabilities
2013-01-14 00:00:00
securityvulns
securityvulns
[USN-1686-1] FreeType vulnerabilities
2013-01-14 00:00:00
FreeType security vulnerabilities
2013-01-14 00:00:00
slackware
slackware
freetype
2013-01-15 20:21:38
debian
debian
[BSA-078] Security Update for freetype
2013-01-09 06:28:35
ubuntucve
ubuntucve
CVE-2012-5668
2012-12-31 00:00:00
CVE-2012-5669
2012-12-31 00:00:00
prion
prion
Null pointer dereference
2013-01-24 21:55:00
Out-of-bounds
2013-01-24 21:55:00
debiancve
debiancve
CVE-2012-5668
2013-01-24 21:55:01
CVE-2012-5669
2013-01-24 21:55:01
nvd
nvd
CVE-2012-5668
2013-01-24 21:55:01
CVE-2012-5669
2013-01-24 21:55:01
cve
cve
CVE-2012-5668
2013-01-24 21:55:01
CVE-2012-5669
2013-01-24 21:55:01
cvelist
cvelist
CVE-2012-5668
2013-01-24 21:00:00
CVE-2012-5669
2013-01-24 21:00:00
redhat
redhat
(RHSA-2013:0216) Important: freetype security update
2013-01-31 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: freetype-2.4.10-3.fc18
2013-02-05 02:57:50
[SECURITY] Fedora 17 Update: freetype-2.4.8-4.fc17
2013-02-12 05:14:15
amazon
amazon
Important: freetype
2013-02-03 12:34:00
centos
centos
freetype security update
2013-01-31 21:55:44
f5
f5
SOL15095307 - BDF parsing vulnerability CVE-2012-5669
2016-02-01 00:00:00
K15095307 : BDF parsing vulnerability CVE-2012-5669
2016-02-02 00:00:00
veracode
veracode
Denial Of Service (Dos)
2019-01-15 08:55:06
oraclelinux
oraclelinux
freetype security update
2013-01-31 00:00:00
freetype security update
2015-03-17 00:00:00
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.018 Low
EPSS
Percentile
88.2%
Related for OPENSUSE-2013-42.NASL