Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2010-0578.NASL
HistoryAug 02, 2010 - 12:00 a.m.

RHEL 4 / 5 : freetype (RHSA-2010:0578)

2010-08-0200:00:00
This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11
JSON

Updated freetype packages that fix various security issues are now available for Red Hat Enterprise Linux 4 and 5.

The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for Red Hat Enterprise Linux 5 provide only the FreeType 2 font engine.

An invalid memory management flaw was found in the way the FreeType font engine processed font files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2498)

An integer overflow flaw was found in the way the FreeType font engine processed font files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2500)

Several buffer overflow flaws were found in the way the FreeType font engine processed font files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2499, CVE-2010-2519)

Several buffer overflow flaws were found in the FreeType demo applications. If a user loaded a carefully-crafted font file with a demo application, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2527, CVE-2010-2541)

Red Hat would like to thank Robert Swiecki of the Google Security Team for the discovery of the CVE-2010-2498, CVE-2010-2500, CVE-2010-2499, CVE-2010-2519, and CVE-2010-2527 issues.

Note: All of the issues in this erratum only affect the FreeType 2 font engine.

Users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2010:0578. The text 
# itself is copyright (C) Red Hat, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(48212);
  script_version("1.24");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2500", "CVE-2010-2519", "CVE-2010-2527", "CVE-2010-2541");
  script_bugtraq_id(60740, 60750);
  script_xref(name:"RHSA", value:"2010:0578");

  script_name(english:"RHEL 4 / 5 : freetype (RHSA-2010:0578)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Updated freetype packages that fix various security issues are now
available for Red Hat Enterprise Linux 4 and 5.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

FreeType is a free, high-quality, portable font engine that can open
and manage font files. It also loads, hints, and renders individual
glyphs efficiently. The freetype packages for Red Hat Enterprise Linux
4 provide both the FreeType 1 and FreeType 2 font engines. The
freetype packages for Red Hat Enterprise Linux 5 provide only the
FreeType 2 font engine.

An invalid memory management flaw was found in the way the FreeType
font engine processed font files. If a user loaded a carefully-crafted
font file with an application linked against FreeType, it could cause
the application to crash or, possibly, execute arbitrary code with the
privileges of the user running the application. (CVE-2010-2498)

An integer overflow flaw was found in the way the FreeType font engine
processed font files. If a user loaded a carefully-crafted font file
with an application linked against FreeType, it could cause the
application to crash or, possibly, execute arbitrary code with the
privileges of the user running the application. (CVE-2010-2500)

Several buffer overflow flaws were found in the way the FreeType font
engine processed font files. If a user loaded a carefully-crafted font
file with an application linked against FreeType, it could cause the
application to crash or, possibly, execute arbitrary code with the
privileges of the user running the application. (CVE-2010-2499,
CVE-2010-2519)

Several buffer overflow flaws were found in the FreeType demo
applications. If a user loaded a carefully-crafted font file with a
demo application, it could cause the application to crash or,
possibly, execute arbitrary code with the privileges of the user
running the application. (CVE-2010-2527, CVE-2010-2541)

Red Hat would like to thank Robert Swiecki of the Google Security Team
for the discovery of the CVE-2010-2498, CVE-2010-2500, CVE-2010-2499,
CVE-2010-2519, and CVE-2010-2527 issues.

Note: All of the issues in this erratum only affect the FreeType 2
font engine.

Users are advised to upgrade to these updated packages, which contain
backported patches to correct these issues. The X server must be
restarted (log out, then log back in) for this update to take effect."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2010-2498"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2010-2499"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2010-2500"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2010-2519"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2010-2527"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2010-2541"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2010:0578"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freetype");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freetype-demos");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freetype-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freetype-utils");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4.8");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");

  script_set_attribute(attribute:"vuln_publication_date", value:"2010/08/19");
  script_set_attribute(attribute:"patch_publication_date", value:"2010/07/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/08/02");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^(4|5)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x / 5.x", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2010:0578";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_check(release:"RHEL4", reference:"freetype-2.1.9-14.el4.8")) flag++;

  if (rpm_check(release:"RHEL4", reference:"freetype-demos-2.1.9-14.el4.8")) flag++;

  if (rpm_check(release:"RHEL4", reference:"freetype-devel-2.1.9-14.el4.8")) flag++;

  if (rpm_check(release:"RHEL4", reference:"freetype-utils-2.1.9-14.el4.8")) flag++;


  if (rpm_check(release:"RHEL5", reference:"freetype-2.2.1-25.el5_5")) flag++;

  if (rpm_check(release:"RHEL5", cpu:"i386", reference:"freetype-demos-2.2.1-25.el5_5")) flag++;

  if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"freetype-demos-2.2.1-25.el5_5")) flag++;

  if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"freetype-demos-2.2.1-25.el5_5")) flag++;

  if (rpm_check(release:"RHEL5", reference:"freetype-devel-2.2.1-25.el5_5")) flag++;


  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "freetype / freetype-demos / freetype-devel / freetype-utils");
  }
}
VendorProductVersionCPE
redhatenterprise_linuxfreetypep-cpe:/a:redhat:enterprise_linux:freetype
redhatenterprise_linuxfreetype-demosp-cpe:/a:redhat:enterprise_linux:freetype-demos
redhatenterprise_linuxfreetype-develp-cpe:/a:redhat:enterprise_linux:freetype-devel
redhatenterprise_linuxfreetype-utilsp-cpe:/a:redhat:enterprise_linux:freetype-utils
redhatenterprise_linux4cpe:/o:redhat:enterprise_linux:4
redhatenterprise_linux4.8cpe:/o:redhat:enterprise_linux:4.8
redhatenterprise_linux5cpe:/o:redhat:enterprise_linux:5

Related

openvas 33
nessus 27
oraclelinux 2
centos 2
redhat 3
ubuntu 2
n0where 1
debian 3
securityvulns 4
fedora 4
gentoo 1
ubuntucve 6
prion 6
veracode 6
cve 6
debiancve 6
suse 1
osv 1
openvas
openvas
RedHat Update for freetype RHSA-2010:0578-01
2010-08-02 00:00:00
CentOS Update for freetype CESA-2010:0578 centos5 i386
2011-08-09 00:00:00
CentOS Update for freetype CESA-2010:0578 centos5 i386
2011-08-09 00:00:00
nessus
nessus
CentOS 4 / 5 : freetype (CESA-2010:0578)
2010-08-03 00:00:00
Oracle Linux 4 / 5 : freetype (ELSA-2010-0578)
2013-07-12 00:00:00
Scientific Linux Security Update : freetype for SL4 , SL5
2012-08-01 00:00:00
oraclelinux
oraclelinux
freetype security update
2010-07-30 00:00:00
freetype security update
2010-07-30 00:00:00
centos
centos
freetype security update
2010-08-03 00:36:19
freetype security update
2010-08-16 21:19:51
redhat
redhat
(RHSA-2010:0578) Important: freetype security update
2010-07-30 00:00:00
(RHSA-2010:0577) Important: freetype security update
2010-07-30 00:00:00
(RHSA-2010:0622) Important: rhev-hypervisor security and bug fix update
2010-08-19 00:00:00
ubuntu
ubuntu
FreeType vulnerabilities
2010-07-20 00:00:00
FreeType vulnerabilities
2010-08-17 00:00:00
n0where
n0where
General Purpose Fuzzing: Honggfuzz
2015-06-05 15:50:13
debian
debian
[SECURITY] [DSA 2070-1] New freetype packages fix several vulnerabilities
2010-07-14 20:04:45
[SECURITY] [DSA-2105-1] New freetype packages fix several vulnerabilities
2010-09-07 20:39:32
[SECURITY] [DSA-2105-1] New freetype packages fix several vulnerabilities
2010-09-07 20:39:32
securityvulns
securityvulns
[SECURITY] [DSA 2070-1] New freetype packages fix several vulnerabilities
2010-07-16 00:00:00
freetype library multiple security vulnerabilities
2011-11-27 00:00:00
[USN-972-1] FreeType vulnerabilities
2010-08-19 00:00:00
fedora
fedora
[SECURITY] Fedora 13 Update: freetype-2.3.11-6.fc13
2010-10-19 07:23:19
[SECURITY] Fedora 12 Update: freetype-2.3.11-6.fc12
2010-11-01 20:53:44
[SECURITY] Fedora 12 Update: freetype-2.3.11-7.fc12
2010-11-21 21:56:42
gentoo
gentoo
FreeType: Multiple vulnerabilities
2012-01-23 00:00:00
ubuntucve
ubuntucve
CVE-2010-2541
2010-08-12 00:00:00
CVE-2010-2527
2010-07-20 00:00:00
CVE-2010-2500
2010-07-20 00:00:00
prion
prion
Buffer overflow
2010-08-19 18:00:00
Buffer overflow
2010-08-19 18:00:00
Integer overflow
2010-08-19 18:00:00
veracode
veracode
Buffer Overflow
2020-04-10 00:49:48
Arbitrary Code Execution
2020-04-10 00:49:49
Arbitrary Code Execution
2020-04-10 00:49:49
cve
cve
CVE-2010-2527
2010-08-19 18:00:00
CVE-2010-2498
2010-08-19 18:00:00
CVE-2010-2541
2010-08-19 18:00:00
debiancve
debiancve
CVE-2010-2499
2010-08-19 18:00:00
CVE-2010-2541
2010-08-19 18:00:00
CVE-2010-2500
2010-08-19 18:00:00
suse
suse
Security update for freetype2 (important)
2012-04-23 18:08:18
osv
osv
freetype - several vulnerabilities
2010-09-07 00:00:00
JSON
Related for REDHAT-RHSA-2010-0578.NASL
openvas33nessus27oraclelinux2centos2redhat3ubuntu2n0where1debian3securityvulns4fedora4gentoo1ubuntucve6prion6veracode6cve6debiancve6suse1osv1