Search...

SuSE9 Security Update : freetype2 (YOU Patch Number 12656)

2010-10-11T00:00:00

ID SUSE9_12656.NASL
Type nessus
Reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
Modified 2020-06-02T00:00:00

Description

When loading specially crafted font files applications linked against freetype2 could crash or potentially even execute arbitrary code (CVE-2010-3311, CVE-2010-3053, CVE-2010-3054). This has been fixed.

                                        
                                            #%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The text description of this plugin is (C) Novell, Inc.
#

if (NASL_LEVEL &lt; 3000) exit(0);

include("compat.inc");

if (description)
{
  script_id(49823);
  script_version("1.5");
  script_cvs_date("Date: 2019/10/25 13:36:37");

  script_cve_id("CVE-2010-3053", "CVE-2010-3054", "CVE-2010-3311");

  script_name(english:"SuSE9 Security Update : freetype2 (YOU Patch Number 12656)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SuSE 9 host is missing a security-related patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"When loading specially crafted font files applications linked against
freetype2 could crash or potentially even execute arbitrary code
(CVE-2010-3311, CVE-2010-3053, CVE-2010-3054). This has been fixed."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-3053.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-3054.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-3311.html"
  );
  script_set_attribute(attribute:"solution", value:"Apply YOU patch number 12656.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2010/10/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/10/11");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
if (cpu &gt;!&lt; "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 9 on the '"+cpu+"' architecture have not been implemented.");


flag = 0;
if (rpm_check(release:"SUSE9", reference:"freetype2-2.1.7-53.25")) flag++;
if (rpm_check(release:"SUSE9", reference:"freetype2-devel-2.1.7-53.25")) flag++;
if (rpm_check(release:"SUSE9", cpu:"x86_64", reference:"freetype2-32bit-9-201010062114")) flag++;
if (rpm_check(release:"SUSE9", cpu:"x86_64", reference:"freetype2-devel-32bit-9-201010062114")) flag++;


if (flag)
{
  if (report_verbosity &gt; 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else exit(0, "The host is not affected.");

JSON Vulners Source

Initial Source

{"id": "SUSE9_12656.NASL", "bulletinFamily": "scanner", "title": "SuSE9 Security Update : freetype2 (YOU Patch Number 12656)", "description": "When loading specially crafted font files applications linked against\nfreetype2 could crash or potentially even execute arbitrary code\n(CVE-2010-3311, CVE-2010-3053, CVE-2010-3054). This has been fixed.", "published": "2010-10-11T00:00:00", "modified": "2020-06-02T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "href": "https://www.tenable.com/plugins/nessus/49823", "reporter": "This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.", "references": ["http://support.novell.com/security/cve/CVE-2010-3311.html", "http://support.novell.com/security/cve/CVE-2010-3053.html", "http://support.novell.com/security/cve/CVE-2010-3054.html"], "cvelist": ["CVE-2010-3053", "CVE-2010-3311", "CVE-2010-3054"], "type": "nessus", "lastseen": "2020-06-01T04:20:30", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:suse:suse_linux"], "cvelist": ["CVE-2010-3053", "CVE-2010-3311", "CVE-2010-3054"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "When loading specially crafted font files applications linked against\nfreetype2 could crash or potentially even execute arbitrary code\n(CVE-2010-3311, CVE-2010-3053, CVE-2010-3054). This has been fixed.", "edition": 5, "enchantments": {"dependencies": {"modified": "2019-01-16T20:11:07", "references": [{"idList": ["USN-1013-1"], "type": "ubuntu"}, {"idList": ["SUSE-SU-2012:0553-1"], "type": "suse"}, {"idList": ["SECURITYVULNS:VULN:11001", "SECURITYVULNS:DOC:25153", "SECURITYVULNS:DOC:24855"], "type": "securityvulns"}, {"idList": ["RHSA-2010:0864", "RHSA-2010:0736", "RHSA-2010:0737"], "type": "redhat"}, {"idList": ["ELSA-2010-0737", "ELSA-2010-0736", "ELSA-2010-0889"], "type": "oraclelinux"}, {"idList": ["SUSE_11_2_FREETYPE2-101013.NASL", "SUSE_11_1_FREETYPE2-101013.NASL", "REDHAT-RHSA-2010-0737.NASL", "SUSE_FREETYPE2-7168.NASL", "REDHAT-RHSA-2010-0736.NASL", "ORACLELINUX_ELSA-2010-0736.NASL", "ORACLELINUX_ELSA-2010-0737.NASL", "SUSE_11_FREETYPE2-100927.NASL", "SUSE_11_3_FREETYPE2-101013.NASL", "CENTOS_RHSA-2010-0736.NASL"], "type": "nessus"}, {"idList": ["GLSA-201201-09"], "type": "gentoo"}, {"idList": ["CESA-2010:0737", "CESA-2010:0736"], "type": "centos"}, {"idList": ["OPENVAS:1361412562310880435", "OPENVAS:870339", "OPENVAS:1361412562310870330", "OPENVAS:870330", "OPENVAS:880433", "OPENVAS:880564", "OPENVAS:1361412562310122314", "OPENVAS:880435", "OPENVAS:1361412562310880564", "OPENVAS:1361412562310880433"], "type": "openvas"}, {"idList": ["DEBIAN:DSA-2116-1:79D65", "DEBIAN:DSA-2105-1:33FFA"], "type": "debian"}, {"idList": ["CVE-2010-3053", "CVE-2010-3311", "CVE-2010-3054"], "type": "cve"}]}, "score": {"value": 7.5, "vector": "NONE"}}, "hash": "41d6876fea8095fb46e412c10355c5b1a8669222a4bf70a642e916fe57aa484a", "hashmap": [{"hash": "5089ec9f9848668bbb6f5a90395a6753", "key": "references"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "90580119145df110c3e28d59dc37bcd3", "key": "modified"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "ba6ad3b38f39b2c1b193e55e01b2e92d", "key": "published"}, {"hash": "985046f79a84f4c3f0645f43fdfd1dde", "key": "pluginID"}, {"hash": "896ab6846e3e0bf59cc1d9e9204b74dd", "key": "href"}, {"hash": "3ba7943c52e549aa2256a208d2308d00", "key": "cvelist"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "3138d89b276fab4c175caf5f2b1e5bfc", "key": "cpe"}, {"hash": "83450edf546236d130188bf08c3442a3", "key": "sourceData"}, {"hash": "fd2417d37fdccae7496ebe397ccf0ac2", "key": "description"}, {"hash": "7b7d6ad1b7fa938cdb344b580af03498", "key": "title"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=49823", "id": "SUSE9_12656.NASL", "lastseen": "2019-01-16T20:11:07", "modified": "2012-04-23T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "49823", "published": "2010-10-11T00:00:00", "references": ["http://support.novell.com/security/cve/CVE-2010-3311.html", "http://support.novell.com/security/cve/CVE-2010-3053.html", "http://support.novell.com/security/cve/CVE-2010-3054.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(49823);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2012/04/23 18:21:33 $\");\n\n script_cve_id(\"CVE-2010-3053\", \"CVE-2010-3054\", \"CVE-2010-3311\");\n\n script_name(english:\"SuSE9 Security Update : freetype2 (YOU Patch Number 12656)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"When loading specially crafted font files applications linked against\nfreetype2 could crash or potentially even execute arbitrary code\n(CVE-2010-3311, CVE-2010-3053, CVE-2010-3054). This has been fixed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3053.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3054.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3311.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12656.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2012 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"freetype2-2.1.7-53.25\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"freetype2-devel-2.1.7-53.25\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"freetype2-32bit-9-201010062114\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"freetype2-devel-32bit-9-201010062114\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "title": "SuSE9 Security Update : freetype2 (YOU Patch Number 12656)", "type": "nessus", "viewCount": 0}, "differentElements": ["description"], "edition": 5, "lastseen": "2019-01-16T20:11:07"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2010-3053", "CVE-2010-3311", "CVE-2010-3054"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "When loading specially crafted font files applications linked against freetype2 could crash or potentially even execute arbitrary code (CVE-2010-3311, CVE-2010-3053, CVE-2010-3054). This has been fixed.", "edition": 1, "enchantments": {}, "hash": "293c625c147e2c528bb8e4f2583d5b9286dbc9aa686294248d01c8770528a2cc", "hashmap": [{"hash": "5089ec9f9848668bbb6f5a90395a6753", "key": "references"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "da0a080cfc394ab82a8e0c823e05fff3", "key": "description"}, {"hash": "90580119145df110c3e28d59dc37bcd3", "key": "modified"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "ba6ad3b38f39b2c1b193e55e01b2e92d", "key": "published"}, {"hash": "985046f79a84f4c3f0645f43fdfd1dde", "key": "pluginID"}, {"hash": "896ab6846e3e0bf59cc1d9e9204b74dd", "key": "href"}, {"hash": "3ba7943c52e549aa2256a208d2308d00", "key": "cvelist"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "83450edf546236d130188bf08c3442a3", "key": "sourceData"}, {"hash": "7b7d6ad1b7fa938cdb344b580af03498", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=49823", "id": "SUSE9_12656.NASL", "lastseen": "2016-09-26T17:24:43", "modified": "2012-04-23T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.2", "pluginID": "49823", "published": "2010-10-11T00:00:00", "references": ["http://support.novell.com/security/cve/CVE-2010-3311.html", "http://support.novell.com/security/cve/CVE-2010-3053.html", "http://support.novell.com/security/cve/CVE-2010-3054.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(49823);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2012/04/23 18:21:33 $\");\n\n script_cve_id(\"CVE-2010-3053\", \"CVE-2010-3054\", \"CVE-2010-3311\");\n\n script_name(english:\"SuSE9 Security Update : freetype2 (YOU Patch Number 12656)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"When loading specially crafted font files applications linked against\nfreetype2 could crash or potentially even execute arbitrary code\n(CVE-2010-3311, CVE-2010-3053, CVE-2010-3054). This has been fixed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3053.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3054.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3311.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12656.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2012 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"freetype2-2.1.7-53.25\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"freetype2-devel-2.1.7-53.25\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"freetype2-32bit-9-201010062114\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"freetype2-devel-32bit-9-201010062114\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "title": "SuSE9 Security Update : freetype2 (YOU Patch Number 12656)", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:24:43"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:suse:suse_linux"], "cvelist": ["CVE-2010-3053", "CVE-2010-3311", "CVE-2010-3054"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "When loading specially crafted font files applications linked against freetype2 could crash or potentially even execute arbitrary code (CVE-2010-3311, CVE-2010-3053, CVE-2010-3054). This has been fixed.", "edition": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "4935f0cd84a0f5965583dc31bd4e9536a842ae76fd3dbc99422a5b2eaf24f6a6", "hashmap": [{"hash": "5089ec9f9848668bbb6f5a90395a6753", "key": "references"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "da0a080cfc394ab82a8e0c823e05fff3", "key": "description"}, {"hash": "90580119145df110c3e28d59dc37bcd3", "key": "modified"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "ba6ad3b38f39b2c1b193e55e01b2e92d", "key": "published"}, {"hash": "985046f79a84f4c3f0645f43fdfd1dde", "key": "pluginID"}, {"hash": "896ab6846e3e0bf59cc1d9e9204b74dd", "key": "href"}, {"hash": "3ba7943c52e549aa2256a208d2308d00", "key": "cvelist"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "3138d89b276fab4c175caf5f2b1e5bfc", "key": "cpe"}, {"hash": "83450edf546236d130188bf08c3442a3", "key": "sourceData"}, {"hash": "7b7d6ad1b7fa938cdb344b580af03498", "key": "title"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=49823", "id": "SUSE9_12656.NASL", "lastseen": "2017-10-29T13:38:34", "modified": "2012-04-23T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "49823", "published": "2010-10-11T00:00:00", "references": ["http://support.novell.com/security/cve/CVE-2010-3311.html", "http://support.novell.com/security/cve/CVE-2010-3053.html", "http://support.novell.com/security/cve/CVE-2010-3054.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(49823);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2012/04/23 18:21:33 $\");\n\n script_cve_id(\"CVE-2010-3053\", \"CVE-2010-3054\", \"CVE-2010-3311\");\n\n script_name(english:\"SuSE9 Security Update : freetype2 (YOU Patch Number 12656)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"When loading specially crafted font files applications linked against\nfreetype2 could crash or potentially even execute arbitrary code\n(CVE-2010-3311, CVE-2010-3053, CVE-2010-3054). This has been fixed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3053.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3054.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3311.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12656.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2012 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"freetype2-2.1.7-53.25\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"freetype2-devel-2.1.7-53.25\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"freetype2-32bit-9-201010062114\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"freetype2-devel-32bit-9-201010062114\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "title": "SuSE9 Security Update : freetype2 (YOU Patch Number 12656)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2017-10-29T13:38:34"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:suse:suse_linux"], "cvelist": ["CVE-2010-3053", "CVE-2010-3311", "CVE-2010-3054"], "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss3": {}, "description": "When loading specially crafted font files applications linked against\nfreetype2 could crash or potentially even execute arbitrary code\n(CVE-2010-3311, CVE-2010-3053, CVE-2010-3054). This has been fixed.", "edition": 12, "enchantments": {"dependencies": {"modified": "2020-03-18T02:53:06", "references": [{"idList": ["USN-1013-1"], "type": "ubuntu"}, {"idList": ["SUSE-SU-2012:0553-1"], "type": "suse"}, {"idList": ["SECURITYVULNS:VULN:11001", "SECURITYVULNS:DOC:25153", "SECURITYVULNS:DOC:24855"], "type": "securityvulns"}, {"idList": ["RHSA-2010:0864", "RHSA-2010:0736", "RHSA-2010:0737"], "type": "redhat"}, {"idList": ["ELSA-2010-0737", "ELSA-2010-0736", "ELSA-2010-0889"], "type": "oraclelinux"}, {"idList": ["SUSE_11_2_FREETYPE2-101013.NASL", "SUSE_11_1_FREETYPE2-101013.NASL", "REDHAT-RHSA-2010-0737.NASL", "SUSE_FREETYPE2-7168.NASL", "REDHAT-RHSA-2010-0736.NASL", "ORACLELINUX_ELSA-2010-0736.NASL", "ORACLELINUX_ELSA-2010-0737.NASL", "SUSE_11_FREETYPE2-100927.NASL", "SUSE_11_3_FREETYPE2-101013.NASL", "CENTOS_RHSA-2010-0736.NASL"], "type": "nessus"}, {"idList": ["GLSA-201201-09"], "type": "gentoo"}, {"idList": ["CESA-2010:0737", "CESA-2010:0736"], "type": "centos"}, {"idList": ["DEBIAN:DSA-2116-1:79D65", "DEBIAN:DSA-2105-1:33FFA"], "type": "debian"}, {"idList": ["OPENVAS:1361412562310880435", "OPENVAS:1361412562310870339", "OPENVAS:870339", "OPENVAS:1361412562310870330", "OPENVAS:870330", "OPENVAS:880433", "OPENVAS:1361412562310122314", "OPENVAS:880435", "OPENVAS:1361412562310880564", "OPENVAS:1361412562310880433"], "type": "openvas"}, {"idList": ["CVE-2010-3053", "CVE-2010-3311", "CVE-2010-3054"], "type": "cve"}]}, "score": {"modified": "2020-03-18T02:53:06", "value": 8.3, "vector": "NONE"}}, "hash": "7de2dcf69988fa1493f04c326f8a2ffc3b29f025a829cfb1627b433294c8576a", "hashmap": [{"hash": "50f0bde0ec7e4b35bc17db0cac14fd99", "key": "href"}, {"hash": "af24fd3fdacb4d500ae9d1e724743016", "key": "modified"}, {"hash": "5089ec9f9848668bbb6f5a90395a6753", "key": "references"}, {"hash": "ca9660d9a885d3bf3cdca5c518e51864", "key": "reporter"}, {"hash": "ba6ad3b38f39b2c1b193e55e01b2e92d", "key": "published"}, {"hash": "985046f79a84f4c3f0645f43fdfd1dde", "key": "pluginID"}, {"hash": "d726e774add6189e33cf2ea0c61a2ba5", "key": "cvss"}, {"hash": "3ba7943c52e549aa2256a208d2308d00", "key": "cvelist"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "3138d89b276fab4c175caf5f2b1e5bfc", "key": "cpe"}, {"hash": "fd2417d37fdccae7496ebe397ccf0ac2", "key": "description"}, {"hash": "7b7d6ad1b7fa938cdb344b580af03498", "key": "title"}, {"hash": "df9c2c40946c8601185967abe3d68eed", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/nessus/49823", "id": "SUSE9_12656.NASL", "lastseen": "2020-03-18T02:53:06", "modified": "2020-03-02T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "49823", "published": "2010-10-11T00:00:00", "references": ["http://support.novell.com/security/cve/CVE-2010-3311.html", "http://support.novell.com/security/cve/CVE-2010-3053.html", "http://support.novell.com/security/cve/CVE-2010-3054.html"], "reporter": "This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(49823);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/10/25 13:36:37\");\n\n script_cve_id(\"CVE-2010-3053\", \"CVE-2010-3054\", \"CVE-2010-3311\");\n\n script_name(english:\"SuSE9 Security Update : freetype2 (YOU Patch Number 12656)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"When loading specially crafted font files applications linked against\nfreetype2 could crash or potentially even execute arbitrary code\n(CVE-2010-3311, CVE-2010-3053, CVE-2010-3054). This has been fixed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3053.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3054.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3311.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12656.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"freetype2-2.1.7-53.25\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"freetype2-devel-2.1.7-53.25\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"freetype2-32bit-9-201010062114\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"freetype2-devel-32bit-9-201010062114\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "title": "SuSE9 Security Update : freetype2 (YOU Patch Number 12656)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified"], "edition": 12, "lastseen": "2020-03-18T02:53:06"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:suse:suse_linux"], "cvelist": ["CVE-2010-3053", "CVE-2010-3311", "CVE-2010-3054"], "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss3": {}, "description": "When loading specially crafted font files applications linked against\nfreetype2 could crash or potentially even execute arbitrary code\n(CVE-2010-3311, CVE-2010-3053, CVE-2010-3054). This has been fixed.", "edition": 14, "enchantments": {"dependencies": {"modified": "2020-05-01T02:37:33", "references": [{"idList": ["USN-1013-1"], "type": "ubuntu"}, {"idList": ["SUSE-SU-2012:0553-1"], "type": "suse"}, {"idList": ["OPENVAS:1361412562310880435", "OPENVAS:1361412562310870339", "OPENVAS:870339", "OPENVAS:1361412562310870330", "OPENVAS:870330", "OPENVAS:880433", "OPENVAS:880564", "OPENVAS:1361412562310122314", "OPENVAS:880435", "OPENVAS:1361412562310880433"], "type": "openvas"}, {"idList": ["SECURITYVULNS:VULN:11001", "SECURITYVULNS:DOC:25153", "SECURITYVULNS:DOC:24855"], "type": "securityvulns"}, {"idList": ["RHSA-2010:0864", "RHSA-2010:0736", "RHSA-2010:0737"], "type": "redhat"}, {"idList": ["ELSA-2010-0737", "ELSA-2010-0736", "ELSA-2010-0889"], "type": "oraclelinux"}, {"idList": ["GLSA-201201-09"], "type": "gentoo"}, {"idList": ["CESA-2010:0737", "CESA-2010:0736"], "type": "centos"}, {"idList": ["DEBIAN:DSA-2116-1:79D65", "DEBIAN:DSA-2105-1:33FFA"], "type": "debian"}, {"idList": ["CVE-2010-3053", "CVE-2010-3311", "CVE-2010-3054"], "type": "cve"}, {"idList": ["SUSE_11_2_FREETYPE2-101013.NASL", "SUSE_11_1_FREETYPE2-101013.NASL", "CENTOS_RHSA-2010-0737.NASL", "REDHAT-RHSA-2010-0737.NASL", "SUSE_FREETYPE2-7168.NASL", "REDHAT-RHSA-2010-0736.NASL", "ORACLELINUX_ELSA-2010-0736.NASL", "SUSE_11_FREETYPE2-100927.NASL", "SUSE_11_3_FREETYPE2-101013.NASL", "CENTOS_RHSA-2010-0736.NASL"], "type": "nessus"}], "rev": 2}, "score": {"modified": "2020-05-01T02:37:33", "rev": 2, "value": 8.3, "vector": "NONE"}}, "hash": "e06d7e958086deb62c20db383913fc8b83c513f3f72413e3a0969cc3af9b2998", "hashmap": [{"hash": "50f0bde0ec7e4b35bc17db0cac14fd99", "key": "href"}, {"hash": "5089ec9f9848668bbb6f5a90395a6753", "key": "references"}, {"hash": "ca9660d9a885d3bf3cdca5c518e51864", "key": "reporter"}, {"hash": "e4757e4aab0a377bb88b128421c866e9", "key": "modified"}, {"hash": "ba6ad3b38f39b2c1b193e55e01b2e92d", "key": "published"}, {"hash": "985046f79a84f4c3f0645f43fdfd1dde", "key": "pluginID"}, {"hash": "d726e774add6189e33cf2ea0c61a2ba5", "key": "cvss"}, {"hash": "3ba7943c52e549aa2256a208d2308d00", "key": "cvelist"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "3138d89b276fab4c175caf5f2b1e5bfc", "key": "cpe"}, {"hash": "fd2417d37fdccae7496ebe397ccf0ac2", "key": "description"}, {"hash": "7b7d6ad1b7fa938cdb344b580af03498", "key": "title"}, {"hash": "df9c2c40946c8601185967abe3d68eed", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/nessus/49823", "id": "SUSE9_12656.NASL", "lastseen": "2020-05-01T02:37:33", "modified": "2020-05-02T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "49823", "published": "2010-10-11T00:00:00", "references": ["http://support.novell.com/security/cve/CVE-2010-3311.html", "http://support.novell.com/security/cve/CVE-2010-3053.html", "http://support.novell.com/security/cve/CVE-2010-3054.html"], "reporter": "This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(49823);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/10/25 13:36:37\");\n\n script_cve_id(\"CVE-2010-3053\", \"CVE-2010-3054\", \"CVE-2010-3311\");\n\n script_name(english:\"SuSE9 Security Update : freetype2 (YOU Patch Number 12656)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"When loading specially crafted font files applications linked against\nfreetype2 could crash or potentially even execute arbitrary code\n(CVE-2010-3311, CVE-2010-3053, CVE-2010-3054). This has been fixed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3053.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3054.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3311.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12656.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"freetype2-2.1.7-53.25\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"freetype2-devel-2.1.7-53.25\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"freetype2-32bit-9-201010062114\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"freetype2-devel-32bit-9-201010062114\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "title": "SuSE9 Security Update : freetype2 (YOU Patch Number 12656)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified"], "edition": 14, "lastseen": "2020-05-01T02:37:33"}], "edition": 15, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "3138d89b276fab4c175caf5f2b1e5bfc"}, {"key": "cvelist", "hash": "3ba7943c52e549aa2256a208d2308d00"}, {"key": "cvss", "hash": "d726e774add6189e33cf2ea0c61a2ba5"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "fd2417d37fdccae7496ebe397ccf0ac2"}, {"key": "href", "hash": "50f0bde0ec7e4b35bc17db0cac14fd99"}, {"key": "modified", "hash": "e9aa050b267927c86b4be5213ddafcaa"}, {"key": "naslFamily", "hash": "71a40666da62ba38d22539c8277870c7"}, {"key": "pluginID", "hash": "985046f79a84f4c3f0645f43fdfd1dde"}, {"key": "published", "hash": "ba6ad3b38f39b2c1b193e55e01b2e92d"}, {"key": "references", "hash": "5089ec9f9848668bbb6f5a90395a6753"}, {"key": "reporter", "hash": "ca9660d9a885d3bf3cdca5c518e51864"}, {"key": "sourceData", "hash": "df9c2c40946c8601185967abe3d68eed"}, {"key": "title", "hash": "7b7d6ad1b7fa938cdb344b580af03498"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "8ad426b2f01181230efdfdafca30aff61189aae50dcf7fb039327b33d7e0bb56", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2010-3311", "CVE-2010-3053", "CVE-2010-3054"]}, {"type": "nessus", "idList": ["SUSE_11_2_FREETYPE2-101013.NASL", "REDHAT-RHSA-2010-0736.NASL", "SUSE_11_FREETYPE2-100927.NASL", "REDHAT-RHSA-2010-0737.NASL", "CENTOS_RHSA-2010-0736.NASL", "SUSE_11_1_FREETYPE2-101013.NASL", "SUSE_FREETYPE2-7168.NASL", "SL_20101004_FREETYPE_ON_SL3_X.NASL", "ORACLELINUX_ELSA-2010-0736.NASL", "SUSE_11_3_FREETYPE2-101013.NASL"]}, {"type": "redhat", "idList": ["RHSA-2010:0864", "RHSA-2010:0737", "RHSA-2010:0736"]}, {"type": "centos", "idList": ["CESA-2010:0736", "CESA-2010:0737"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310122314", "OPENVAS:880433", "OPENVAS:1361412562310880435", "OPENVAS:1361412562310880564", "OPENVAS:870330", "OPENVAS:1361412562310870330", "OPENVAS:880435", "OPENVAS:1361412562310880433", "OPENVAS:1361412562310870339", "OPENVAS:880564"]}, {"type": "oraclelinux", "idList": ["ELSA-2010-0736", "ELSA-2010-0737", "ELSA-2010-0889"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2116-1:79D65", "DEBIAN:DSA-2105-1:33FFA"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:24855", "SECURITYVULNS:VULN:11001", "SECURITYVULNS:DOC:25153"]}, {"type": "ubuntu", "idList": ["USN-1013-1"]}, {"type": "gentoo", "idList": ["GLSA-201201-09"]}, {"type": "suse", "idList": ["SUSE-SU-2012:0553-1"]}], "modified": "2020-06-01T04:20:30", "rev": 2}, "score": {"value": 8.3, "vector": "NONE", "modified": "2020-06-01T04:20:30", "rev": 2}, "vulnersScore": 8.3}, "objectVersion": "1.3", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(49823);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/10/25 13:36:37\");\n\n script_cve_id(\"CVE-2010-3053\", \"CVE-2010-3054\", \"CVE-2010-3311\");\n\n script_name(english:\"SuSE9 Security Update : freetype2 (YOU Patch Number 12656)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"When loading specially crafted font files applications linked against\nfreetype2 could crash or potentially even execute arbitrary code\n(CVE-2010-3311, CVE-2010-3053, CVE-2010-3054). This has been fixed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3053.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3054.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3311.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12656.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"freetype2-2.1.7-53.25\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"freetype2-devel-2.1.7-53.25\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"freetype2-32bit-9-201010062114\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"freetype2-devel-32bit-9-201010062114\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "naslFamily": "SuSE Local Security Checks", "pluginID": "49823", "cpe": ["cpe:/o:suse:suse_linux"], "scheme": null}

{"cve": [{"lastseen": "2019-05-29T18:10:30", "bulletinFamily": "NVD", "description": "Integer overflow in base/ftstream.c in libXft (aka the X FreeType library) in FreeType before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Compact Font Format (CFF) font file that triggers a heap-based buffer overflow, related to an \"input stream position error\" issue, a different vulnerability than CVE-2010-1797.", "modified": "2012-12-19T04:30:00", "id": "CVE-2010-3311", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3311", "published": "2011-01-07T23:00:00", "title": "CVE-2010-3311", "type": "cve", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:10:29", "bulletinFamily": "NVD", "description": "bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) via a crafted BDF font file, related to an attempted modification of a value in a static string.", "modified": "2012-12-19T04:30:00", "id": "CVE-2010-3053", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3053", "published": "2010-08-19T18:00:00", "title": "CVE-2010-3053", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:10:29", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in FreeType 2.3.9, and other versions before 2.4.2, allows remote attackers to cause a denial of service via vectors involving nested Standard Encoding Accented Character (aka seac) calls, related to psaux.h, cffgload.c, cffgload.h, and t1decode.c.", "modified": "2012-12-19T04:30:00", "id": "CVE-2010-3054", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3054", "published": "2010-08-19T18:00:00", "title": "CVE-2010-3054", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2020-06-01T04:21:18", "bulletinFamily": "scanner", "description": "When loading specially crafted font files applications linked against\nfreetype2 could crash or potentially even execute arbitrary code\n(CVE-2010-3311 / CVE-2010-3053 / CVE-2010-3054). This has been fixed.", "modified": "2020-06-02T00:00:00", "id": "SUSE_11_FREETYPE2-100927.NASL", "href": "https://www.tenable.com/plugins/nessus/50906", "published": "2010-12-02T00:00:00", "title": "SuSE 11 / 11.1 Security Update : freetype2 (SAT Patch Numbers 3202 / 3203)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(50906);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/10/25 13:36:39\");\n\n script_cve_id(\"CVE-2010-3053\", \"CVE-2010-3054\", \"CVE-2010-3311\");\n\n script_name(english:\"SuSE 11 / 11.1 Security Update : freetype2 (SAT Patch Numbers 3202 / 3203)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"When loading specially crafted font files applications linked against\nfreetype2 could crash or potentially even execute arbitrary code\n(CVE-2010-3311 / CVE-2010-3053 / CVE-2010-3054). This has been fixed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=633938\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=633943\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=641580\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3053.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3054.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3311.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Apply SAT patch number 3202 / 3203 as appropriate.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:freetype2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:freetype2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:freetype2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/12/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"freetype2-2.3.7-25.17.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"freetype2-devel-2.3.7-25.17.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"freetype2-2.3.7-25.17.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"freetype2-32bit-2.3.7-25.17.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"freetype2-devel-2.3.7-25.17.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"freetype2-2.3.7-25.17.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"freetype2-devel-2.3.7-25.17.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"freetype2-2.3.7-25.17.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"freetype2-32bit-2.3.7-25.17.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"freetype2-devel-2.3.7-25.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"freetype2-2.3.7-25.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"freetype2-32bit-2.3.7-25.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"freetype2-32bit-2.3.7-25.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"freetype2-2.3.7-25.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"freetype2-32bit-2.3.7-25.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"freetype2-32bit-2.3.7-25.17.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-01T04:20:50", "bulletinFamily": "scanner", "description": "When loading specially crafted font files applications linked against\nfreetype2 could crash or potentially even execute arbitrary code\n(CVE-2010-3311, CVE-2010-3053, CVE-2010-3054).", "modified": "2020-06-02T00:00:00", "id": "SUSE_11_2_FREETYPE2-101013.NASL", "href": "https://www.tenable.com/plugins/nessus/49994", "published": "2010-10-15T00:00:00", "title": "openSUSE Security Update : freetype2 (openSUSE-SU-2010:0726-1)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update freetype2-3322.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(49994);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/10/25 13:36:38\");\n\n script_cve_id(\"CVE-2010-3053\", \"CVE-2010-3054\", \"CVE-2010-3311\");\n\n script_name(english:\"openSUSE Security Update : freetype2 (openSUSE-SU-2010:0726-1)\");\n script_summary(english:\"Check for the freetype2-3322 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"When loading specially crafted font files applications linked against\nfreetype2 could crash or potentially even execute arbitrary code\n(CVE-2010-3311, CVE-2010-3053, CVE-2010-3054).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=633938\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=633943\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=641580\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-10/msg00015.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freetype2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freetype2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freetype2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freetype2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freetype2-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"freetype2-2.3.9-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"freetype2-devel-2.3.9-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", cpu:\"x86_64\", reference:\"freetype2-32bit-2.3.9-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", cpu:\"x86_64\", reference:\"freetype2-devel-32bit-2.3.9-2.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype2 / freetype2-32bit / freetype2-devel / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-01T04:46:30", "bulletinFamily": "scanner", "description": "When loading specially crafted font files applications linked against\nfreetype2 could crash or potentially even execute arbitrary code\n(CVE-2010-3311 / CVE-2010-3053 / CVE-2010-3054). This has been fixed.", "modified": "2020-06-02T00:00:00", "id": "SUSE_FREETYPE2-7168.NASL", "href": "https://www.tenable.com/plugins/nessus/49855", "published": "2010-10-11T00:00:00", "title": "SuSE 10 Security Update : freetype2 (ZYPP Patch Number 7168)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(49855);\n script_version (\"1.8\");\n script_cvs_date(\"Date: 2019/10/25 13:36:40\");\n\n script_cve_id(\"CVE-2010-3053\", \"CVE-2010-3054\", \"CVE-2010-3311\");\n\n script_name(english:\"SuSE 10 Security Update : freetype2 (ZYPP Patch Number 7168)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"When loading specially crafted font files applications linked against\nfreetype2 could crash or potentially even execute arbitrary code\n(CVE-2010-3311 / CVE-2010-3053 / CVE-2010-3054). This has been fixed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3053.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3054.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3311.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7168.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"freetype2-2.1.10-18.23.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"freetype2-devel-2.1.10-18.23.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"x86_64\", reference:\"freetype2-32bit-2.1.10-18.23.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"x86_64\", reference:\"freetype2-devel-32bit-2.1.10-18.23.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"freetype2-2.1.10-18.23.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"freetype2-devel-2.1.10-18.23.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"freetype2-32bit-2.1.10-18.23.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"freetype2-devel-32bit-2.1.10-18.23.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-01T04:20:56", "bulletinFamily": "scanner", "description": "When loading specially crafted font files applications linked against\nfreetype2 could crash or potentially even execute arbitrary code\n(CVE-2010-3311, CVE-2010-3053, CVE-2010-3054).", "modified": "2020-06-02T00:00:00", "id": "SUSE_11_3_FREETYPE2-101013.NASL", "href": "https://www.tenable.com/plugins/nessus/75504", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : freetype2 (openSUSE-SU-2010:0726-1)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update freetype2-3322.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75504);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/10/25 13:36:39\");\n\n script_cve_id(\"CVE-2010-3053\", \"CVE-2010-3054\", \"CVE-2010-3311\");\n\n script_name(english:\"openSUSE Security Update : freetype2 (openSUSE-SU-2010:0726-1)\");\n script_summary(english:\"Check for the freetype2-3322 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"When loading specially crafted font files applications linked against\nfreetype2 could crash or potentially even execute arbitrary code\n(CVE-2010-3311, CVE-2010-3053, CVE-2010-3054).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=633938\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=633943\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=641580\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-10/msg00015.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freetype2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freetype2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freetype2-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreetype6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreetype6-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"freetype2-devel-2.3.12-7.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libfreetype6-2.3.12-7.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"freetype2-devel-32bit-2.3.12-7.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"libfreetype6-32bit-2.3.12-7.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype2-devel / freetype2-devel-32bit / libfreetype6 / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-01T04:20:42", "bulletinFamily": "scanner", "description": "When loading specially crafted font files applications linked against\nfreetype2 could crash or potentially even execute arbitrary code\n(CVE-2010-3311, CVE-2010-3053, CVE-2010-3054).", "modified": "2020-06-02T00:00:00", "id": "SUSE_11_1_FREETYPE2-101013.NASL", "href": "https://www.tenable.com/plugins/nessus/49993", "published": "2010-10-15T00:00:00", "title": "openSUSE Security Update : freetype2 (openSUSE-SU-2010:0726-1)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update freetype2-3322.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(49993);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/10/25 13:36:37\");\n\n script_cve_id(\"CVE-2010-3053\", \"CVE-2010-3054\", \"CVE-2010-3311\");\n\n script_name(english:\"openSUSE Security Update : freetype2 (openSUSE-SU-2010:0726-1)\");\n script_summary(english:\"Check for the freetype2-3322 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"When loading specially crafted font files applications linked against\nfreetype2 could crash or potentially even execute arbitrary code\n(CVE-2010-3311, CVE-2010-3053, CVE-2010-3054).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=633938\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=633943\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=641580\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-10/msg00015.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freetype2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freetype2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freetype2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freetype2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freetype2-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"freetype2-2.3.7-24.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"freetype2-devel-2.3.7-24.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"freetype2-32bit-2.3.7-24.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"freetype2-devel-32bit-2.3.7-24.5.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype2 / freetype2-32bit / freetype2-devel / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-01T01:03:01", "bulletinFamily": "scanner", "description": "Updated freetype packages that fix three security issues are now\navailable for Red Hat Enterprise Linux 3.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open\nand manage font files. It also loads, hints, and renders individual\nglyphs efficiently. The freetype packages for Red Hat Enterprise Linux\n3 provide both the FreeType 1 and FreeType 2 font engines.\n\nIt was discovered that the FreeType font rendering engine improperly\nvalidated certain position values when processing input streams. If a\nuser loaded a specially crafted font file with an application linked\nagainst FreeType, and the relevant font glyphs were subsequently\nrendered with the X FreeType library (libXft), it could trigger a\nheap-based buffer overflow in the libXft library, causing the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-3311)\n\nAn array index error was found in the way the FreeType font rendering\nengine processed certain PostScript Type 42 font files. If a user\nloaded a specially crafted font file with an application linked\nagainst FreeType, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2806)\n\nA stack overflow flaw was found in the way the FreeType font rendering\nengine processed PostScript Type 1 font files that contain nested\nStandard Encoding Accented Character (seac) calls. If a user loaded a\nspecially crafted font file with an application linked against\nFreeType, it could cause the application to crash. (CVE-2010-3054)\n\nNote: All of the issues in this erratum only affect the FreeType 2\nfont engine.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be\nrestarted (log out, then log back in) for this update to take effect.", "modified": "2020-06-02T00:00:00", "id": "CENTOS_RHSA-2010-0736.NASL", "href": "https://www.tenable.com/plugins/nessus/49715", "published": "2010-10-06T00:00:00", "title": "CentOS 3 : freetype (CESA-2010:0736)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0736 and \n# CentOS Errata and Security Advisory 2010:0736 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(49715);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/10/25 13:36:05\");\n\n script_cve_id(\"CVE-2010-2806\", \"CVE-2010-3054\", \"CVE-2010-3311\");\n script_xref(name:\"RHSA\", value:\"2010:0736\");\n\n script_name(english:\"CentOS 3 : freetype (CESA-2010:0736)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated freetype packages that fix three security issues are now\navailable for Red Hat Enterprise Linux 3.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open\nand manage font files. It also loads, hints, and renders individual\nglyphs efficiently. The freetype packages for Red Hat Enterprise Linux\n3 provide both the FreeType 1 and FreeType 2 font engines.\n\nIt was discovered that the FreeType font rendering engine improperly\nvalidated certain position values when processing input streams. If a\nuser loaded a specially crafted font file with an application linked\nagainst FreeType, and the relevant font glyphs were subsequently\nrendered with the X FreeType library (libXft), it could trigger a\nheap-based buffer overflow in the libXft library, causing the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-3311)\n\nAn array index error was found in the way the FreeType font rendering\nengine processed certain PostScript Type 42 font files. If a user\nloaded a specially crafted font file with an application linked\nagainst FreeType, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2806)\n\nA stack overflow flaw was found in the way the FreeType font rendering\nengine processed PostScript Type 1 font files that contain nested\nStandard Encoding Accented Character (seac) calls. If a user loaded a\nspecially crafted font file with an application linked against\nFreeType, it could cause the application to crash. (CVE-2010-3054)\n\nNote: All of the issues in this erratum only affect the FreeType 2\nfont engine.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be\nrestarted (log out, then log back in) for this update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-October/017037.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1aeb6a9c\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-October/017038.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?156942a0\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freetype packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freetype-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freetype-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freetype-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 3.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"freetype-2.1.4-18.el3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"freetype-2.1.4-18.el3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"freetype-demos-2.1.4-18.el3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"freetype-demos-2.1.4-18.el3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"freetype-devel-2.1.4-18.el3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"freetype-devel-2.1.4-18.el3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"freetype-utils-2.1.4-18.el3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"freetype-utils-2.1.4-18.el3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype / freetype-demos / freetype-devel / freetype-utils\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-01T03:37:22", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2010:0736 :\n\nUpdated freetype packages that fix three security issues are now\navailable for Red Hat Enterprise Linux 3.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open\nand manage font files. It also loads, hints, and renders individual\nglyphs efficiently. The freetype packages for Red Hat Enterprise Linux\n3 provide both the FreeType 1 and FreeType 2 font engines.\n\nIt was discovered that the FreeType font rendering engine improperly\nvalidated certain position values when processing input streams. If a\nuser loaded a specially crafted font file with an application linked\nagainst FreeType, and the relevant font glyphs were subsequently\nrendered with the X FreeType library (libXft), it could trigger a\nheap-based buffer overflow in the libXft library, causing the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-3311)\n\nAn array index error was found in the way the FreeType font rendering\nengine processed certain PostScript Type 42 font files. If a user\nloaded a specially crafted font file with an application linked\nagainst FreeType, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2806)\n\nA stack overflow flaw was found in the way the FreeType font rendering\nengine processed PostScript Type 1 font files that contain nested\nStandard Encoding Accented Character (seac) calls. If a user loaded a\nspecially crafted font file with an application linked against\nFreeType, it could cause the application to crash. (CVE-2010-3054)\n\nNote: All of the issues in this erratum only affect the FreeType 2\nfont engine.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be\nrestarted (log out, then log back in) for this update to take effect.", "modified": "2020-06-02T00:00:00", "id": "ORACLELINUX_ELSA-2010-0736.NASL", "href": "https://www.tenable.com/plugins/nessus/68107", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 3 : freetype (ELSA-2010-0736)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2010:0736 and \n# Oracle Linux Security Advisory ELSA-2010-0736 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68107);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/10/25 13:36:08\");\n\n script_cve_id(\"CVE-2010-2806\", \"CVE-2010-3054\", \"CVE-2010-3311\");\n script_xref(name:\"RHSA\", value:\"2010:0736\");\n\n script_name(english:\"Oracle Linux 3 : freetype (ELSA-2010-0736)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2010:0736 :\n\nUpdated freetype packages that fix three security issues are now\navailable for Red Hat Enterprise Linux 3.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open\nand manage font files. It also loads, hints, and renders individual\nglyphs efficiently. The freetype packages for Red Hat Enterprise Linux\n3 provide both the FreeType 1 and FreeType 2 font engines.\n\nIt was discovered that the FreeType font rendering engine improperly\nvalidated certain position values when processing input streams. If a\nuser loaded a specially crafted font file with an application linked\nagainst FreeType, and the relevant font glyphs were subsequently\nrendered with the X FreeType library (libXft), it could trigger a\nheap-based buffer overflow in the libXft library, causing the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-3311)\n\nAn array index error was found in the way the FreeType font rendering\nengine processed certain PostScript Type 42 font files. If a user\nloaded a specially crafted font file with an application linked\nagainst FreeType, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2806)\n\nA stack overflow flaw was found in the way the FreeType font rendering\nengine processed PostScript Type 1 font files that contain nested\nStandard Encoding Accented Character (seac) calls. If a user loaded a\nspecially crafted font file with an application linked against\nFreeType, it could cause the application to crash. (CVE-2010-3054)\n\nNote: All of the issues in this erratum only affect the FreeType 2\nfont engine.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be\nrestarted (log out, then log back in) for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-October/001667.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freetype packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:freetype-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"freetype-2.1.4-18.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"freetype-2.1.4-18.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"freetype-devel-2.1.4-18.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"freetype-devel-2.1.4-18.el3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype / freetype-devel\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-01T03:48:03", "bulletinFamily": "scanner", "description": "Updated freetype packages that fix three security issues are now\navailable for Red Hat Enterprise Linux 3.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open\nand manage font files. It also loads, hints, and renders individual\nglyphs efficiently. The freetype packages for Red Hat Enterprise Linux\n3 provide both the FreeType 1 and FreeType 2 font engines.\n\nIt was discovered that the FreeType font rendering engine improperly\nvalidated certain position values when processing input streams. If a\nuser loaded a specially crafted font file with an application linked\nagainst FreeType, and the relevant font glyphs were subsequently\nrendered with the X FreeType library (libXft), it could trigger a\nheap-based buffer overflow in the libXft library, causing the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-3311)\n\nAn array index error was found in the way the FreeType font rendering\nengine processed certain PostScript Type 42 font files. If a user\nloaded a specially crafted font file with an application linked\nagainst FreeType, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2806)\n\nA stack overflow flaw was found in the way the FreeType font rendering\nengine processed PostScript Type 1 font files that contain nested\nStandard Encoding Accented Character (seac) calls. If a user loaded a\nspecially crafted font file with an application linked against\nFreeType, it could cause the application to crash. (CVE-2010-3054)\n\nNote: All of the issues in this erratum only affect the FreeType 2\nfont engine.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be\nrestarted (log out, then log back in) for this update to take effect.", "modified": "2020-06-02T00:00:00", "id": "REDHAT-RHSA-2010-0736.NASL", "href": "https://www.tenable.com/plugins/nessus/49748", "published": "2010-10-06T00:00:00", "title": "RHEL 3 : freetype (RHSA-2010:0736)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0736. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(49748);\n script_version (\"1.18\");\n script_cvs_date(\"Date: 2019/10/25 13:36:15\");\n\n script_cve_id(\"CVE-2010-2806\", \"CVE-2010-3054\", \"CVE-2010-3311\");\n script_xref(name:\"RHSA\", value:\"2010:0736\");\n\n script_name(english:\"RHEL 3 : freetype (RHSA-2010:0736)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated freetype packages that fix three security issues are now\navailable for Red Hat Enterprise Linux 3.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open\nand manage font files. It also loads, hints, and renders individual\nglyphs efficiently. The freetype packages for Red Hat Enterprise Linux\n3 provide both the FreeType 1 and FreeType 2 font engines.\n\nIt was discovered that the FreeType font rendering engine improperly\nvalidated certain position values when processing input streams. If a\nuser loaded a specially crafted font file with an application linked\nagainst FreeType, and the relevant font glyphs were subsequently\nrendered with the X FreeType library (libXft), it could trigger a\nheap-based buffer overflow in the libXft library, causing the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-3311)\n\nAn array index error was found in the way the FreeType font rendering\nengine processed certain PostScript Type 42 font files. If a user\nloaded a specially crafted font file with an application linked\nagainst FreeType, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2806)\n\nA stack overflow flaw was found in the way the FreeType font rendering\nengine processed PostScript Type 1 font files that contain nested\nStandard Encoding Accented Character (seac) calls. If a user loaded a\nspecially crafted font file with an application linked against\nFreeType, it could cause the application to crash. (CVE-2010-3054)\n\nNote: All of the issues in this erratum only affect the FreeType 2\nfont engine.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be\nrestarted (log out, then log back in) for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2806\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3054\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3311\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0736\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freetype and / or freetype-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0736\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"freetype-2.1.4-18.el3\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"freetype-devel-2.1.4-18.el3\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype / freetype-devel\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-01T04:13:28", "bulletinFamily": "scanner", "description": "It was discovered that the FreeType font rendering engine improperly\nvalidated certain position values when processing input streams. If a\nuser loaded a specially crafted font file with an application linked\nagainst FreeType, and the relevant font glyphs were subsequently\nrendered with the X FreeType library (libXft), it could trigger a\nheap-based buffer overflow in the libXft library, causing the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-3311)\n\nA stack-based buffer overflow flaw was found in the way the FreeType\nfont rendering engine processed some PostScript Type 1 fonts. If a\nuser loaded a specially crafted font file with an application linked\nagainst FreeType, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2808) (SLF4 and SLF5 only)\n\nAn array index error was found in the way the FreeType font rendering\nengine processed certain PostScript Type 42 font files. If a user\nloaded a specially crafted font file with an application linked\nagainst FreeType, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2806)\n\nA stack overflow flaw was found in the way the FreeType font rendering\nengine processed PostScript Type 1 font files that contain nested\nStandard Encoding Accented Character (seac) calls. If a user loaded a\nspecially crafted font file with an application linked against\nFreeType, it could cause the application to crash. (CVE-2010-3054)\n\nNote: All of the issues in this erratum only affect the FreeType 2\nfont engine.\n\nThe X server must be restarted (log out, then log back in) for this\nupdate to take effect.", "modified": "2020-06-02T00:00:00", "id": "SL_20101004_FREETYPE_ON_SL3_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60861", "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : freetype on SL3.x, SL4.x, SL5.x i386/x86_64", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60861);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/10/25 13:36:19\");\n\n script_cve_id(\"CVE-2010-2806\", \"CVE-2010-2808\", \"CVE-2010-3054\", \"CVE-2010-3311\");\n\n script_name(english:\"Scientific Linux Security Update : freetype on SL3.x, SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the FreeType font rendering engine improperly\nvalidated certain position values when processing input streams. If a\nuser loaded a specially crafted font file with an application linked\nagainst FreeType, and the relevant font glyphs were subsequently\nrendered with the X FreeType library (libXft), it could trigger a\nheap-based buffer overflow in the libXft library, causing the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-3311)\n\nA stack-based buffer overflow flaw was found in the way the FreeType\nfont rendering engine processed some PostScript Type 1 fonts. If a\nuser loaded a specially crafted font file with an application linked\nagainst FreeType, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2808) (SLF4 and SLF5 only)\n\nAn array index error was found in the way the FreeType font rendering\nengine processed certain PostScript Type 42 font files. If a user\nloaded a specially crafted font file with an application linked\nagainst FreeType, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2806)\n\nA stack overflow flaw was found in the way the FreeType font rendering\nengine processed PostScript Type 1 font files that contain nested\nStandard Encoding Accented Character (seac) calls. If a user loaded a\nspecially crafted font file with an application linked against\nFreeType, it could cause the application to crash. (CVE-2010-3054)\n\nNote: All of the issues in this erratum only affect the FreeType 2\nfont engine.\n\nThe X server must be restarted (log out, then log back in) for this\nupdate to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1010&L=scientific-linux-errata&T=0&P=78\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dff9571a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL3\", reference:\"freetype-2.1.4-18.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"freetype-demos-2.1.4-18.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"freetype-devel-2.1.4-18.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"freetype-utils-2.1.4-18.el3\")) flag++;\n\nif (rpm_check(release:\"SL4\", reference:\"freetype-2.1.9-17.el4.8\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"freetype-demos-2.1.9-17.el4.8\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"freetype-devel-2.1.9-17.el4.8\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"freetype-utils-2.1.9-17.el4.8\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"freetype-2.2.1-28.el5_5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"freetype-demos-2.2.1-28.el5_5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"freetype-devel-2.2.1-28.el5_5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-01T03:37:22", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2010:0737 :\n\nUpdated freetype packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open\nand manage font files. It also loads, hints, and renders individual\nglyphs efficiently. The freetype packages for Red Hat Enterprise Linux\n4 provide both the FreeType 1 and FreeType 2 font engines. The\nfreetype packages for Red Hat Enterprise Linux 5 provide only the\nFreeType 2 font engine.\n\nIt was discovered that the FreeType font rendering engine improperly\nvalidated certain position values when processing input streams. If a\nuser loaded a specially crafted font file with an application linked\nagainst FreeType, and the relevant font glyphs were subsequently\nrendered with the X FreeType library (libXft), it could trigger a\nheap-based buffer overflow in the libXft library, causing the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-3311)\n\nA stack-based buffer overflow flaw was found in the way the FreeType\nfont rendering engine processed some PostScript Type 1 fonts. If a\nuser loaded a specially crafted font file with an application linked\nagainst FreeType, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2808)\n\nAn array index error was found in the way the FreeType font rendering\nengine processed certain PostScript Type 42 font files. If a user\nloaded a specially crafted font file with an application linked\nagainst FreeType, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2806)\n\nA stack overflow flaw was found in the way the FreeType font rendering\nengine processed PostScript Type 1 font files that contain nested\nStandard Encoding Accented Character (seac) calls. If a user loaded a\nspecially crafted font file with an application linked against\nFreeType, it could cause the application to crash. (CVE-2010-3054)\n\nNote: All of the issues in this erratum only affect the FreeType 2\nfont engine.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be\nrestarted (log out, then log back in) for this update to take effect.", "modified": "2020-06-02T00:00:00", "id": "ORACLELINUX_ELSA-2010-0737.NASL", "href": "https://www.tenable.com/plugins/nessus/68108", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 4 / 5 : freetype (ELSA-2010-0737)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2010:0737 and \n# Oracle Linux Security Advisory ELSA-2010-0737 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68108);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/10/25 13:36:08\");\n\n script_cve_id(\"CVE-2010-2806\", \"CVE-2010-2808\", \"CVE-2010-3054\", \"CVE-2010-3311\");\n script_xref(name:\"RHSA\", value:\"2010:0737\");\n\n script_name(english:\"Oracle Linux 4 / 5 : freetype (ELSA-2010-0737)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2010:0737 :\n\nUpdated freetype packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open\nand manage font files. It also loads, hints, and renders individual\nglyphs efficiently. The freetype packages for Red Hat Enterprise Linux\n4 provide both the FreeType 1 and FreeType 2 font engines. The\nfreetype packages for Red Hat Enterprise Linux 5 provide only the\nFreeType 2 font engine.\n\nIt was discovered that the FreeType font rendering engine improperly\nvalidated certain position values when processing input streams. If a\nuser loaded a specially crafted font file with an application linked\nagainst FreeType, and the relevant font glyphs were subsequently\nrendered with the X FreeType library (libXft), it could trigger a\nheap-based buffer overflow in the libXft library, causing the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-3311)\n\nA stack-based buffer overflow flaw was found in the way the FreeType\nfont rendering engine processed some PostScript Type 1 fonts. If a\nuser loaded a specially crafted font file with an application linked\nagainst FreeType, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2808)\n\nAn array index error was found in the way the FreeType font rendering\nengine processed certain PostScript Type 42 font files. If a user\nloaded a specially crafted font file with an application linked\nagainst FreeType, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2806)\n\nA stack overflow flaw was found in the way the FreeType font rendering\nengine processed PostScript Type 1 font files that contain nested\nStandard Encoding Accented Character (seac) calls. If a user loaded a\nspecially crafted font file with an application linked against\nFreeType, it could cause the application to crash. (CVE-2010-3054)\n\nNote: All of the issues in this erratum only affect the FreeType 2\nfont engine.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be\nrestarted (log out, then log back in) for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-October/001668.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-October/001669.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freetype packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:freetype-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:freetype-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:freetype-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4 / 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"freetype-2.1.9-17.el4.8\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"freetype-demos-2.1.9-17.el4.8\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"freetype-devel-2.1.9-17.el4.8\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"freetype-utils-2.1.9-17.el4.8\")) flag++;\n\nif (rpm_check(release:\"EL5\", reference:\"freetype-2.2.1-28.el5_5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"freetype-demos-2.2.1-28.el5_5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"freetype-devel-2.2.1-28.el5_5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype / freetype-demos / freetype-devel / freetype-utils\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:46:27", "bulletinFamily": "unix", "description": "FreeType is a free, high-quality, portable font engine that can open and\nmanage font files. It also loads, hints, and renders individual glyphs\nefficiently. The freetype packages for Red Hat Enterprise Linux 3 provide\nboth the FreeType 1 and FreeType 2 font engines.\n\nIt was discovered that the FreeType font rendering engine improperly\nvalidated certain position values when processing input streams. If a user\nloaded a specially-crafted font file with an application linked against\nFreeType, and the relevant font glyphs were subsequently rendered with the\nX FreeType library (libXft), it could trigger a heap-based buffer overflow\nin the libXft library, causing the application to crash or, possibly,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2010-3311)\n\nAn array index error was found in the way the FreeType font rendering\nengine processed certain PostScript Type 42 font files. If a user loaded a\nspecially-crafted font file with an application linked against FreeType, it\ncould cause the application to crash or, possibly, execute arbitrary code\nwith the privileges of the user running the application. (CVE-2010-2806)\n\nA stack overflow flaw was found in the way the FreeType font rendering\nengine processed PostScript Type 1 font files that contain nested Standard\nEncoding Accented Character (seac) calls. If a user loaded a\nspecially-crafted font file with an application linked against FreeType, it\ncould cause the application to crash. (CVE-2010-3054)\n\nNote: All of the issues in this erratum only affect the FreeType 2 font\nengine.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be restarted\n(log out, then log back in) for this update to take effect.\n", "modified": "2018-05-26T04:26:17", "published": "2010-10-04T04:00:00", "id": "RHSA-2010:0736", "href": "https://access.redhat.com/errata/RHSA-2010:0736", "type": "redhat", "title": "(RHSA-2010:0736) Important: freetype security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:28", "bulletinFamily": "unix", "description": "FreeType is a free, high-quality, portable font engine that can open and\nmanage font files. It also loads, hints, and renders individual glyphs\nefficiently. The freetype packages for Red Hat Enterprise Linux 4 provide\nboth the FreeType 1 and FreeType 2 font engines. The freetype packages for\nRed Hat Enterprise Linux 5 provide only the FreeType 2 font engine.\n\nIt was discovered that the FreeType font rendering engine improperly\nvalidated certain position values when processing input streams. If a user\nloaded a specially-crafted font file with an application linked against\nFreeType, and the relevant font glyphs were subsequently rendered with the\nX FreeType library (libXft), it could trigger a heap-based buffer overflow\nin the libXft library, causing the application to crash or, possibly,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2010-3311)\n\nA stack-based buffer overflow flaw was found in the way the FreeType font\nrendering engine processed some PostScript Type 1 fonts. If a user loaded a\nspecially-crafted font file with an application linked against FreeType, it\ncould cause the application to crash or, possibly, execute arbitrary code\nwith the privileges of the user running the application. (CVE-2010-2808)\n\nAn array index error was found in the way the FreeType font rendering\nengine processed certain PostScript Type 42 font files. If a user loaded a\nspecially-crafted font file with an application linked against FreeType, it\ncould cause the application to crash or, possibly, execute arbitrary code\nwith the privileges of the user running the application. (CVE-2010-2806)\n\nA stack overflow flaw was found in the way the FreeType font rendering\nengine processed PostScript Type 1 font files that contain nested Standard\nEncoding Accented Character (seac) calls. If a user loaded a\nspecially-crafted font file with an application linked against FreeType, it\ncould cause the application to crash. (CVE-2010-3054)\n\nNote: All of the issues in this erratum only affect the FreeType 2 font\nengine.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be restarted\n(log out, then log back in) for this update to take effect.\n", "modified": "2017-09-08T12:13:46", "published": "2010-10-04T04:00:00", "id": "RHSA-2010:0737", "href": "https://access.redhat.com/errata/RHSA-2010:0737", "type": "redhat", "title": "(RHSA-2010:0737) Important: freetype security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:25", "bulletinFamily": "unix", "description": "FreeType is a free, high-quality, portable font engine that can open and\nmanage font files. It also loads, hints, and renders individual glyphs\nefficiently. These packages provide the FreeType 2 font engine.\n\nIt was found that the FreeType font rendering engine improperly validated\ncertain position values when processing input streams. If a user loaded a\nspecially-crafted font file with an application linked against FreeType, it\ncould cause the application to crash or, possibly, execute arbitrary code\nwith the privileges of the user running the application. (CVE-2010-2805,\nCVE-2010-3311)\n\nA stack-based buffer overflow flaw was found in the way the FreeType font\nrendering engine processed some PostScript Type 1 fonts. If a user loaded a\nspecially-crafted font file with an application linked against FreeType, it\ncould cause the application to crash or, possibly, execute arbitrary code\nwith the privileges of the user running the application. (CVE-2010-2808)\n\nAn array index error was found in the way the FreeType font rendering\nengine processed certain PostScript Type 42 font files. If a user loaded a\nspecially-crafted font file with an application linked against FreeType, it\ncould cause the application to crash or, possibly, execute arbitrary code\nwith the privileges of the user running the application. (CVE-2010-2806)\n\nNote: All of the issues in this erratum only affect the FreeType 2 font\nengine.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be restarted\n(log out, then log back in) for this update to take effect.\n", "modified": "2018-06-06T20:24:29", "published": "2010-11-10T05:00:00", "id": "RHSA-2010:0864", "href": "https://access.redhat.com/errata/RHSA-2010:0864", "type": "redhat", "title": "(RHSA-2010:0864) Important: freetype security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-12-20T18:27:41", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2010:0736\n\n\nFreeType is a free, high-quality, portable font engine that can open and\nmanage font files. It also loads, hints, and renders individual glyphs\nefficiently. The freetype packages for Red Hat Enterprise Linux 3 provide\nboth the FreeType 1 and FreeType 2 font engines.\n\nIt was discovered that the FreeType font rendering engine improperly\nvalidated certain position values when processing input streams. If a user\nloaded a specially-crafted font file with an application linked against\nFreeType, and the relevant font glyphs were subsequently rendered with the\nX FreeType library (libXft), it could trigger a heap-based buffer overflow\nin the libXft library, causing the application to crash or, possibly,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2010-3311)\n\nAn array index error was found in the way the FreeType font rendering\nengine processed certain PostScript Type 42 font files. If a user loaded a\nspecially-crafted font file with an application linked against FreeType, it\ncould cause the application to crash or, possibly, execute arbitrary code\nwith the privileges of the user running the application. (CVE-2010-2806)\n\nA stack overflow flaw was found in the way the FreeType font rendering\nengine processed PostScript Type 1 font files that contain nested Standard\nEncoding Accented Character (seac) calls. If a user loaded a\nspecially-crafted font file with an application linked against FreeType, it\ncould cause the application to crash. (CVE-2010-3054)\n\nNote: All of the issues in this erratum only affect the FreeType 2 font\nengine.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be restarted\n(log out, then log back in) for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/029075.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/029076.html\n\n**Affected packages:**\nfreetype\nfreetype-demos\nfreetype-devel\nfreetype-utils\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0736.html", "modified": "2010-10-05T15:50:49", "published": "2010-10-05T15:49:55", "href": "http://lists.centos.org/pipermail/centos-announce/2010-October/029075.html", "id": "CESA-2010:0736", "title": "freetype security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:25:12", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2010:0737\n\n\nFreeType is a free, high-quality, portable font engine that can open and\nmanage font files. It also loads, hints, and renders individual glyphs\nefficiently. The freetype packages for Red Hat Enterprise Linux 4 provide\nboth the FreeType 1 and FreeType 2 font engines. The freetype packages for\nRed Hat Enterprise Linux 5 provide only the FreeType 2 font engine.\n\nIt was discovered that the FreeType font rendering engine improperly\nvalidated certain position values when processing input streams. If a user\nloaded a specially-crafted font file with an application linked against\nFreeType, and the relevant font glyphs were subsequently rendered with the\nX FreeType library (libXft), it could trigger a heap-based buffer overflow\nin the libXft library, causing the application to crash or, possibly,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2010-3311)\n\nA stack-based buffer overflow flaw was found in the way the FreeType font\nrendering engine processed some PostScript Type 1 fonts. If a user loaded a\nspecially-crafted font file with an application linked against FreeType, it\ncould cause the application to crash or, possibly, execute arbitrary code\nwith the privileges of the user running the application. (CVE-2010-2808)\n\nAn array index error was found in the way the FreeType font rendering\nengine processed certain PostScript Type 42 font files. If a user loaded a\nspecially-crafted font file with an application linked against FreeType, it\ncould cause the application to crash or, possibly, execute arbitrary code\nwith the privileges of the user running the application. (CVE-2010-2806)\n\nA stack overflow flaw was found in the way the FreeType font rendering\nengine processed PostScript Type 1 font files that contain nested Standard\nEncoding Accented Character (seac) calls. If a user loaded a\nspecially-crafted font file with an application linked against FreeType, it\ncould cause the application to crash. (CVE-2010-3054)\n\nNote: All of the issues in this erratum only affect the FreeType 2 font\nengine.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be restarted\n(log out, then log back in) for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/029071.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/029072.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/029077.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/029078.html\n\n**Affected packages:**\nfreetype\nfreetype-demos\nfreetype-devel\nfreetype-utils\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0737.html", "modified": "2010-10-05T15:53:10", "published": "2010-10-04T20:11:54", "href": "http://lists.centos.org/pipermail/centos-announce/2010-October/029071.html", "id": "CESA-2010:0737", "title": "freetype security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2017-12-21T11:32:23", "bulletinFamily": "scanner", "description": "Check for the Version of freetype", "modified": "2017-12-20T00:00:00", "published": "2010-10-19T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870330", "id": "OPENVAS:870330", "title": "RedHat Update for freetype RHSA-2010:0736-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for freetype RHSA-2010:0736-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"FreeType is a free, high-quality, portable font engine that can open and\n manage font files. It also loads, hints, and renders individual glyphs\n efficiently. The freetype packages for Red Hat Enterprise Linux 3 provide\n both the FreeType 1 and FreeType 2 font engines.\n\n It was discovered that the FreeType font rendering engine improperly\n validated certain position values when processing input streams. If a user\n loaded a specially-crafted font file with an application linked against\n FreeType, and the relevant font glyphs were subsequently rendered with the\n X FreeType library (libXft), it could trigger a heap-based buffer overflow\n in the libXft library, causing the application to crash or, possibly,\n execute arbitrary code with the privileges of the user running the\n application. (CVE-2010-3311)\n \n An array index error was found in the way the FreeType font rendering\n engine processed certain PostScript Type 42 font files. If a user loaded a\n specially-crafted font file with an application linked against FreeType, it\n could cause the application to crash or, possibly, execute arbitrary code\n with the privileges of the user running the application. (CVE-2010-2806)\n \n A stack overflow flaw was found in the way the FreeType font rendering\n engine processed PostScript Type 1 font files that contain nested Standard\n Encoding Accented Character (seac) calls. If a user loaded a\n specially-crafted font file with an application linked against FreeType, it\n could cause the application to crash. (CVE-2010-3054)\n \n Note: All of the issues in this erratum only affect the FreeType 2 font\n engine.\n \n Users are advised to upgrade to these updated packages, which contain\n backported patches to correct these issues. The X server must be restarted\n (log out, then log back in) for this update to take effect.\";\n\ntag_affected = \"freetype on Red Hat Enterprise Linux AS version 3,\n Red Hat Enterprise Linux ES version 3,\n Red Hat Enterprise Linux WS version 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2010-October/msg00000.html\");\n script_id(870330);\n script_version(\"$Revision: 8186 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-20 07:30:34 +0100 (Wed, 20 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-10-19 15:54:15 +0200 (Tue, 19 Oct 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2010:0736-01\");\n script_cve_id(\"CVE-2010-2806\", \"CVE-2010-3054\", \"CVE-2010-3311\");\n script_name(\"RedHat Update for freetype RHSA-2010:0736-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of freetype\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_3\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.1.4~18.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-debuginfo\", rpm:\"freetype-debuginfo~2.1.4~18.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.1.4~18.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-20T13:17:47", "bulletinFamily": "scanner", "description": "Check for the Version of freetype", "modified": "2017-12-19T00:00:00", "published": "2010-10-19T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=880435", "id": "OPENVAS:880435", "title": "CentOS Update for freetype CESA-2010:0736 centos3 i386", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for freetype CESA-2010:0736 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"FreeType is a free, high-quality, portable font engine that can open and\n manage font files. It also loads, hints, and renders individual glyphs\n efficiently. The freetype packages for Red Hat Enterprise Linux 3 provide\n both the FreeType 1 and FreeType 2 font engines.\n\n It was discovered that the FreeType font rendering engine improperly\n validated certain position values when processing input streams. If a user\n loaded a specially-crafted font file with an application linked against\n FreeType, and the relevant font glyphs were subsequently rendered with the\n X FreeType library (libXft), it could trigger a heap-based buffer overflow\n in the libXft library, causing the application to crash or, possibly,\n execute arbitrary code with the privileges of the user running the\n application. (CVE-2010-3311)\n \n An array index error was found in the way the FreeType font rendering\n engine processed certain PostScript Type 42 font files. If a user loaded a\n specially-crafted font file with an application linked against FreeType, it\n could cause the application to crash or, possibly, execute arbitrary code\n with the privileges of the user running the application. (CVE-2010-2806)\n \n A stack overflow flaw was found in the way the FreeType font rendering\n engine processed PostScript Type 1 font files that contain nested Standard\n Encoding Accented Character (seac) calls. If a user loaded a\n specially-crafted font file with an application linked against FreeType, it\n could cause the application to crash. (CVE-2010-3054)\n \n Note: All of the issues in this erratum only affect the FreeType 2 font\n engine.\n \n Users are advised to upgrade to these updated packages, which contain\n backported patches to correct these issues. The X server must be restarted\n (log out, then log back in) for this update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"freetype on CentOS 3\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2010-October/017037.html\");\n script_id(880435);\n script_version(\"$Revision: 8164 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-19 07:30:41 +0100 (Tue, 19 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-10-19 15:54:15 +0200 (Tue, 19 Oct 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2010:0736\");\n script_cve_id(\"CVE-2010-2806\", \"CVE-2010-3054\", \"CVE-2010-3311\");\n script_name(\"CentOS Update for freetype CESA-2010:0736 centos3 i386\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of freetype\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.1.4~18.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.1.4~18.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.1.4~18.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-utils\", rpm:\"freetype-utils~2.1.4~18.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-18T11:04:32", "bulletinFamily": "scanner", "description": "Check for the Version of freetype", "modified": "2018-01-17T00:00:00", "published": "2010-10-19T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870330", "id": "OPENVAS:1361412562310870330", "type": "openvas", "title": "RedHat Update for freetype RHSA-2010:0736-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for freetype RHSA-2010:0736-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"FreeType is a free, high-quality, portable font engine that can open and\n manage font files. It also loads, hints, and renders individual glyphs\n efficiently. The freetype packages for Red Hat Enterprise Linux 3 provide\n both the FreeType 1 and FreeType 2 font engines.\n\n It was discovered that the FreeType font rendering engine improperly\n validated certain position values when processing input streams. If a user\n loaded a specially-crafted font file with an application linked against\n FreeType, and the relevant font glyphs were subsequently rendered with the\n X FreeType library (libXft), it could trigger a heap-based buffer overflow\n in the libXft library, causing the application to crash or, possibly,\n execute arbitrary code with the privileges of the user running the\n application. (CVE-2010-3311)\n \n An array index error was found in the way the FreeType font rendering\n engine processed certain PostScript Type 42 font files. If a user loaded a\n specially-crafted font file with an application linked against FreeType, it\n could cause the application to crash or, possibly, execute arbitrary code\n with the privileges of the user running the application. (CVE-2010-2806)\n \n A stack overflow flaw was found in the way the FreeType font rendering\n engine processed PostScript Type 1 font files that contain nested Standard\n Encoding Accented Character (seac) calls. If a user loaded a\n specially-crafted font file with an application linked against FreeType, it\n could cause the application to crash. (CVE-2010-3054)\n \n Note: All of the issues in this erratum only affect the FreeType 2 font\n engine.\n \n Users are advised to upgrade to these updated packages, which contain\n backported patches to correct these issues. The X server must be restarted\n (log out, then log back in) for this update to take effect.\";\n\ntag_affected = \"freetype on Red Hat Enterprise Linux AS version 3,\n Red Hat Enterprise Linux ES version 3,\n Red Hat Enterprise Linux WS version 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2010-October/msg00000.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870330\");\n script_version(\"$Revision: 8447 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 17:12:19 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-10-19 15:54:15 +0200 (Tue, 19 Oct 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2010:0736-01\");\n script_cve_id(\"CVE-2010-2806\", \"CVE-2010-3054\", \"CVE-2010-3311\");\n script_name(\"RedHat Update for freetype RHSA-2010:0736-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of freetype\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_3\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.1.4~18.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-debuginfo\", rpm:\"freetype-debuginfo~2.1.4~18.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.1.4~18.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-17T11:05:18", "bulletinFamily": "scanner", "description": "Check for the Version of freetype", "modified": "2018-01-16T00:00:00", "published": "2010-10-19T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880435", "id": "OPENVAS:1361412562310880435", "type": "openvas", "title": "CentOS Update for freetype CESA-2010:0736 centos3 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for freetype CESA-2010:0736 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"FreeType is a free, high-quality, portable font engine that can open and\n manage font files. It also loads, hints, and renders individual glyphs\n efficiently. The freetype packages for Red Hat Enterprise Linux 3 provide\n both the FreeType 1 and FreeType 2 font engines.\n\n It was discovered that the FreeType font rendering engine improperly\n validated certain position values when processing input streams. If a user\n loaded a specially-crafted font file with an application linked against\n FreeType, and the relevant font glyphs were subsequently rendered with the\n X FreeType library (libXft), it could trigger a heap-based buffer overflow\n in the libXft library, causing the application to crash or, possibly,\n execute arbitrary code with the privileges of the user running the\n application. (CVE-2010-3311)\n \n An array index error was found in the way the FreeType font rendering\n engine processed certain PostScript Type 42 font files. If a user loaded a\n specially-crafted font file with an application linked against FreeType, it\n could cause the application to crash or, possibly, execute arbitrary code\n with the privileges of the user running the application. (CVE-2010-2806)\n \n A stack overflow flaw was found in the way the FreeType font rendering\n engine processed PostScript Type 1 font files that contain nested Standard\n Encoding Accented Character (seac) calls. If a user loaded a\n specially-crafted font file with an application linked against FreeType, it\n could cause the application to crash. (CVE-2010-3054)\n \n Note: All of the issues in this erratum only affect the FreeType 2 font\n engine.\n \n Users are advised to upgrade to these updated packages, which contain\n backported patches to correct these issues. The X server must be restarted\n (log out, then log back in) for this update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"freetype on CentOS 3\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2010-October/017037.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880435\");\n script_version(\"$Revision: 8438 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-16 18:38:23 +0100 (Tue, 16 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-10-19 15:54:15 +0200 (Tue, 19 Oct 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2010:0736\");\n script_cve_id(\"CVE-2010-2806\", \"CVE-2010-3054\", \"CVE-2010-3311\");\n script_name(\"CentOS Update for freetype CESA-2010:0736 centos3 i386\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of freetype\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.1.4~18.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.1.4~18.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.1.4~18.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-utils\", rpm:\"freetype-utils~2.1.4~18.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:15", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2010-0737", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310122314", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122314", "title": "Oracle Linux Local Check: ELSA-2010-0737", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2010-0737.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122314\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:16:37 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2010-0737\");\n script_tag(name:\"insight\", value:\"ELSA-2010-0737 - freetype security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2010-0737\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2010-0737.html\");\n script_cve_id(\"CVE-2010-2806\", \"CVE-2010-2808\", \"CVE-2010-3054\", \"CVE-2010-3311\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.2.1~28.el5_5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.2.1~28.el5_5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.2.1~28.el5_5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-20T13:17:53", "bulletinFamily": "scanner", "description": "Check for the Version of freetype", "modified": "2017-12-19T00:00:00", "published": "2010-10-19T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=880433", "id": "OPENVAS:880433", "title": "CentOS Update for freetype CESA-2010:0737 centos4 i386", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for freetype CESA-2010:0737 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"FreeType is a free, high-quality, portable font engine that can open and\n manage font files. It also loads, hints, and renders individual glyphs\n efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide\n both the FreeType 1 and FreeType 2 font engines. The freetype packages for\n Red Hat Enterprise Linux 5 provide only the FreeType 2 font engine.\n\n It was discovered that the FreeType font rendering engine improperly\n validated certain position values when processing input streams. If a user\n loaded a specially-crafted font file with an application linked against\n FreeType, and the relevant font glyphs were subsequently rendered with the\n X FreeType library (libXft), it could trigger a heap-based buffer overflow\n in the libXft library, causing the application to crash or, possibly,\n execute arbitrary code with the privileges of the user running the\n application. (CVE-2010-3311)\n \n A stack-based buffer overflow flaw was found in the way the FreeType font\n rendering engine processed some PostScript Type 1 fonts. If a user loaded a\n specially-crafted font file with an application linked against FreeType, it\n could cause the application to crash or, possibly, execute arbitrary code\n with the privileges of the user running the application. (CVE-2010-2808)\n \n An array index error was found in the way the FreeType font rendering\n engine processed certain PostScript Type 42 font files. If a user loaded a\n specially-crafted font file with an application linked against FreeType, it\n could cause the application to crash or, possibly, execute arbitrary code\n with the privileges of the user running the application. (CVE-2010-2806)\n \n A stack overflow flaw was found in the way the FreeType font rendering\n engine processed PostScript Type 1 font files that contain nested Standard\n Encoding Accented Character (seac) calls. If a user loaded a\n specially-crafted font file with an application linked against FreeType, it\n could cause the application to crash. (CVE-2010-3054)\n \n Note: All of the issues in this erratum only affect the FreeType 2 font\n engine.\n \n Users are advised to upgrade to these updated packages, which contain\n backported patches to correct these issues. The X server must be restarted\n (log out, then log back in) for this update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"freetype on CentOS 4\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2010-October/017039.html\");\n script_id(880433);\n script_version(\"$Revision: 8164 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-19 07:30:41 +0100 (Tue, 19 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-10-19 15:54:15 +0200 (Tue, 19 Oct 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2010:0737\");\n script_cve_id(\"CVE-2010-2806\", \"CVE-2010-2808\", \"CVE-2010-3054\", \"CVE-2010-3311\");\n script_name(\"CentOS Update for freetype CESA-2010:0737 centos4 i386\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of freetype\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.1.9~17.el4.8\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.1.9~17.el4.8\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.1.9~17.el4.8\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-utils\", rpm:\"freetype-utils~2.1.9~17.el4.8\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-19T15:04:58", "bulletinFamily": "scanner", "description": "Check for the Version of freetype", "modified": "2018-01-19T00:00:00", "published": "2010-10-19T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870339", "id": "OPENVAS:1361412562310870339", "type": "openvas", "title": "RedHat Update for freetype RHSA-2010:0737-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for freetype RHSA-2010:0737-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"FreeType is a free, high-quality, portable font engine that can open and\n manage font files. It also loads, hints, and renders individual glyphs\n efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide\n both the FreeType 1 and FreeType 2 font engines. The freetype packages for\n Red Hat Enterprise Linux 5 provide only the FreeType 2 font engine.\n\n It was discovered that the FreeType font rendering engine improperly\n validated certain position values when processing input streams. If a user\n loaded a specially-crafted font file with an application linked against\n FreeType, and the relevant font glyphs were subsequently rendered with the\n X FreeType library (libXft), it could trigger a heap-based buffer overflow\n in the libXft library, causing the application to crash or, possibly,\n execute arbitrary code with the privileges of the user running the\n application. (CVE-2010-3311)\n \n A stack-based buffer overflow flaw was found in the way the FreeType font\n rendering engine processed some PostScript Type 1 fonts. If a user loaded a\n specially-crafted font file with an application linked against FreeType, it\n could cause the application to crash or, possibly, execute arbitrary code\n with the privileges of the user running the application. (CVE-2010-2808)\n \n An array index error was found in the way the FreeType font rendering\n engine processed certain PostScript Type 42 font files. If a user loaded a\n specially-crafted font file with an application linked against FreeType, it\n could cause the application to crash or, possibly, execute arbitrary code\n with the privileges of the user running the application. (CVE-2010-2806)\n \n A stack overflow flaw was found in the way the FreeType font rendering\n engine processed PostScript Type 1 font files that contain nested Standard\n Encoding Accented Character (seac) calls. If a user loaded a\n specially-crafted font file with an application linked against FreeType, it\n could cause the application to crash. (CVE-2010-3054)\n \n Note: All of the issues in this erratum only affect the FreeType 2 font\n engine.\n \n Users are advised to upgrade to these updated packages, which contain\n backported patches to correct these issues. The X server must be restarted\n (log out, then log back in) for this update to take effect.\";\n\ntag_affected = \"freetype on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2010-October/msg00001.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870339\");\n script_version(\"$Revision: 8469 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-19 08:58:21 +0100 (Fri, 19 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-10-19 15:54:15 +0200 (Tue, 19 Oct 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2010:0737-01\");\n script_cve_id(\"CVE-2010-2806\", \"CVE-2010-2808\", \"CVE-2010-3054\", \"CVE-2010-3311\");\n script_name(\"RedHat Update for freetype RHSA-2010:0737-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of freetype\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.2.1~28.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-debuginfo\", rpm:\"freetype-debuginfo~2.2.1~28.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.2.1~28.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.2.1~28.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.1.9~17.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-debuginfo\", rpm:\"freetype-debuginfo~2.1.9~17.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.1.9~17.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.1.9~17.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-utils\", rpm:\"freetype-utils~2.1.9~17.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:26", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:1361412562310880564", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880564", "title": "CentOS Update for freetype CESA-2010:0737 centos5 i386", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for freetype CESA-2010:0737 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2010-October/017034.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880564\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2010:0737\");\n script_cve_id(\"CVE-2010-2806\", \"CVE-2010-2808\", \"CVE-2010-3054\", \"CVE-2010-3311\");\n script_name(\"CentOS Update for freetype CESA-2010:0737 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'freetype'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"freetype on CentOS 5\");\n script_tag(name:\"insight\", value:\"FreeType is a free, high-quality, portable font engine that can open and\n manage font files. It also loads, hints, and renders individual glyphs\n efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide\n both the FreeType 1 and FreeType 2 font engines. The freetype packages for\n Red Hat Enterprise Linux 5 provide only the FreeType 2 font engine.\n\n It was discovered that the FreeType font rendering engine improperly\n validated certain position values when processing input streams. If a user\n loaded a specially-crafted font file with an application linked against\n FreeType, and the relevant font glyphs were subsequently rendered with the\n X FreeType library (libXft), it could trigger a heap-based buffer overflow\n in the libXft library, causing the application to crash or, possibly,\n execute arbitrary code with the privileges of the user running the\n application. (CVE-2010-3311)\n\n A stack-based buffer overflow flaw was found in the way the FreeType font\n rendering engine processed some PostScript Type 1 fonts. If a user loaded a\n specially-crafted font file with an application linked against FreeType, it\n could cause the application to crash or, possibly, execute arbitrary code\n with the privileges of the user running the application. (CVE-2010-2808)\n\n An array index error was found in the way the FreeType font rendering\n engine processed certain PostScript Type 42 font files. If a user loaded a\n specially-crafted font file with an application linked against FreeType, it\n could cause the application to crash or, possibly, execute arbitrary code\n with the privileges of the user running the application. (CVE-2010-2806)\n\n A stack overflow flaw was found in the way the FreeType font rendering\n engine processed PostScript Type 1 font files that contain nested Standard\n Encoding Accented Character (seac) calls. If a user loaded a\n specially-crafted font file with an application linked against FreeType, it\n could cause the application to crash. (CVE-2010-3054)\n\n Note: All of the issues in this erratum only affect the FreeType 2 font\n engine.\n\n Users are advised to upgrade to these updated packages, which contain\n backported patches to correct these issues. The X server must be restarted\n (log out, then log back in) for this update to take effect.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.2.1~28.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.2.1~28.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.2.1~28.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-17T11:05:22", "bulletinFamily": "scanner", "description": "Check for the Version of freetype", "modified": "2018-01-16T00:00:00", "published": "2010-10-19T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880433", "id": "OPENVAS:1361412562310880433", "type": "openvas", "title": "CentOS Update for freetype CESA-2010:0737 centos4 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for freetype CESA-2010:0737 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"FreeType is a free, high-quality, portable font engine that can open and\n manage font files. It also loads, hints, and renders individual glyphs\n efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide\n both the FreeType 1 and FreeType 2 font engines. The freetype packages for\n Red Hat Enterprise Linux 5 provide only the FreeType 2 font engine.\n\n It was discovered that the FreeType font rendering engine improperly\n validated certain position values when processing input streams. If a user\n loaded a specially-crafted font file with an application linked against\n FreeType, and the relevant font glyphs were subsequently rendered with the\n X FreeType library (libXft), it could trigger a heap-based buffer overflow\n in the libXft library, causing the application to crash or, possibly,\n execute arbitrary code with the privileges of the user running the\n application. (CVE-2010-3311)\n \n A stack-based buffer overflow flaw was found in the way the FreeType font\n rendering engine processed some PostScript Type 1 fonts. If a user loaded a\n specially-crafted font file with an application linked against FreeType, it\n could cause the application to crash or, possibly, execute arbitrary code\n with the privileges of the user running the application. (CVE-2010-2808)\n \n An array index error was found in the way the FreeType font rendering\n engine processed certain PostScript Type 42 font files. If a user loaded a\n specially-crafted font file with an application linked against FreeType, it\n could cause the application to crash or, possibly, execute arbitrary code\n with the privileges of the user running the application. (CVE-2010-2806)\n \n A stack overflow flaw was found in the way the FreeType font rendering\n engine processed PostScript Type 1 font files that contain nested Standard\n Encoding Accented Character (seac) calls. If a user loaded a\n specially-crafted font file with an application linked against FreeType, it\n could cause the application to crash. (CVE-2010-3054)\n \n Note: All of the issues in this erratum only affect the FreeType 2 font\n engine.\n \n Users are advised to upgrade to these updated packages, which contain\n backported patches to correct these issues. The X server must be restarted\n (log out, then log back in) for this update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"freetype on CentOS 4\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2010-October/017039.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880433\");\n script_version(\"$Revision: 8438 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-16 18:38:23 +0100 (Tue, 16 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-10-19 15:54:15 +0200 (Tue, 19 Oct 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2010:0737\");\n script_cve_id(\"CVE-2010-2806\", \"CVE-2010-2808\", \"CVE-2010-3054\", \"CVE-2010-3311\");\n script_name(\"CentOS Update for freetype CESA-2010:0737 centos4 i386\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of freetype\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.1.9~17.el4.8\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.1.9~17.el4.8\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.1.9~17.el4.8\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-utils\", rpm:\"freetype-utils~2.1.9~17.el4.8\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:55:31", "bulletinFamily": "scanner", "description": "Check for the Version of freetype", "modified": "2017-07-10T00:00:00", "published": "2011-08-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=880564", "id": "OPENVAS:880564", "title": "CentOS Update for freetype CESA-2010:0737 centos5 i386", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for freetype CESA-2010:0737 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"FreeType is a free, high-quality, portable font engine that can open and\n manage font files. It also loads, hints, and renders individual glyphs\n efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide\n both the FreeType 1 and FreeType 2 font engines. The freetype packages for\n Red Hat Enterprise Linux 5 provide only the FreeType 2 font engine.\n\n It was discovered that the FreeType font rendering engine improperly\n validated certain position values when processing input streams. If a user\n loaded a specially-crafted font file with an application linked against\n FreeType, and the relevant font glyphs were subsequently rendered with the\n X FreeType library (libXft), it could trigger a heap-based buffer overflow\n in the libXft library, causing the application to crash or, possibly,\n execute arbitrary code with the privileges of the user running the\n application. (CVE-2010-3311)\n \n A stack-based buffer overflow flaw was found in the way the FreeType font\n rendering engine processed some PostScript Type 1 fonts. If a user loaded a\n specially-crafted font file with an application linked against FreeType, it\n could cause the application to crash or, possibly, execute arbitrary code\n with the privileges of the user running the application. (CVE-2010-2808)\n \n An array index error was found in the way the FreeType font rendering\n engine processed certain PostScript Type 42 font files. If a user loaded a\n specially-crafted font file with an application linked against FreeType, it\n could cause the application to crash or, possibly, execute arbitrary code\n with the privileges of the user running the application. (CVE-2010-2806)\n \n A stack overflow flaw was found in the way the FreeType font rendering\n engine processed PostScript Type 1 font files that contain nested Standard\n Encoding Accented Character (seac) calls. If a user loaded a\n specially-crafted font file with an application linked against FreeType, it\n could cause the application to crash. (CVE-2010-3054)\n \n Note: All of the issues in this erratum only affect the FreeType 2 font\n engine.\n \n Users are advised to upgrade to these updated packages, which contain\n backported patches to correct these issues. The X server must be restarted\n (log out, then log back in) for this update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"freetype on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2010-October/017034.html\");\n script_id(880564);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2010:0737\");\n script_cve_id(\"CVE-2010-2806\", \"CVE-2010-2808\", \"CVE-2010-3054\", \"CVE-2010-3311\");\n script_name(\"CentOS Update for freetype CESA-2010:0737 centos5 i386\");\n\n script_summary(\"Check for the Version of freetype\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.2.1~28.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.2.1~28.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.2.1~28.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:38:58", "bulletinFamily": "unix", "description": "[2.1.4-18.el3]\n- Modify freetype-2.1.4-CVE-2010-3054.patch\n- Resolves: #638139\n[2.1.4-17.el3]\n- Add freetype-2.1.4-CVE-2010-2806.patch\n (Protect against negative string_size. Fix comparison.)\n- Add freetype-2.1.4-CVE-2010-3311.patch\n (Don't seek behind end of stream.)\n- Add freetype-2.1.4-CVE-2010-3054.patch\n (Protect against nested 'seac' calls.)\n- Resolves: #638139", "modified": "2010-10-04T00:00:00", "published": "2010-10-04T00:00:00", "id": "ELSA-2010-0736", "href": "http://linux.oracle.com/errata/ELSA-2010-0736.html", "title": "freetype security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:28", "bulletinFamily": "unix", "description": "[2.2.1-28]\n- Modify freetype-2.2.1-CVE-2010-3054.patch\n- Resolves: #638142\n[2.2.1-27]\n- Add freetype-2.2.1-CVE-2010-2806.patch\n (Protect against negative string_size. Fix comparison.)\n- Add freetype-2.2.1-CVE-2010-3311.patch\n (Don't seek behind end of stream.)\n- Add freetype-2.2.1-CVE-2010-3054.patch\n (Protect against nested 'seac' calls.)\n- Add freetype-2.2.1-CVE-2010-2808.patch\n (Check the total length of collected POST segments.)\n- Resolves: #638142 ", "modified": "2010-10-04T00:00:00", "published": "2010-10-04T00:00:00", "id": "ELSA-2010-0737", "href": "http://linux.oracle.com/errata/ELSA-2010-0737.html", "title": "freetype security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:47", "bulletinFamily": "unix", "description": "[2.3.11-6.el6_0.2]\r\n- Add freetype-2.3.11-CVE-2010-3855.patch\r\n (Protect against invalid runcnt values.)\r\n- Resolves: #651761\r\n \n[2.3.11-6.el6_0.1]\r\n- Add freetype-2.3.11-CVE-2010-2805.patch\r\n (Fix comparison.)\r\n- Add freetype-2.3.11-CVE-2010-2806.patch\r\n (Protect against negative string_size. Fix comparison.)\r\n- Add freetype-2.3.11-CVE-2010-2808.patch\r\n (Check the total length of collected POST segments.)\r\n- Add freetype-2.3.11-CVE-2010-3311.patch\r\n (Dont seek behind end of stream.)\r\n- Resolves: #638838", "modified": "2010-11-16T00:00:00", "published": "2010-11-16T00:00:00", "id": "ELSA-2010-0889", "href": "http://linux.oracle.com/errata/ELSA-2010-0889.html", "title": "freetype security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2019-05-30T02:23:11", "bulletinFamily": "unix", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-2116-1 security@debian.org\nhttp://www.debian.org/security/ Stefan Fritsch\nOctober 4, 2010 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : freetype\nVulnerability : integer overflow\nProblem type : local (remote)\nDebian-specific: no\nCVE Id(s) : CVE-2010-3311\n\nMarc Schoenefeld has found an input stream position error in the\nway the FreeType font rendering engine processed input file streams.\nIf a user loaded a specially-crafted font file with an application\nlinked against FreeType and relevant font glyphs were subsequently\nrendered with the X FreeType library (libXft), it could cause the\napplication to crash or, possibly execute arbitrary code.\n\nAfter the upgrade, all running applications and services that use\nlibfreetype6 should be restarted. In most cases, logging out and\nin again should be enough. The script checkrestart from the\ndebian-goodies package or lsof may help to find out which\nprocesses are still using the old version of libfreetype6.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.3.7-2+lenny4.\n\nThe testing distribution (squeeze) and the unstable distribution (sid)\nare not affected by this problem.\n\nWe recommend that you upgrade your freetype packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 5.0 alias lenny (stable)\n- -----------------------------------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny4.dsc\n Size/MD5 checksum: 1211 e8eb7bb3966d14fc5b66857a7300e6b2\n http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7.orig.tar.gz\n Size/MD5 checksum: 1567540 c1a9f44fde316470176fd6d66af3a0e8\n http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny4.diff.gz\n Size/MD5 checksum: 39401 d1d5bb90167dec40ba9c7d994ccefeef\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny4_alpha.deb\n Size/MD5 checksum: 253790 be62a4d4ef74375620fd1ba0e4748ca2\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny4_alpha.udeb\n Size/MD5 checksum: 296640 3fc9c9db1b1f31fea8c072f1600a0cc3\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny4_alpha.deb\n Size/MD5 checksum: 412358 cec01c79c128cd15812695a0b0874506\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny4_alpha.deb\n Size/MD5 checksum: 775326 410bc831483dccfc0a6c18de7e71cba9\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny4_amd64.deb\n Size/MD5 checksum: 223156 d92fce04f6d6eb160f3a69a6170094fe\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny4_amd64.deb\n Size/MD5 checksum: 713268 1328888db2fe01093eb46b1d136b393e\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny4_amd64.deb\n Size/MD5 checksum: 385884 3b31b35c1268c5fe9e7d9c2f88721c4c\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny4_amd64.udeb\n Size/MD5 checksum: 269788 8c8b189b990973dea4dc649a3ee1f375\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny4_arm.deb\n Size/MD5 checksum: 357226 e30d0721701c76d97d834f972cb6e6f4\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny4_arm.deb\n Size/MD5 checksum: 686184 002d550193037299794065785dbbe415\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny4_arm.deb\n Size/MD5 checksum: 205108 871c6d806eca839ffae94a99bcfb57ae\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny4_arm.udeb\n Size/MD5 checksum: 242208 4d86dc1a4ab0c534a16e99deebc1fc74\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny4_armel.udeb\n Size/MD5 checksum: 236558 e01e2ed47b976afb2f2cf076d774dc22\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny4_armel.deb\n Size/MD5 checksum: 212146 b91df649946fd0fec0ec5e2af160605e\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny4_armel.deb\n Size/MD5 checksum: 683786 7f107b637d992d5985b119509d9e22dd\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny4_armel.deb\n Size/MD5 checksum: 353416 6cf178afdf3a4834811e9e468dbf4c5f\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny4_hppa.udeb\n Size/MD5 checksum: 273970 c7b3ba59505abbbc513b05aa6344d2f8\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny4_hppa.deb\n Size/MD5 checksum: 226860 4f784b27a1bdc448ef773e745ae57c8a\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny4_hppa.deb\n Size/MD5 checksum: 725000 b2be1195d0d730de3b0212882beb5ab8\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny4_hppa.deb\n Size/MD5 checksum: 390482 9bedead1c79c9ab100235a35cb8292fd\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny4_i386.udeb\n Size/MD5 checksum: 254446 0711a5a4840a60609eab1600f30059cc\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny4_i386.deb\n Size/MD5 checksum: 371210 0c0ec7ed3c5431522854a63a2472c086\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny4_i386.deb\n Size/MD5 checksum: 198090 45eebe4364c5e521ac11a81930adb4ac\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny4_i386.deb\n Size/MD5 checksum: 685642 61507372e1025b8541a8c40df5d79223\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny4_ia64.deb\n Size/MD5 checksum: 332158 07f8c38bd1b9f9f0978e979c9dc41f58\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny4_ia64.deb\n Size/MD5 checksum: 531594 1ba8db18cff071df85cdd6395041803b\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny4_ia64.deb\n Size/MD5 checksum: 876664 edfe5969841a9ac149880160e4721bc4\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny4_ia64.udeb\n Size/MD5 checksum: 415940 a97a09ae4359e987a1f307ccd75011a1\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny4_mips.deb\n Size/MD5 checksum: 713372 060d1f519ca44e9f2929c6cc497f5f32\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny4_mips.deb\n Size/MD5 checksum: 215354 9422bf4b37031064897f240e6a16e4bd\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny4_mips.udeb\n Size/MD5 checksum: 253938 240a257d6ab5e675a8d7df4ca73d741c\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny4_mips.deb\n Size/MD5 checksum: 371116 f2f555ec73c128068561881dba4180ac\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny4_mipsel.deb\n Size/MD5 checksum: 712500 50aaf715f150fc91713a48c8b56fc050\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny4_mipsel.deb\n Size/MD5 checksum: 369826 34836bde5ab656b14aab11ac2ba377d8\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny4_mipsel.deb\n Size/MD5 checksum: 214786 47342e0e3cf8557cf03957bc3f38ccf1\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny4_mipsel.udeb\n Size/MD5 checksum: 254202 9a9268e23a621915d184707265333d86\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny4_powerpc.udeb\n Size/MD5 checksum: 262836 1d44f167d8f5ab27294a52ffebe6b24a\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny4_powerpc.deb\n Size/MD5 checksum: 233042 36bc26f025938280a60c057eee8b4d93\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny4_powerpc.deb\n Size/MD5 checksum: 708572 c4f579af34066f88cf439d7b1afb06b5\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny4_powerpc.deb\n Size/MD5 checksum: 380014 4309a48f707cfc5a441ba51057ac9ce2\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny4_s390.udeb\n Size/MD5 checksum: 268250 fbd854913af557572f94b970c1ee2987\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny4_s390.deb\n Size/MD5 checksum: 225934 7805a7ead0b6d2f9d7d5fd5fab380c62\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny4_s390.deb\n Size/MD5 checksum: 701510 a06b2eb1f6394beb9d914e3f3a4d54e4\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny4_s390.deb\n Size/MD5 checksum: 384504 0daf1dc1ae9b76b788d14f9ef3190071\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny4_sparc.deb\n Size/MD5 checksum: 200090 e60c90c32352f007aa5b7802bbb80fef\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny4_sparc.deb\n Size/MD5 checksum: 676516 98868c5cef925d1fbd114c15de7496e8\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny4_sparc.udeb\n Size/MD5 checksum: 235422 c5fe1c8052ea0b30e73ace12b69116d0\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny4_sparc.deb\n Size/MD5 checksum: 352580 295ebded2e16cfd43dad6a1fb91b31a8\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "modified": "2010-10-04T21:03:44", "published": "2010-10-04T21:03:44", "id": "DEBIAN:DSA-2116-1:79D65", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2010/msg00165.html", "title": "[SECURITY] [DSA-2116-1] New freetype packages integer overflow", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-30T02:22:37", "bulletinFamily": "unix", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-2105-1 security@debian.org\nhttp://www.debian.org/security/ Giuseppe Iuculano\nSeptember 07, 2010 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : freetype\nVulnerability : several\nProblem type : local(remote)\nDebian-specific: no\nCVE Id(s) : CVE-2010-1797 CVE-2010-2541 CVE-2010-2805 CVE-2010-2806\n CVE-2010-2807 CVE-2010-2808 CVE-2010-3053\n\n\nSeveral vulnerabilities have been discovered in the FreeType font \nlibrary. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\nCVE-2010-1797\n\n Multiple stack-based buffer overflows in the \n cff_decoder_parse_charstrings function in the CFF Type2 CharStrings\n interpreter in cff/cffgload.c in FreeType allow remote attackers to\n execute arbitrary code or cause a denial of service (memory\n corruption) via crafted CFF opcodes in embedded fonts in a PDF\n document, as demonstrated by JailbreakMe.\n\nCVE-2010-2541\n\n Buffer overflow in ftmulti.c in the ftmulti demo program in FreeType\n allows remote attackers to cause a denial of service (application\n crash) or possibly execute arbitrary code via a crafted font file.\n\nCVE-2010-2805\n\n The FT_Stream_EnterFrame function in base/ftstream.c in FreeType does\n not properly validate certain position values, which allows remote\n attackers to cause a denial of service (application crash) or\n possibly execute arbitrary code via a crafted font file\n\nCVE-2010-2806\n\n Array index error in the t42_parse_sfnts function in\n type42/t42parse.c in FreeType allows remote attackers to cause a\n denial of service (application crash) or possibly execute arbitrary\n code via negative size values for certain strings in FontType42 font\n files, leading to a heap-based buffer overflow.\n\nCVE-2010-2807\n\n FreeType uses incorrect integer data types during bounds checking,\n which allows remote attackers to cause a denial of service\n (application crash) or possibly execute arbitrary code via a crafted\n font file.\n\nCVE-2010-2808\n\n Buffer overflow in the Mac_Read_POST_Resource function in\n base/ftobjs.c in FreeType allows remote attackers to cause a denial\n of service (memory corruption and application crash) or possibly\n execute arbitrary code via a crafted Adobe Type 1 Mac Font File (aka\n LWFN) font.\n\nCVE-2010-3053\n\n bdf/bdflib.c in FreeType allows remote attackers to cause a denial of\n service (application crash) via a crafted BDF font file, related to\n an attempted modification of a value in a static string.\n\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.3.7-2+lenny3\n\nFor the unstable distribution (sid) and the testing distribution\n(squeeze), these problems have been fixed in version 2.4.2-1\n\n\nWe recommend that you upgrade your freetype package.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nDebian (stable)\n- ---------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny3.diff.gz\n Size/MD5 checksum: 39230 95a3841e7258573ca2d3e0075b8e7f73\n http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7.orig.tar.gz\n Size/MD5 checksum: 1567540 c1a9f44fde316470176fd6d66af3a0e8\n http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny3.dsc\n Size/MD5 checksum: 1219 2a2bf3d4568d92e2a48ebcda38140e73\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_alpha.deb\n Size/MD5 checksum: 775278 2f2ca060588fc33b6d7baae02201dbd2\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_alpha.deb\n Size/MD5 checksum: 412188 ad9537e93ed3fb61f9348470940f3ce5\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_alpha.udeb\n Size/MD5 checksum: 296592 e689b1c4b6bd7779e44d1cd641be9622\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_alpha.deb\n Size/MD5 checksum: 253786 287a98ca57139d4dee8041eba2881e3b\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_amd64.deb\n Size/MD5 checksum: 713260 f1d4002e7b6d185ff9f46bc25d67c4c9\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_amd64.deb\n Size/MD5 checksum: 223170 cb00f76d826be115243faa9dfd0b8a91\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_amd64.udeb\n Size/MD5 checksum: 269796 40762e686138c27ac92b20174e67012e\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_amd64.deb\n Size/MD5 checksum: 385848 0294d7e3e1d6b37532f98344a9849cde\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_arm.deb\n Size/MD5 checksum: 686154 fbe32c7124ba2ce093b31f46736e002b\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_arm.deb\n Size/MD5 checksum: 357158 0d793d543a33cfa192098234c925d639\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_arm.udeb\n Size/MD5 checksum: 242196 1cfc9f7dc6a7cd0843aa234bab35b69e\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_arm.deb\n Size/MD5 checksum: 205120 39ab4dfbc19c8a63affc493e0b5aaf2d\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_armel.deb\n Size/MD5 checksum: 684568 325686fbc2fba7687da424ada57b9419\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_armel.deb\n Size/MD5 checksum: 209992 69f6a68fb90658ec74dfd7cc7cc0b766\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_armel.udeb\n Size/MD5 checksum: 236564 a48afca5c6798d16b140b3362dfac0ca\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_armel.deb\n Size/MD5 checksum: 353814 76960109910d6de2f74ec0e345f00854\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_i386.udeb\n Size/MD5 checksum: 254452 a34af74eda0feb2b763cfc6f5b8330c1\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_i386.deb\n Size/MD5 checksum: 371586 ec294ffffeb9ddec389e3e988d880534\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_i386.deb\n Size/MD5 checksum: 198558 3283ad058d37eed8bca46df743c6a915\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_i386.deb\n Size/MD5 checksum: 684624 014d335b35ed41022adb628796a0c122\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_ia64.deb\n Size/MD5 checksum: 332160 2dbb364f09414e4b0e0f59d9e91d1edc\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_ia64.deb\n Size/MD5 checksum: 876692 2f6d3421d6c8424523388347c5640666\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_ia64.deb\n Size/MD5 checksum: 531496 5dd7755f63271f597b64c3f513e8e7f1\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_ia64.udeb\n Size/MD5 checksum: 415934 ea2ba16157b3504d8b9c8f251b69b16f\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_mips.deb\n Size/MD5 checksum: 717022 9ee8c246af10f4bf7cdf5cdc54010dd6\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_mips.deb\n Size/MD5 checksum: 213212 3641ad81738e8935c5df2b648383c8e0\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_mips.deb\n Size/MD5 checksum: 369018 18559e273ffcea5614e71ab32b95ef47\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_mips.udeb\n Size/MD5 checksum: 253924 1be1e224f27a780beb6799d55fa74663\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_mipsel.deb\n Size/MD5 checksum: 369772 6181d98166fe1f004fb033f2665ce4af\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_mipsel.deb\n Size/MD5 checksum: 214802 6edbec67ff79e96921d1fe4bf57b0fce\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_mipsel.deb\n Size/MD5 checksum: 712502 4a99ccc68b1913f88901c5e0686fea4f\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_mipsel.udeb\n Size/MD5 checksum: 254212 e30825a94175fd78a561b8365392cbad\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_powerpc.udeb\n Size/MD5 checksum: 262804 d35ced8ba625f39dc7a04e3e61e0d49d\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_powerpc.deb\n Size/MD5 checksum: 233882 6e294c19dd0109ee80fe6cd401b6a185\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_powerpc.deb\n Size/MD5 checksum: 378612 c96a180e7132c543396486b14107cdad\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_powerpc.deb\n Size/MD5 checksum: 708212 9602a7786b2ebffd1d75d443901574c5\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_s390.deb\n Size/MD5 checksum: 225190 393c9515f7cd89bcd8b0c38d6d6dd7ac\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_s390.deb\n Size/MD5 checksum: 384160 4e20bc56e5fc65fb08529d8765d28850\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_s390.deb\n Size/MD5 checksum: 698798 f589b6b8882d998bb7b89fa1dfa40b3a\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_s390.udeb\n Size/MD5 checksum: 268272 7b6511b9ad657aa165e906a4fcbfee11\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_sparc.deb\n Size/MD5 checksum: 200078 29c1833cbde5b4da5c2e35aaf856ab58\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_sparc.udeb\n Size/MD5 checksum: 235424 e64a8fc3b744253b22161e31fbb6e92a\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_sparc.deb\n Size/MD5 checksum: 352544 a7f480889460b104bbab16fd8d8da2d5\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_sparc.deb\n Size/MD5 checksum: 676520 6d0f57a5bd6457a9b9b85271c7001531\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "modified": "2010-09-07T20:39:45", "published": "2010-09-07T20:39:45", "id": "DEBIAN:DSA-2105-1:33FFA", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2010/msg00152.html", "title": "[SECURITY] [DSA-2105-1] New freetype packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:37", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- ------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2116-1 security@debian.org\r\nhttp://www.debian.org/security/ Stefan Fritsch\r\nOctober 4, 2010 http://www.debian.org/security/faq\r\n- ------------------------------------------------------------------------\r\n\r\nPackage : freetype\r\nVulnerability : integer overflow\r\nProblem type : local (remote)\r\nDebian-specific: no\r\nCVE Id(s) : CVE-2010-3311\r\n\r\nMarc Schoenefeld has found an input stream position error in the\r\nway the FreeType font rendering engine processed input file streams.\r\nIf a user loaded a specially-crafted font file with an application\r\nlinked against FreeType and relevant font glyphs were subsequently\r\nrendered with the X FreeType library (libXft), it could cause the\r\napplication to crash or, possibly execute arbitrary code.\r\n\r\nAfter the upgrade, all running applications and services that use\r\nlibfreetype6 should be restarted. In most cases, logging out and\r\nin again should be enough. The script checkrestart from the\r\ndebian-goodies package or lsof may help to find out which\r\nprocesses are still using the old version of libfreetype6.\r\n\r\nFor the stable distribution (lenny), these problems have been fixed in\r\nversion 2.3.7-2+lenny4.\r\n\r\nThe testing distribution (squeeze) and the unstable distribution (sid)\r\nare not affected by this problem.\r\n\r\nWe recommend that you upgrade your freetype packages.\r\n\r\nUpgrade instructions\r\n- --------------------\r\n\r\nwget url\r\n will fetch the file for you\r\ndpkg -i file.deb\r\n will install the referenced file.\r\n\r\nIf you are using the apt-get package manager, use the line for\r\nsources.list as given below:\r\n\r\napt-get update\r\n will update the internal database\r\napt-get upgrade\r\n will install corrected packages\r\n\r\nYou may use an automated update by adding the resources from the\r\nfooter to the proper configuration.\r\n\r\n\r\nDebian GNU/Linux 5.0 alias lenny (stable)\r\n- -----------------------------------------\r\n\r\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\r\n\r\nSource archives:\r\n\r\n http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny4.dsc\r\n Size/MD5 checksum: 1211 e8eb7bb3966d14fc5b66857a7300e6b2\r\n http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7.orig.tar.gz\r\n Size/MD5 checksum: 1567540 c1a9f44fde316470176fd6d66af3a0e8\r\n http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny4.diff.gz\r\n Size/MD5 checksum: 39401 d1d5bb90167dec40ba9c7d994ccefeef\r\n\r\nalpha architecture (DEC Alpha)\r\n\r\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny4_alpha.deb\r\n Size/MD5 checksum: 253790 be62a4d4ef74375620fd1ba0e4748ca2\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny4_alpha.udeb\r\n Size/MD5 checksum: 296640 3fc9c9db1b1f31fea8c072f1600a0cc3\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny4_alpha.deb\r\n Size/MD5 checksum: 412358 cec01c79c128cd15812695a0b0874506\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny4_alpha.deb\r\n Size/MD5 checksum: 775326 410bc831483dccfc0a6c18de7e71cba9\r\n\r\namd64 architecture (AMD x86_64 (AMD64))\r\n\r\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny4_amd64.deb\r\n Size/MD5 checksum: 223156 d92fce04f6d6eb160f3a69a6170094fe\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny4_amd64.deb\r\n Size/MD5 checksum: 713268 1328888db2fe01093eb46b1d136b393e\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny4_amd64.deb\r\n Size/MD5 checksum: 385884 3b31b35c1268c5fe9e7d9c2f88721c4c\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny4_amd64.udeb\r\n Size/MD5 checksum: 269788 8c8b189b990973dea4dc649a3ee1f375\r\n\r\narm architecture (ARM)\r\n\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny4_arm.deb\r\n Size/MD5 checksum: 357226 e30d0721701c76d97d834f972cb6e6f4\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny4_arm.deb\r\n Size/MD5 checksum: 686184 002d550193037299794065785dbbe415\r\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny4_arm.deb\r\n Size/MD5 checksum: 205108 871c6d806eca839ffae94a99bcfb57ae\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny4_arm.udeb\r\n Size/MD5 checksum: 242208 4d86dc1a4ab0c534a16e99deebc1fc74\r\n\r\narmel architecture (ARM EABI)\r\n\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny4_armel.udeb\r\n Size/MD5 checksum: 236558 e01e2ed47b976afb2f2cf076d774dc22\r\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny4_armel.deb\r\n Size/MD5 checksum: 212146 b91df649946fd0fec0ec5e2af160605e\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny4_armel.deb\r\n Size/MD5 checksum: 683786 7f107b637d992d5985b119509d9e22dd\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny4_armel.deb\r\n Size/MD5 checksum: 353416 6cf178afdf3a4834811e9e468dbf4c5f\r\n\r\nhppa architecture (HP PA RISC)\r\n\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny4_hppa.udeb\r\n Size/MD5 checksum: 273970 c7b3ba59505abbbc513b05aa6344d2f8\r\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny4_hppa.deb\r\n Size/MD5 checksum: 226860 4f784b27a1bdc448ef773e745ae57c8a\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny4_hppa.deb\r\n Size/MD5 checksum: 725000 b2be1195d0d730de3b0212882beb5ab8\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny4_hppa.deb\r\n Size/MD5 checksum: 390482 9bedead1c79c9ab100235a35cb8292fd\r\n\r\ni386 architecture (Intel ia32)\r\n\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny4_i386.udeb\r\n Size/MD5 checksum: 254446 0711a5a4840a60609eab1600f30059cc\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny4_i386.deb\r\n Size/MD5 checksum: 371210 0c0ec7ed3c5431522854a63a2472c086\r\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny4_i386.deb\r\n Size/MD5 checksum: 198090 45eebe4364c5e521ac11a81930adb4ac\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny4_i386.deb\r\n Size/MD5 checksum: 685642 61507372e1025b8541a8c40df5d79223\r\n\r\nia64 architecture (Intel ia64)\r\n\r\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny4_ia64.deb\r\n Size/MD5 checksum: 332158 07f8c38bd1b9f9f0978e979c9dc41f58\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny4_ia64.deb\r\n Size/MD5 checksum: 531594 1ba8db18cff071df85cdd6395041803b\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny4_ia64.deb\r\n Size/MD5 checksum: 876664 edfe5969841a9ac149880160e4721bc4\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny4_ia64.udeb\r\n Size/MD5 checksum: 415940 a97a09ae4359e987a1f307ccd75011a1\r\n\r\nmips architecture (MIPS (Big Endian))\r\n\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny4_mips.deb\r\n Size/MD5 checksum: 713372 060d1f519ca44e9f2929c6cc497f5f32\r\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny4_mips.deb\r\n Size/MD5 checksum: 215354 9422bf4b37031064897f240e6a16e4bd\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny4_mips.udeb\r\n Size/MD5 checksum: 253938 240a257d6ab5e675a8d7df4ca73d741c\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny4_mips.deb\r\n Size/MD5 checksum: 371116 f2f555ec73c128068561881dba4180ac\r\n\r\nmipsel architecture (MIPS (Little Endian))\r\n\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny4_mipsel.deb\r\n Size/MD5 checksum: 712500 50aaf715f150fc91713a48c8b56fc050\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny4_mipsel.deb\r\n Size/MD5 checksum: 369826 34836bde5ab656b14aab11ac2ba377d8\r\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny4_mipsel.deb\r\n Size/MD5 checksum: 214786 47342e0e3cf8557cf03957bc3f38ccf1\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny4_mipsel.udeb\r\n Size/MD5 checksum: 254202 9a9268e23a621915d184707265333d86\r\n\r\npowerpc architecture (PowerPC)\r\n\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny4_powerpc.udeb\r\n Size/MD5 checksum: 262836 1d44f167d8f5ab27294a52ffebe6b24a\r\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny4_powerpc.deb\r\n Size/MD5 checksum: 233042 36bc26f025938280a60c057eee8b4d93\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny4_powerpc.deb\r\n Size/MD5 checksum: 708572 c4f579af34066f88cf439d7b1afb06b5\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny4_powerpc.deb\r\n Size/MD5 checksum: 380014 4309a48f707cfc5a441ba51057ac9ce2\r\n\r\ns390 architecture (IBM S/390)\r\n\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny4_s390.udeb\r\n Size/MD5 checksum: 268250 fbd854913af557572f94b970c1ee2987\r\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny4_s390.deb\r\n Size/MD5 checksum: 225934 7805a7ead0b6d2f9d7d5fd5fab380c62\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny4_s390.deb\r\n Size/MD5 checksum: 701510 a06b2eb1f6394beb9d914e3f3a4d54e4\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny4_s390.deb\r\n Size/MD5 checksum: 384504 0daf1dc1ae9b76b788d14f9ef3190071\r\n\r\nsparc architecture (Sun SPARC/UltraSPARC)\r\n\r\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny4_sparc.deb\r\n Size/MD5 checksum: 200090 e60c90c32352f007aa5b7802bbb80fef\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny4_sparc.deb\r\n Size/MD5 checksum: 676516 98868c5cef925d1fbd114c15de7496e8\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny4_sparc.udeb\r\n Size/MD5 checksum: 235422 c5fe1c8052ea0b30e73ace12b69116d0\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny4_sparc.deb\r\n Size/MD5 checksum: 352580 295ebded2e16cfd43dad6a1fb91b31a8\r\n\r\n\r\n These files will probably be moved into the stable distribution on\r\n its next update.\r\n\r\n- ---------------------------------------------------------------------------------\r\nFor apt-get: deb http://security.debian.org/ stable/updates main\r\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\r\nMailing list: debian-security-announce@lists.debian.org\r\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.10 (GNU/Linux)\r\n\r\niD8DBQFMqkDMbxelr8HyTqQRApVJAKCDYKJ4tC1LyqB8DkEQljZR6m04ZwCfdRCo\r\nGLkEe4NAF79Hx3b0dh6FOcA=\r\n=4lhT\r\n-----END PGP SIGNATURE-----", "modified": "2010-10-06T00:00:00", "published": "2010-10-06T00:00:00", "id": "SECURITYVULNS:DOC:24855", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:24855", "title": "[SECURITY] [DSA-2116-1] New freetype packages integer overflow", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:37", "bulletinFamily": "software", "description": "Memory corruptions on fonts parsing.", "modified": "2011-11-27T00:00:00", "published": "2011-11-27T00:00:00", "id": "SECURITYVULNS:VULN:11001", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11001", "title": "freetype library multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:37", "bulletinFamily": "software", "description": "About the security content of Mac OS X v10.6.5 and Security Update 2010-007\r\n\r\n * Last Modified: November 12, 2010\r\n * Article: HT4435\r\n\r\nEmail this article\r\nPrint this page\r\nSummary\r\n\r\nThis document describes the security content of Mac OS X v10.6.5 and Security Update 2010-007, which can be downloaded and installed via Software Update preferences, or from Apple Downloads.\r\n\r\nFor the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.\r\n\r\nFor information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."\r\n\r\nWhere possible, CVE IDs are used to reference the vulnerabilities for further information.\r\n\r\nTo learn about other Security Updates, see "Apple Security Updates."\r\nProducts Affected\r\n\r\nMac OS X 10.6, Product Security, Security Update 2010-007, Mac OS X v10.6.\r\nMac OS X v10.6.5 and Security Update 2010-007\r\n\r\n *\r\n\r\n AFP Server\r\n\r\n CVE-ID: CVE-2010-1828\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A remote attacker may cause AFP Server to unexpectedly shutdown\r\n\r\n Description: A null pointer dereference exists in AFP Server's handling of reconnect authentication packets. A remote attacker may cause AFP Server to unexpectedly shutdown. Mac OS X automatically restarts AFP Server after a shutdown. This issue is addressed through improved validation of reconnect packets. Credit: Apple.\r\n\r\n *\r\n\r\n AFP Server\r\n\r\n CVE-ID: CVE-2010-1829\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: An authenticated user may cause arbitrary code execution\r\n\r\n Description: A directory traversal issue exists in AFP Server, which may allow an authenticated user to create files outside of a share with the permissions of the user. With a system configuration where users are permitted file sharing access only, this may lead to arbitrary code execution. This issue is addressed through improved path validation. Credit: Apple.\r\n\r\n *\r\n\r\n AFP Server\r\n\r\n CVE-ID: CVE-2010-1830\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A remote attacker may determine the existence of an AFP share\r\n\r\n Description: An error handling issue exists in AFP Server. This may allow a remote attacker to determine the existence of an AFP share with a given name. This issue is addressed through improved signaling of error conditions. Credit: Apple.\r\n\r\n *\r\n\r\n Apache mod_perl\r\n\r\n CVE-ID: CVE-2009-0796\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A remote attacker may cause cross-site scripting against the web server\r\n\r\n Description: A cross-site scripting issue exists in Apache mod_perl's encoding of HTML output for the /perl-status page. An attacker may leverage this issue to inject arbitrary script code in the context of a web site served by Apache. This issue does not affect the default configuration as mod_perl and its status page are not enabled by default. This issue is addressed by properly escaping HTML output.\r\n\r\n *\r\n\r\n Apache\r\n\r\n CVE-ID: CVE-2010-0408, CVE-2010-0434\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Multiple vulnerabilities in Apache 2.2.14\r\n\r\n Description: Apache is updated to version 2.2.15 to address several vulnerabilities, the most serious of which may lead to a denial of service. Further information is available via the Apache web site at http://httpd.apache.org/\r\n\r\n *\r\n\r\n AppKit\r\n\r\n CVE-ID: CVE-2010-1842\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Rendering a bidirectional string that requires truncation may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A buffer overflow exists in AppKit. If a string containing bidirectional text is rendered, and it is truncated with an ellipsis, AppKit may apply an inappropriate layout calculation. This could lead to an unexpected application termination or arbitrary code execution. This issue is addressed by avoiding the inappropriate layout calculation. Credit to Jesse Ruderman of Mozilla Corporation for reporting this issue.\r\n\r\n *\r\n\r\n ATS\r\n\r\n CVE-ID: CVE-2010-1831\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution\r\n\r\n Description: A buffer overflow exists in Apple Type Services' handling of embedded fonts with long names. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution. This issue is addressed through improved bounds checking.\r\n\r\n *\r\n\r\n ATS\r\n\r\n CVE-ID: CVE-2010-1832\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution\r\n\r\n Description: A stack buffer overflow exists in Apple Type Services' handling of embedded fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution. On Mac OS X v10.6 systems this issue is mitigated by the -fstack-protector compiler flag. This issue is addressed through improved bounds checking. Credit: Apple.\r\n\r\n *\r\n\r\n ATS\r\n\r\n CVE-ID: CVE-2010-1833\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution\r\n\r\n Description: A memory corruption issue exists in Apple Type Services' handling of embedded fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution. This issue is addressed through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.6. Credit to Marc Schoenefeld of Red Hat, and Christoph Diehl of Mozilla for reporting this issue.\r\n\r\n *\r\n\r\n ATS\r\n\r\n CVE-ID: CVE-2010-4010\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\r\n\r\n Impact: Viewing or downloading a document containing a maliciously crafted embedded CFF font may lead to arbitrary code execution\r\n\r\n Description: A signedness issue exists in Apple Type Services' handling of Compact Font Format (CFF) fonts. Viewing or downloading a document containing a maliciously crafted embedded CFF font may lead to arbitrary code execution. This issue is addressed through improved handling of CFF fonts. This issue does not affect Mac OS X v10.6 systems. Credit to Matias Eissler and Anibal Sacco of Core Security Technologies for reporting this issue.\r\n\r\n *\r\n\r\n CFNetwork\r\n\r\n CVE-ID: CVE-2010-1752\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A stack overflow exists in CFNetwork's URL handling code. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to Laurent OUDOT of TEHTRI-Security, and Neil Fryer of IT Security Geeks for reporting this issue.\r\n\r\n *\r\n\r\n CFNetwork\r\n\r\n CVE-ID: CVE-2010-1834\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Visiting a maliciously crafted website may cause cookies to be set for other sites\r\n\r\n Description: An implementation issue exists in CFNetwork's handling of domain specifications in cookies. CFNetwork allows cookies to be set for a partial IP address. A maliciously crafted website may set a cookie that will be sent to a third-party site, if the third-party site is accessed by IP address. This update addresses the issue by through improved validation of domains specified in cookies.\r\n\r\n *\r\n\r\n CoreGraphics\r\n\r\n CVE-ID: CVE-2010-1836\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A stack buffer overflow exists in CoreGraphics' handling of PDF files. Opening a maliciously crafted PDF file may lead to an unexpected application termination. On 32-bit systems, it may also lead to arbitrary code execution. This update addresses the issues through improved bounds and error checking. Credit to Andrew Kiss for reporting this issue.\r\n\r\n *\r\n\r\n CoreText\r\n\r\n CVE-ID: CVE-2010-1837\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue exists in CoreText's handling of font files. Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved validation of font files. Credit: Apple.\r\n\r\n *\r\n\r\n CUPS\r\n\r\n CVE-ID: CVE-2010-2941\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue exists in the handling of Internet Printing Protocol (IPP) requests in CUPS. By sending a maliciously crafted IPP request, a remote attacker may cause an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management. This issue may only be triggered remotely on systems with Printer Sharing enabled. Printer Sharing is not enabled by default. Credit to Emmanuel Bouillon of NATO C3 Agency for reporting this issue.\r\n\r\n *\r\n\r\n Directory Services\r\n\r\n CVE-ID: CVE-2010-1838\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A local attacker may bypass the password validation and log in to a mobile account\r\n\r\n Description: An error handling issue exists in Directory Service. A local attacker with knowledge of the name of a disabled mobile account, or a mobile account that allows a limited number of login failures, may bypass the password validation and log in to the account. This issue is addressed through improved handling of disabled accounts.\r\n\r\n *\r\n\r\n Directory Services\r\n\r\n CVE-ID: CVE-2010-1840\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: An attacker may be able to cause an unexpected application termination or arbitrary code execution\r\n\r\n Description: A stack buffer overflow exists in Directory Services' password validation. An attacker may be able to cause an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to Rodrigo Rubira Branco from Check Point Vulnerability Discovery Team (VDT), and Rainer Mueller for reporting this issue.\r\n\r\n *\r\n\r\n diskdev_cmds\r\n\r\n CVE-ID: CVE-2010-0105\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A local user may be able to prevent the system from starting properly\r\n\r\n Description: An implementation issue exists fsck_hfs' handling of directory trees. A local user may be able to prevent the system from starting properly. This issue is addressed through improved validation of directory trees. Credit to Maksymilian Arciemowicz of SecurityReason for reporting this issue.\r\n\r\n *\r\n\r\n Disk Images\r\n\r\n CVE-ID: CVE-2010-1841\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Opening a maliciously crafted disk image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue exists in processing UDIF disk images. Opening a maliciously crafted disk image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved validation of UDIF disk images. Credit to Marc Schoenefeld of Red Hat for reporting this issue.\r\n\r\n *\r\n\r\n Flash Player plug-in\r\n\r\n CVE-ID: CVE-2008-4546, CVE-2009-3793, CVE-2010-0209, CVE-2010-1297, CVE-2010-2160, CVE-2010-2161, CVE-2010-2162, CVE-2010-2163, CVE-2010-2164, CVE-2010-2165, CVE-2010-2166, CVE-2010-2167, CVE-2010-2169, CVE-2010-2170, CVE-2010-2171, CVE-2010-2172, CVE-2010-2173, CVE-2010-2174, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2179, CVE-2010-2180, CVE-2010-2181, CVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185, CVE-2010-2186, CVE-2010-2187, CVE-2010-2189, CVE-2010-2188, CVE-2010-2213, CVE-2010-2214, CVE-2010-2215, CVE-2010-2216, CVE-2010-2884, CVE-2010-3636, CVE-2010-3638, CVE-2010-3639, CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, CVE-2010-3652, CVE-2010-3654, CVE-2010-3976\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Multiple vulnerabilities in Adobe Flash Player plug-in\r\n\r\n Description: Multiple issues exist in the Adobe Flash Player plug-in, the most serious of which may lead to arbitrary code execution. The issues are addressed by updating the Flash Player plug-in to version 10.1.102.64. Further information is available via the Adobe web site at http://www.adobe.com/support/security/\r\n\r\n *\r\n\r\n gzip\r\n\r\n CVE-ID: CVE-2010-0001\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Extracting a maliciously crafted archive may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An integer overflow exists in gzip's handling of archives that use LZW compression. Extracting a maliciously crafted archive may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.6. Credit to Aki Helin of the Oulu University Secure Programming Group for reporting this issue.\r\n\r\n *\r\n\r\n gzip\r\n\r\n CVE-ID: CVE-2009-2624\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Extracting a maliciously crafted archive may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An buffer overflow exists in gzip. Extracting a maliciously crafted archive may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management.\r\n\r\n *\r\n\r\n Image Capture\r\n\r\n CVE-ID: CVE-2010-1844\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Downloading a maliciously crafted image may lead to an unexpected system shutdown\r\n\r\n Description: A unbounded memory consumption issue exists in Image Capture. Downloading a maliciously crafted image may lead to an unexpected system shutdown. This issue is addressed through improved input validation. This issue does not affect systems prior to Mac OS X v10.6. Credit to Steven Fisher of Discovery Software Ltd. for reporting this issue.\r\n\r\n *\r\n\r\n ImageIO\r\n\r\n CVE-ID: CVE-2010-1845\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted PSD image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: Multiple memory corruption issues exist in ImageIO's handling of PSD images. Viewing a maliciously crafted PSD image may lead to an unexpected application termination or arbitrary code execution. These issues are addressed through improved validation of PSD images. Credit to Dominic Chell of NGSSoftware for reporting one of these issues.\r\n\r\n *\r\n\r\n ImageIO\r\n\r\n CVE-ID: CVE-2010-1811\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A heap buffer overflow exists in the handling of TIFF Images. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit: Apple.\r\n\r\n *\r\n\r\n ImageIO\r\n\r\n CVE-ID: CVE-2010-2249, CVE-2010-1205\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Multiple vulnerabilities in libpng\r\n\r\n Description: libpng is updated to version 1.4.3 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html\r\n\r\n *\r\n\r\n Image RAW\r\n\r\n CVE-ID: CVE-2010-1846\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted RAW image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A heap buffer overflow exists in Image RAW's handling of images. Viewing a maliciously crafted RAW image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit: Apple.\r\n\r\n *\r\n\r\n Kernel\r\n\r\n CVE-ID: CVE-2010-1847\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A local user may cause an unexpected system shutdown\r\n\r\n Description: A memory management issue in the handling of terminal devices may allow a local user to cause an unexpected system shutdown. This issue is addressed through improved memory management.\r\n\r\n *\r\n\r\n MySQL\r\n\r\n CVE-ID: CVE-2010-1848, CVE-2010-1849, CVE-2010-1850\r\n\r\n Available for: Mac OS X Server v10.5.8, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Multiple vulnerabilities in MySQL 5.0.88\r\n\r\n Description: MySQL is updated to version 5.0.91 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. MySQL is only provided with Mac OS X Server systems. Further information is available via the MySQL web site at http://dev.mysql.com/doc/refman/5.0/en/news-5-0-91.html\r\n\r\n *\r\n\r\n neon\r\n\r\n CVE-ID: CVE-2009-2473, CVE-2009-2474\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Multiple vulnerabilities in neon 0.28.3\r\n\r\n Description: neon is updated to version 0.28.6 to address several vulnerabilities, the most serious of which may allow a man-in-the-middle attacker to redirect connections and intercept user credentials or other sensitive information. Further information is available via the neon web site at http://www.webdav.org/neon/\r\n\r\n *\r\n\r\n Networking\r\n\r\n CVE-ID: CVE-2010-1843\r\n\r\n Available for: Mac OS X v10.6.2 through v10.6.4, Mac OS X Server v10.6.2 through v10.6.4\r\n\r\n Impact: A remote attacker may cause an unexpected system shutdown\r\n\r\n Description: A null pointer dereference issue exists in the handling of Protocol Independent Multicast (PIM) packets. By sending a maliciously crafted PIM packet, a remote attacker may cause an unexpected system shutdown. This issue is addressed through improved validation of PIM packets. This issue does not affect systems prior to Mac OS X v10.6.2. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.\r\n\r\n *\r\n\r\n OpenLDAP\r\n\r\n CVE-ID: CVE-2010-0211\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A remote attacker may cause a denial of service or arbitrary code execution\r\n\r\n Description: A memory management issue exists in OpenLDAP. By sending a maliciously crafted query an attacker may cause a denial of service or arbitrary code execution. This issue is addressed through improved memory management.\r\n\r\n *\r\n\r\n OpenLDAP\r\n\r\n CVE-ID: CVE-2010-0212\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A remote attacker may cause a denial of service\r\n\r\n Description: A null pointer dereference exists in OpenLDAP. By sending a maliciously crafted query an attacker may cause a denial of service. This issue is addressed through improved memory management. Credit to Ilkka Mattila and Tuomas Salomaki for reporting this issue.\r\n\r\n *\r\n\r\n OpenSSL\r\n\r\n CVE-ID: CVE-2010-1378\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A remote user may bypass TLS authentication or spoof a trusted server\r\n\r\n Description: An arithmetic issue exists in OpenSSL's certificate validation. A remote user may bypass certificate validation steps, and cause OpenSSL to accept any certificate signed by a trusted root as valid. This issue is addressed through improved certificate validation. This issue does not affect systems prior to Mac OS X v10.6. This issue only affects the Mac OS X distribution of OpenSSL. Credit to Ryan Govostes of RPISEC for reporting this issue.\r\n\r\n *\r\n\r\n Password Server\r\n\r\n CVE-ID: CVE-2010-3783\r\n\r\n Available for: Mac OS X Server v10.5.8, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A remote attacker may be able to log in with an outdated password\r\n\r\n Description: An implementation issue in Password Server's handling of replication may cause passwords to not be replicated. A remote attacker may be able to log in to a system using an outdated password. This issue is addressed through improved handling of password replication. This issue only affects Mac OS X Server systems. Credit: Apple.\r\n\r\n *\r\n\r\n PHP\r\n\r\n CVE-ID: CVE-2010-0397, CVE-2010-2531\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Multiple vulnerabilities in PHP 5.3.2\r\n\r\n Description: PHP is updated to version 5.3.3 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the PHP website at http://www.php.net/\r\n\r\n *\r\n\r\n PHP\r\n\r\n CVE-ID: CVE-2010-0397, CVE-2010-2531, CVE-2010-2484\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\r\n\r\n Impact: Multiple vulnerabilities in PHP 5.2.12\r\n\r\n Description: PHP is updated to version 5.2.14 to address multiple vulnerabilities, the most serious of which may lead to arbitary code execution. Further information is available via the PHP website at http://www.php.net/\r\n\r\n *\r\n\r\n Printing\r\n\r\n CVE-ID: CVE-2010-3784\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Applications that use the PMPageFormatCreateWithDataRepresentation API may be vulnerable to an unexpected application termination\r\n\r\n Description: A null dereference issue exists in the PMPageFormatCreateWithDataRepresentation API's handling of XML data. Applications that use this API may be vulnerable to an unexpected application termination. This issue is addressed through improved handling of XML data. Credit to Wujun Li of Microsoft for reporting this issue.\r\n\r\n *\r\n\r\n python\r\n\r\n CVE-ID: CVE-2009-4134, CVE-2010-1449, CVE-2010-1450\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Python applications using the rgbimg and audioop modules may be vulnerable to an unexpected application termination or arbitrary code execution.\r\n\r\n Description: Multiple integer overflows exists in python's rgbimg and audioop modules. Python applications using the rgbimg and audioop modules may be vulnerable to an unexpected application termination or arbitrary code execution. These issues are addressed through improved bounds checking.\r\n\r\n *\r\n\r\n QuickLook\r\n\r\n CVE-ID: CVE-2010-3785\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A buffer overflow exists in QuickLook's handling of Microsoft Office files. Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit: Apple.\r\n\r\n *\r\n\r\n QuickLook\r\n\r\n CVE-ID: CVE-2010-3786\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Downloading a maliciously crafted Excel file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue exists in QuickLook's handling of Excel files. Downloading a maliciously crafted Excel file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.6. Credit to Tobias Klein, working with VeriSign iDefense Labs for reporting this issue.\r\n\r\n *\r\n\r\n QuickTime\r\n\r\n CVE-ID: CVE-2010-3787\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted JP2 image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A heap buffer overflow exists in QuickTime's handling of JP2 images. Viewing a maliciously crafted JP2 image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to Nils of MWR InfoSecurity for reporting this issue.\r\n\r\n *\r\n\r\n QuickTime\r\n\r\n CVE-ID: CVE-2010-3788\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted JP2 image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An uninitialized memory access issue exists in QuickTime's handling of JP2 images. Viewing a maliciously crafted JP2 image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved validation of JP2 images. Credit to Damian Put and Procyun, working with TippingPoint's Zero Day Initiative for reporting this issue.\r\n\r\n *\r\n\r\n QuickTime\r\n\r\n CVE-ID: CVE-2010-3789\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted avi file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue is in QuickTime's handling of avi files. Viewing a maliciously crafted avi file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of avi files. Credit to Damian Put working with TippingPoint's Zero Day Initiative for reporting this issue.\r\n\r\n *\r\n\r\n QuickTime\r\n\r\n CVE-ID: CVE-2010-3790\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue exists in QuickTime's handling of movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of movie files. Credit to Honggang Ren of Fortinet's FortiGuard Labs for reporting this issue.\r\n\r\n *\r\n\r\n QuickTime\r\n\r\n CVE-ID: CVE-2010-3791\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A buffer overflow exists in QuickTime's handling of MPEG encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.\r\n\r\n *\r\n\r\n QuickTime\r\n\r\n CVE-ID: CVE-2010-3792\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A signedness issue exists in QuickTime's handling of MPEG encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of MPEG encoded movie files. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.\r\n\r\n *\r\n\r\n QuickTime\r\n\r\n CVE-ID: CVE-2010-3793\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue exists in the handling of Sorenson encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved validation of Sorenson encoded movie files. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative and Carsten Eiram of Secunia Research for reporting this issue.\r\n\r\n *\r\n\r\n QuickTime\r\n\r\n CVE-ID: CVE-2010-3794\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted FlashPix image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An uninitialized memory access issue exists in QuickTime's handling of FlashPix images. Viewing a maliciously crafted FlashPix image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.\r\n\r\n *\r\n\r\n QuickTime\r\n\r\n CVE-ID: CVE-2010-3795\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted GIF image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An unitialized memory access issue exists in QuickTime's handling of GIF images. Viewing a maliciously crafted GIF image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.\r\n\r\n *\r\n\r\n Safari RSS\r\n\r\n CVE-ID: CVE-2010-3796\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Accessing a maliciously crafted "feed:" URL may lead to the disclosure of sensitive information\r\n\r\n Description: Java applets are allowed in RSS feeds. Since Java applets can modify the loading DOM, accessing a maliciously crafted "feed:" URL may lead to the disclosure of sensitive information. This issue is addressed by disallowing Java applets in RSS feeds. Credit to Jason Hullinger of IOActive for reporting this issue.\r\n\r\n *\r\n\r\n Time Machine\r\n\r\n CVE-ID: CVE-2010-1803\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A remote attacker may access a user's Time Machine information\r\n\r\n Description: The user may designate a remote AFP volume to be used for Time Machine backups. Time Machine does not verify that the same physical device is being used for subsequent backup operations. An attacker who is able to spoof the remote AFP volume can gain access to the user's backup information. This issue is addressed by verifying the unique identifier associated with a disk for backup operations. This issue does not affect Mac OS X v10.5 systems. Credit to Renaud Deraison of Tenable Network Security, Inc. for reporting this issue.\r\n\r\n *\r\n\r\n Wiki Server\r\n\r\n CVE-ID: CVE-2010-3797\r\n\r\n Available for: Mac OS X Server v10.5.8, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A user who can edit wiki pages may obtain the credentials of other users\r\n\r\n Description: A JavaScript injection issue exists in Wiki Server. A user who can edit wiki pages may obtain the credentials of any user who visits the edited pages. This issue is addressed through improved input validation. This issue only affects Mac OS X Server systems. Credit: Apple.\r\n\r\n *\r\n\r\n X11\r\n\r\n CVE-ID: CVE-2010-1205, CVE-2010-2249, CVE-2010-0205\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Multiple vulnerabilities in libpng version 1.2.41\r\n\r\n Description: Multiple vulnerabilities exist in libpng version 1.2.42, the most serious of which may lead to arbitrary code execution. These issues are addressed by updating to version 1.2.44. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html\r\n\r\n *\r\n\r\n X11\r\n\r\n CVE-ID: CVE-2009-0946, CVE-2010-2497, CVE-2010-2498, CVE-2010-2499, CVE-2010-2500, CVE-2010-2519, CVE-2010-2520, CVE-2010-2805, CVE-2010-2806, CVE-2010-2807, CVE-2010-2808, CVE-2010-3053, CVE-2010-3054\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Multiple vulnerabilities in FreeType 2.3.9\r\n\r\n Description: Multiple vulnerabilities exist in FreeType 2.3.9, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font. These issues are addressed by updating FreeType to version 2.4.2. Further information is available via the FreeType site at http://www.freetype.org/\r\n\r\n *\r\n\r\n xar\r\n\r\n CVE-ID: CVE-2010-3798\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Extracting a maliciously crafted xar archive may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A heap buffer overflow exists in xar. Extracting a maliciously crafted xar archive may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.6. Credit: Apple.\r\n\r\n", "modified": "2010-11-18T00:00:00", "published": "2010-11-18T00:00:00", "id": "SECURITYVULNS:DOC:25153", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:25153", "title": "About the security content of Mac OS X v10.6.5 and Security Update 2010-007", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2019-05-29T17:22:31", "bulletinFamily": "unix", "description": "Marc Schoenefeld discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS. (CVE-2010-3311)\n\nChris Evans discovered that FreeType did not correctly handle certain malformed TrueType font files. If a user were tricked into using a specially crafted TrueType file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. This issue only affected Ubuntu 8.04 LTS, 9.10, 10.04 LTS and 10.10. (CVE-2010-3814)\n\nIt was discovered that FreeType did not correctly handle certain malformed TrueType font files. If a user were tricked into using a specially crafted TrueType file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. (CVE-2010-3855)", "modified": "2010-11-04T00:00:00", "published": "2010-11-04T00:00:00", "id": "USN-1013-1", "href": "https://usn.ubuntu.com/1013-1/", "title": "FreeType vulnerabilities", "type": "ubuntu", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:22", "bulletinFamily": "unix", "description": "### Background\n\nFreeType is a high-quality and portable font engine.\n\n### Description\n\nMultiple vulnerabilities have been discovered in FreeType. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted font, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application, or a Denial of Service. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll FreeType users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/freetype-2.4.8\"", "modified": "2012-01-23T00:00:00", "published": "2012-01-23T00:00:00", "id": "GLSA-201201-09", "href": "https://security.gentoo.org/glsa/201201-09", "type": "gentoo", "title": "FreeType: Multiple vulnerabilities", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T12:43:04", "bulletinFamily": "unix", "description": "Specially crafted font files could have caused buffer\n overflows in freetype, which could have been exploited for\n remote code execution.\n", "modified": "2012-04-23T18:08:18", "published": "2012-04-23T18:08:18", "id": "SUSE-SU-2012:0553-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00020.html", "title": "Security update for freetype2 (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}