Lucene search
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_11_3_LIBFREETYPE6-100812.NASLHistoryJun 13, 2014 - 12:00 a.m.
openSUSE Security Update : libfreetype6 (openSUSE-SU-2010:0549-1)
2014-06-1300:00:00
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
10
This update of freetype2 fixes several vulnerabilities that could lead to remote system compromise by executing arbitrary code with user privileges :
-
CVE-2010-1797: stack-based buffer overflow while processing CFF opcodes
-
CVE-2010-2497: integer underflow
-
CVE-2010-2498: invalid free
-
CVE-2010-2499: buffer overflow
-
CVE-2010-2500: integer overflow
-
CVE-2010-2519: heap buffer overflow
-
CVE-2010-2520: heap buffer overflow
-
CVE-2010-2527: buffer overflows in the freetype demo
-
CVE-2010-2541: buffer overflow in ftmulti demo program
-
CVE-2010-2805: improper bounds checking
-
CVE-2010-2806: improper bounds checking
-
CVE-2010-2807: improper type comparisons
-
CVE-2010-2808: memory corruption flaw by processing certain LWFN fonts
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update libfreetype6-2918.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(75578);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2010-1797", "CVE-2010-2497", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2500", "CVE-2010-2519", "CVE-2010-2520", "CVE-2010-2527", "CVE-2010-2541", "CVE-2010-2805", "CVE-2010-2806", "CVE-2010-2807", "CVE-2010-2808");
script_name(english:"openSUSE Security Update : libfreetype6 (openSUSE-SU-2010:0549-1)");
script_summary(english:"Check for the libfreetype6-2918 patch");
script_set_attribute(
attribute:"synopsis",
value:"The remote openSUSE host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"This update of freetype2 fixes several vulnerabilities that could lead
to remote system compromise by executing arbitrary code with user
privileges :
- CVE-2010-1797: stack-based buffer overflow while
processing CFF opcodes
- CVE-2010-2497: integer underflow
- CVE-2010-2498: invalid free
- CVE-2010-2499: buffer overflow
- CVE-2010-2500: integer overflow
- CVE-2010-2519: heap buffer overflow
- CVE-2010-2520: heap buffer overflow
- CVE-2010-2527: buffer overflows in the freetype demo
- CVE-2010-2541: buffer overflow in ftmulti demo program
- CVE-2010-2805: improper bounds checking
- CVE-2010-2806: improper bounds checking
- CVE-2010-2807: improper type comparisons
- CVE-2010-2808: memory corruption flaw by processing
certain LWFN fonts"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=619562"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=628213"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=629447"
);
script_set_attribute(
attribute:"see_also",
value:"https://lists.opensuse.org/opensuse-updates/2010-08/msg00060.html"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected libfreetype6 packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
script_set_attribute(attribute:"canvas_package", value:'White_Phosphorus');
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreetype6");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreetype6-32bit");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.3");
script_set_attribute(attribute:"patch_publication_date", value:"2010/08/12");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE11\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.3", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE11.3", reference:"libfreetype6-2.3.12-7.1.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", cpu:"x86_64", reference:"libfreetype6-32bit-2.3.12-7.1.1") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "freetype2");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | opensuse | libfreetype6 | p-cpe:/a:novell:opensuse:libfreetype6 |
| novell | opensuse | libfreetype6-32bit | p-cpe:/a:novell:opensuse:libfreetype6-32bit |
| novell | opensuse | 11.3 | cpe:/o:novell:opensuse:11.3 |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1797
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2497
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2498
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2499
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2500
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2519
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2520
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2527
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2541
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2805
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2806
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2807
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2808
bugzilla.novell.com/show_bug.cgi?id=619562
bugzilla.novell.com/show_bug.cgi?id=628213
bugzilla.novell.com/show_bug.cgi?id=629447
lists.opensuse.org/opensuse-updates/2010-08/msg00060.html
Related
nessus
nessus
SuSE9 Security Update : freetype2 (YOU Patch Number 12630)
2010-08-27 00:00:00
openSUSE Security Update : freetype2 (openSUSE-SU-2010:0549-1)
2010-08-26 00:00:00
SuSE 10 Security Update : freetype2 (ZYPP Patch Number 7121)
2010-10-11 00:00:00
openvas
openvas
Fedora Update for freetype FEDORA-2010-15785
2010-11-16 00:00:00
Fedora Update for freetype FEDORA-2010-15785
2010-11-16 00:00:00
Fedora Update for freetype FEDORA-2010-15705
2010-10-22 00:00:00
fedora
fedora
[SECURITY] Fedora 13 Update: freetype-2.3.11-6.fc13
2010-10-19 07:23:19
[SECURITY] Fedora 12 Update: freetype-2.3.11-6.fc12
2010-11-01 20:53:44
[SECURITY] Fedora 13 Update: freetype-2.3.11-7.fc13
2010-11-21 21:52:29
n0where
n0where
General Purpose Fuzzing: Honggfuzz
2015-06-05 15:50:13
debian
debian
[SECURITY] [DSA 2070-1] New freetype packages fix several vulnerabilities
2010-07-14 20:04:45
[SECURITY] [DSA-2105-1] New freetype packages fix several vulnerabilities
2010-09-07 20:39:32
[SECURITY] [DSA-2105-1] New freetype packages fix several vulnerabilities
2010-09-07 20:39:32
securityvulns
securityvulns
[SECURITY] [DSA 2070-1] New freetype packages fix several vulnerabilities
2010-07-16 00:00:00
[USN-972-1] FreeType vulnerabilities
2010-08-19 00:00:00
freetype library multiple security vulnerabilities
2011-11-27 00:00:00
ubuntu
ubuntu
FreeType vulnerabilities
2010-07-20 00:00:00
FreeType vulnerabilities
2010-08-17 00:00:00
oraclelinux
oraclelinux
freetype security update
2010-07-30 00:00:00
freetype security update
2010-07-30 00:00:00
freetype security update
2010-11-16 00:00:00
centos
centos
freetype security update
2010-08-03 00:36:19
freetype security update
2010-08-16 21:19:51
freetype security update
2010-10-04 20:11:54
redhat
redhat
(RHSA-2010:0578) Important: freetype security update
2010-07-30 00:00:00
(RHSA-2010:0577) Important: freetype security update
2010-07-30 00:00:00
(RHSA-2010:0864) Important: freetype security update
2010-11-10 00:00:00
osv
osv
freetype - several vulnerabilities
2010-09-07 00:00:00
gentoo
gentoo
FreeType: Multiple vulnerabilities
2012-01-23 00:00:00
suse
suse
Security update for freetype2 (important)
2012-04-23 18:08:18
cve
cve
ubuntucve
ubuntucve
prion
prion
Buffer overflow
2010-08-19 18:00:00
Buffer overflow
2010-08-19 18:00:00
Integer overflow
2010-08-19 18:00:00
debiancve
debiancve
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:49:49
Arbitrary Code Execution
2020-04-10 00:49:49
Buffer Overflow
2020-04-10 00:49:48
exploitpack
exploitpack
Foxit Reader 4.0 - .pdf Multiple Stack Based Buffer Overflow Jailbreak
2010-08-24 00:00:00
seebug
seebug
Foxit Reader <= 4.0 pdf Jailbreak Exploit
2010-08-25 00:00:00
Foxit Reader <= 4.0 pdf Jailbreak Exploit
2014-07-01 00:00:00
packetstorm
packetstorm
Foxit Reader 4.0 PDF Jailbreak
2010-08-26 00:00:00
cert
cert
FreeType 2 CFF font stack corruption vulnerability
2010-08-05 00:00:00
exploitdb
exploitdb
threatpost
threatpost
Apple Zaps JailbreakMe Bugs in Record Time
2010-08-11 19:43:56
Related for SUSE_11_3_LIBFREETYPE6-100812.NASL