Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2012 Greenbone AGOPENVAS:1361412562310870583
HistoryApr 11, 2012 - 12:00 a.m.

RedHat Update for freetype RHSA-2012:0467-01

2012-04-1100:00:00
Copyright (C) 2012 Greenbone AG
plugins.openvas.org
15

6.8 Medium

AI Score

Confidence

Low

0.244 Low

EPSS

Percentile

96.6%

JSON

The remote host is missing an update for the

# SPDX-FileCopyrightText: 2012 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_xref(name:"URL", value:"https://www.redhat.com/archives/rhsa-announce/2012-April/msg00004.html");
  script_oid("1.3.6.1.4.1.25623.1.0.870583");
  script_tag(name:"cvss_base", value:"10.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_version("2024-03-21T05:06:54+0000");
  script_tag(name:"last_modification", value:"2024-03-21 05:06:54 +0000 (Thu, 21 Mar 2024)");
  script_tag(name:"creation_date", value:"2012-04-11 10:59:26 +0530 (Wed, 11 Apr 2012)");
  script_cve_id("CVE-2012-1126", "CVE-2012-1127", "CVE-2012-1130", "CVE-2012-1131",
                "CVE-2012-1132", "CVE-2012-1134", "CVE-2012-1136", "CVE-2012-1137",
                "CVE-2012-1139", "CVE-2012-1140", "CVE-2012-1141", "CVE-2012-1142",
                "CVE-2012-1143", "CVE-2012-1144");
  script_xref(name:"RHSA", value:"2012:0467-01");
  script_name("RedHat Update for freetype RHSA-2012:0467-01");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'freetype'
  package(s) announced via the referenced advisory.");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2012 Greenbone AG");
  script_family("Red Hat Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/rhel", "ssh/login/rpms", re:"ssh/login/release=RHENT_5");
  script_tag(name:"affected", value:"freetype on Red Hat Enterprise Linux (v. 5 server)");
  script_tag(name:"solution", value:"Please Install the Updated Packages.");
  script_tag(name:"insight", value:"FreeType is a free, high-quality, portable font engine that can open and
  manage font files. It also loads, hints, and renders individual glyphs
  efficiently.

  Multiple flaws were found in the way FreeType handled TrueType Font (TTF),
  Glyph Bitmap Distribution Format (BDF), Windows .fnt and .fon, and
  PostScript Type 1 fonts. If a specially-crafted font file was loaded by an
  application linked against FreeType, it could cause the application to
  crash or, potentially, execute arbitrary code with the privileges of the
  user running the application. (CVE-2012-1134, CVE-2012-1136, CVE-2012-1142,
  CVE-2012-1144)

  Multiple flaws were found in the way FreeType handled fonts in various
  formats. If a specially-crafted font file was loaded by an application
  linked against FreeType, it could cause the application to crash.
  (CVE-2012-1126, CVE-2012-1127, CVE-2012-1130, CVE-2012-1131, CVE-2012-1132,
  CVE-2012-1137, CVE-2012-1139, CVE-2012-1140, CVE-2012-1141, CVE-2012-1143)

  Red Hat would like to thank Mateusz Jurczyk of the Google Security Team for
  reporting these issues.

  Users are advised to upgrade to these updated packages, which contain a
  backported patch to correct these issues. The X server must be restarted
  (log out, then log back in) for this update to take effect.");
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release) exit(0);

res = "";

if(release == "RHENT_5")
{

  if ((res = isrpmvuln(pkg:"freetype", rpm:"freetype~2.2.1~31.el5_8.1", rls:"RHENT_5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"freetype-debuginfo", rpm:"freetype-debuginfo~2.2.1~31.el5_8.1", rls:"RHENT_5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"freetype-demos", rpm:"freetype-demos~2.2.1~31.el5_8.1", rls:"RHENT_5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"freetype-devel", rpm:"freetype-devel~2.2.1~31.el5_8.1", rls:"RHENT_5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99);
  exit(0);
}

Related

openvas 28
redhat 1
nessus 17
oraclelinux 1
centos 1
mozilla 1
suse 6
ubuntu 1
gentoo 1
freebsd 2
securityvulns 5
debian 1
slackware 1
amazon 1
veracode 14
debiancve 14
cvelist 14
cve 14
ubuntucve 14
prion 14
openvas
openvas
CentOS Update for freetype CESA-2012:0467 centos5
2012-07-30 00:00:00
CentOS Update for freetype CESA-2012:0467 centos6
2012-07-30 00:00:00
RedHat Update for freetype RHSA-2012:0467-01
2012-04-11 00:00:00
redhat
redhat
(RHSA-2012:0467) Important: freetype security update
2012-04-10 00:00:00
nessus
nessus
Scientific Linux Security Update : freetype on SL5.x, SL6.x i386/x86_64 (20120410)
2012-08-01 00:00:00
CentOS 5 / 6 : freetype (CESA-2012:0467)
2012-04-11 00:00:00
RHEL 5 / 6 : freetype (RHSA-2012:0467)
2012-04-11 00:00:00
oraclelinux
oraclelinux
freetype security update
2012-04-10 00:00:00
centos
centos
freetype security update
2012-04-10 21:09:43
mozilla
mozilla
Multiple security flaws fixed in FreeType v2.4.9 — Mozilla
2012-04-24 00:00:00
suse
suse
freetype2 update (important)
2012-04-12 10:09:06
Security update for freetype2 (important)
2012-04-11 21:08:19
Security update for freetype2 (important)
2012-04-11 20:08:18
ubuntu
ubuntu
FreeType vulnerabilities
2012-03-23 00:00:00
gentoo
gentoo
FreeType: Multiple vulnerabilities
2012-04-17 00:00:00
freebsd
freebsd
freetype -- multiple vulnerabilities
2012-03-08 00:00:00
mozilla -- multiple vulnerabilities
2012-04-24 00:00:00
securityvulns
securityvulns
FreeType multiple security vulnerabilitiles
2012-03-09 00:00:00
[SECURITY] [DSA 2428-1] freetype security update
2012-03-09 00:00:00
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2012-05-09 00:00:00
debian
debian
[SECURITY] [DSA 2428-1] freetype security update
2012-03-08 21:06:09
slackware
slackware
[slackware-security] freetype
2012-06-25 15:27:37
amazon
amazon
Important: freetype
2012-04-30 14:46:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 01:09:33
Arbitrary Code Execution
2020-04-10 01:09:33
Denial Of Service (DoS)
2020-04-10 01:09:35
debiancve
debiancve
CVE-2012-1134
2012-04-25 10:10:00
CVE-2012-1140
2012-04-25 10:10:00
CVE-2012-1131
2012-04-25 10:10:00
cvelist
cvelist
CVE-2012-1132
2012-04-25 10:00:00
CVE-2012-1144
2012-04-25 10:00:00
CVE-2012-1140
2012-04-25 10:00:00
cve
cve
CVE-2012-1132
2012-04-25 10:10:00
CVE-2012-1144
2012-04-25 10:10:00
CVE-2012-1141
2012-04-25 10:10:00
ubuntucve
ubuntucve
CVE-2012-1136
2012-03-07 00:00:00
CVE-2012-1142
2012-03-07 00:00:00
CVE-2012-1137
2012-03-07 00:00:00
prion
prion
Heap overflow
2012-04-25 10:10:00
Heap overflow
2012-04-25 10:10:00
Memory corruption
2012-04-25 10:10:00

6.8 Medium

AI Score

Confidence

Low

0.244 Low

EPSS

Percentile

96.6%

JSON
Related for OPENVAS:1361412562310870583
openvas28redhat1nessus17oraclelinux1centos1mozilla1suse6ubuntu1gentoo1freebsd2securityvulns5debian1slackware1amazon1veracode14debiancve14cvelist14cve14ubuntucve14prion14