CentOS Update for freetype CESA-2010:0577 centos3 i386
2010-08-20T00:00:00
ID OPENVAS:1361412562310880403 Type openvas Reporter Copyright (c) 2010 Greenbone Networks GmbH Modified 2018-01-02T00:00:00
Description
Check for the Version of freetype
###############################################################################
# OpenVAS Vulnerability Test
#
# CentOS Update for freetype CESA-2010:0577 centos3 i386
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
tag_insight = "FreeType is a free, high-quality, portable font engine that can open and
manage font files. It also loads, hints, and renders individual glyphs
efficiently. These packages provide both the FreeType 1 and FreeType 2 font
engines.
An integer overflow flaw was found in the way the FreeType font engine
processed font files. If a user loaded a carefully-crafted font file with
an application linked against FreeType, it could cause the application to
crash or, possibly, execute arbitrary code with the privileges of the user
running the application. (CVE-2010-2500)
Several buffer overflow flaws were found in the FreeType demo applications.
If a user loaded a carefully-crafted font file with a demo application, it
could cause the application to crash or, possibly, execute arbitrary code
with the privileges of the user running the application. (CVE-2010-2527,
CVE-2010-2541)
Red Hat would like to thank Robert Swiecki of the Google Security Team for
the discovery of the CVE-2010-2500 and CVE-2010-2527 issues.
Note: All of the issues in this erratum only affect the FreeType 2 font
engine.
Users are advised to upgrade to these updated packages, which contain
backported patches to correct these issues. The X server must be restarted
(log out, then log back in) for this update to take effect.";
tag_solution = "Please Install the Updated Packages.";
tag_affected = "freetype on CentOS 3";
if(description)
{
script_xref(name : "URL" , value : "http://lists.centos.org/pipermail/centos-announce/2010-August/016920.html");
script_oid("1.3.6.1.4.1.25623.1.0.880403");
script_version("$Revision: 8269 $");
script_tag(name:"last_modification", value:"$Date: 2018-01-02 08:28:22 +0100 (Tue, 02 Jan 2018) $");
script_tag(name:"creation_date", value:"2010-08-20 14:57:11 +0200 (Fri, 20 Aug 2010)");
script_tag(name:"cvss_base", value:"6.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_xref(name: "CESA", value: "2010:0577");
script_cve_id("CVE-2010-2500", "CVE-2010-2527", "CVE-2010-2541");
script_name("CentOS Update for freetype CESA-2010:0577 centos3 i386");
script_tag(name: "summary" , value: "Check for the Version of freetype");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2010 Greenbone Networks GmbH");
script_family("CentOS Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/centos", "ssh/login/rpms");
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "solution" , value : tag_solution);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-rpm.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "CentOS3")
{
if ((res = isrpmvuln(pkg:"freetype", rpm:"freetype~2.1.4~15.el3", rls:"CentOS3")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"freetype-devel", rpm:"freetype-devel~2.1.4~15.el3", rls:"CentOS3")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"freetype-demos", rpm:"freetype-demos~2.1.4~15.el3", rls:"CentOS3")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"freetype-utils", rpm:"freetype-utils~2.1.4~15.el3", rls:"CentOS3")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
{"id": "OPENVAS:1361412562310880403", "type": "openvas", "bulletinFamily": "scanner", "title": "CentOS Update for freetype CESA-2010:0577 centos3 i386", "description": "Check for the Version of freetype", "published": "2010-08-20T00:00:00", "modified": "2018-01-02T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880403", "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "references": ["http://lists.centos.org/pipermail/centos-announce/2010-August/016920.html", "2010:0577"], "cvelist": ["CVE-2010-2500", "CVE-2010-2527", "CVE-2010-2541"], "lastseen": "2018-01-03T10:54:53", "viewCount": 0, "enchantments": {"score": {"value": 7.7, "vector": "NONE", "modified": "2018-01-03T10:54:53", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2010-2541", "CVE-2010-2527", "CVE-2010-0577", "CVE-2010-2500"]}, {"type": "openvas", "idList": ["OPENVAS:870301", "OPENVAS:1361412562310122337", "OPENVAS:880403", "OPENVAS:870300", "OPENVAS:1361412562310870300", "OPENVAS:880576", "OPENVAS:840461", "OPENVAS:1361412562310880576", "OPENVAS:1361412562310840461", "OPENVAS:1361412562310870301"]}, {"type": "redhat", "idList": ["RHSA-2010:0577", "RHSA-2010:0578", "RHSA-2010:0622"]}, {"type": "centos", "idList": ["CESA-2010:0578", "CESA-2010:0577"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2010-0578.NASL", "ORACLELINUX_ELSA-2010-0578.NASL", "UBUNTU_USN-963-1.NASL", "FEDORA_2010-15705.NASL", "CENTOS_RHSA-2010-0577.NASL", "REDHAT-RHSA-2010-0578.NASL", "SL_20100730_FREETYPE_FOR_SL4.NASL", "SL_20100730_FREETYPE_ON_SL3.NASL", "REDHAT-RHSA-2010-0577.NASL", "ORACLELINUX_ELSA-2010-0577.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2010-0578", "ELSA-2010-0577"]}, {"type": "ubuntu", "idList": ["USN-972-1", "USN-963-1"]}, {"type": "fedora", "idList": ["FEDORA:3F648110911", "FEDORA:0DCDA110ECC", "FEDORA:33CDB110894", "FEDORA:CAB2111090C"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2070-1:50712", "DEBIAN:DSA-2105-1:33FFA"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:24241", "SECURITYVULNS:DOC:25153", "SECURITYVULNS:DOC:24546", "SECURITYVULNS:VULN:11001"]}, {"type": "n0where", "idList": ["N0WHERE:31614"]}, {"type": "gentoo", "idList": ["GLSA-201201-09"]}, {"type": "suse", "idList": ["SUSE-SU-2012:0553-1"]}], "modified": "2018-01-03T10:54:53", "rev": 2}, "vulnersScore": 7.7}, "pluginID": "1361412562310880403", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for freetype CESA-2010:0577 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"FreeType is a free, high-quality, portable font engine that can open and\n manage font files. It also loads, hints, and renders individual glyphs\n efficiently. These packages provide both the FreeType 1 and FreeType 2 font\n engines.\n\n An integer overflow flaw was found in the way the FreeType font engine\n processed font files. If a user loaded a carefully-crafted font file with\n an application linked against FreeType, it could cause the application to\n crash or, possibly, execute arbitrary code with the privileges of the user\n running the application. (CVE-2010-2500)\n \n Several buffer overflow flaws were found in the FreeType demo applications.\n If a user loaded a carefully-crafted font file with a demo application, it\n could cause the application to crash or, possibly, execute arbitrary code\n with the privileges of the user running the application. (CVE-2010-2527,\n CVE-2010-2541)\n \n Red Hat would like to thank Robert Swiecki of the Google Security Team for\n the discovery of the CVE-2010-2500 and CVE-2010-2527 issues.\n \n Note: All of the issues in this erratum only affect the FreeType 2 font\n engine.\n \n Users are advised to upgrade to these updated packages, which contain\n backported patches to correct these issues. The X server must be restarted\n (log out, then log back in) for this update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"freetype on CentOS 3\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2010-August/016920.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880403\");\n script_version(\"$Revision: 8269 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-02 08:28:22 +0100 (Tue, 02 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-20 14:57:11 +0200 (Fri, 20 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2010:0577\");\n script_cve_id(\"CVE-2010-2500\", \"CVE-2010-2527\", \"CVE-2010-2541\");\n script_name(\"CentOS Update for freetype CESA-2010:0577 centos3 i386\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of freetype\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.1.4~15.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.1.4~15.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.1.4~15.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-utils\", rpm:\"freetype-utils~2.1.4~15.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "naslFamily": "CentOS Local Security Checks"}
{"cve": [{"lastseen": "2020-12-09T19:34:40", "description": "Buffer overflow in ftmulti.c in the ftmulti demo program in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.", "edition": 5, "cvss3": {}, "published": "2010-08-19T18:00:00", "title": "CVE-2010-2541", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2541"], "modified": "2012-12-19T04:28:00", "cpe": ["cpe:/a:freetype:freetype:2.3.4", "cpe:/a:freetype:freetype:2.0.6", "cpe:/a:freetype:freetype:2.1", "cpe:/a:freetype:freetype:2.3.7", "cpe:/a:freetype:freetype:2.0.9", "cpe:/a:freetype:freetype:2.2.1", "cpe:/a:freetype:freetype:2.1.9", "cpe:/a:freetype:freetype:2.1.4", "cpe:/a:freetype:freetype:2.3.5", "cpe:/a:freetype:freetype:2.3.10", "cpe:/a:freetype:freetype:2.3.11", "cpe:/a:freetype:freetype:2.2", "cpe:/a:freetype:freetype:2.1.6", "cpe:/a:freetype:freetype:2.3.6", "cpe:/a:freetype:freetype:2.1.8", "cpe:/a:freetype:freetype:2.1.5", "cpe:/a:freetype:freetype:2.3.3", "cpe:/a:freetype:freetype:2.3.9", "cpe:/a:freetype:freetype:2.1.10", "cpe:/a:freetype:freetype:2.3.2", "cpe:/a:freetype:freetype:2.4.1", "cpe:/a:freetype:freetype:2.1.8_rc1", "cpe:/a:freetype:freetype:2.3.1", "cpe:/a:freetype:freetype:2.3.0", "cpe:/a:freetype:freetype:2.4.0", "cpe:/a:freetype:freetype:1.3.1", "cpe:/a:freetype:freetype:2.1.3", "cpe:/a:freetype:freetype:2.3.8", "cpe:/a:freetype:freetype:2.2.10", "cpe:/a:freetype:freetype:2.1.7", "cpe:/a:freetype:freetype:2.3.12"], "id": "CVE-2010-2541", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2541", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:freetype:freetype:2.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.1.8_rc1:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.3.12:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:34:40", "description": "Integer overflow in the gray_render_span function in smooth/ftgrays.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.", "edition": 5, "cvss3": {}, "published": "2010-08-19T18:00:00", "title": "CVE-2010-2500", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2500"], "modified": "2012-12-19T04:28:00", "cpe": ["cpe:/a:freetype:freetype:2.3.4", "cpe:/a:freetype:freetype:2.0.6", "cpe:/a:freetype:freetype:2.1", "cpe:/a:freetype:freetype:2.3.7", "cpe:/a:freetype:freetype:2.0.9", "cpe:/a:freetype:freetype:2.2.1", "cpe:/a:freetype:freetype:2.1.9", "cpe:/a:freetype:freetype:2.1.4", "cpe:/a:freetype:freetype:2.3.5", "cpe:/a:freetype:freetype:2.3.10", "cpe:/a:freetype:freetype:2.3.11", "cpe:/a:freetype:freetype:2.2", "cpe:/a:freetype:freetype:2.1.6", "cpe:/a:freetype:freetype:2.3.6", "cpe:/a:freetype:freetype:2.1.8", "cpe:/a:freetype:freetype:2.1.5", "cpe:/a:freetype:freetype:2.3.3", "cpe:/a:freetype:freetype:2.3.9", "cpe:/a:freetype:freetype:2.1.10", "cpe:/a:freetype:freetype:2.3.2", "cpe:/a:freetype:freetype:2.1.8_rc1", "cpe:/a:freetype:freetype:2.3.1", "cpe:/a:freetype:freetype:2.3.0", "cpe:/a:freetype:freetype:1.3.1", "cpe:/a:freetype:freetype:2.1.3", "cpe:/a:freetype:freetype:2.3.8", "cpe:/a:freetype:freetype:2.2.10", "cpe:/a:freetype:freetype:2.1.7", "cpe:/a:freetype:freetype:2.3.12"], "id": "CVE-2010-2500", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2500", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:freetype:freetype:2.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.1.8_rc1:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.3.12:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:34:40", "description": "Multiple buffer overflows in demo programs in FreeType before 2.4.0 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.", "edition": 5, "cvss3": {}, "published": "2010-08-19T18:00:00", "title": "CVE-2010-2527", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2527"], "modified": "2012-12-19T04:28:00", "cpe": ["cpe:/a:freetype:freetype:2.3.4", "cpe:/a:freetype:freetype:2.0.6", "cpe:/a:freetype:freetype:2.1", "cpe:/a:freetype:freetype:2.3.7", "cpe:/a:freetype:freetype:2.0.9", "cpe:/a:freetype:freetype:2.2.1", "cpe:/a:freetype:freetype:2.1.9", "cpe:/a:freetype:freetype:2.1.4", "cpe:/a:freetype:freetype:2.3.5", "cpe:/a:freetype:freetype:2.3.10", "cpe:/a:freetype:freetype:2.3.11", "cpe:/a:freetype:freetype:2.2", "cpe:/a:freetype:freetype:2.1.6", "cpe:/a:freetype:freetype:2.3.6", "cpe:/a:freetype:freetype:2.1.8", "cpe:/a:freetype:freetype:2.1.5", "cpe:/a:freetype:freetype:2.3.3", "cpe:/a:freetype:freetype:2.3.9", "cpe:/a:freetype:freetype:2.1.10", "cpe:/a:freetype:freetype:2.3.2", "cpe:/a:freetype:freetype:2.1.8_rc1", "cpe:/a:freetype:freetype:2.3.1", "cpe:/a:freetype:freetype:2.3.0", "cpe:/a:freetype:freetype:1.3.1", "cpe:/a:freetype:freetype:2.1.3", "cpe:/a:freetype:freetype:2.3.8", "cpe:/a:freetype:freetype:2.2.10", "cpe:/a:freetype:freetype:2.1.7", "cpe:/a:freetype:freetype:2.3.12"], "id": "CVE-2010-2527", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2527", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:freetype:freetype:2.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.1.8_rc1:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.3.12:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-12-15T11:58:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2500", "CVE-2010-2527", "CVE-2010-2541"], "description": "Check for the Version of freetype", "modified": "2017-12-15T00:00:00", "published": "2010-08-20T00:00:00", "id": "OPENVAS:880403", "href": "http://plugins.openvas.org/nasl.php?oid=880403", "type": "openvas", "title": "CentOS Update for freetype CESA-2010:0577 centos3 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for freetype CESA-2010:0577 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"FreeType is a free, high-quality, portable font engine that can open and\n manage font files. It also loads, hints, and renders individual glyphs\n efficiently. These packages provide both the FreeType 1 and FreeType 2 font\n engines.\n\n An integer overflow flaw was found in the way the FreeType font engine\n processed font files. If a user loaded a carefully-crafted font file with\n an application linked against FreeType, it could cause the application to\n crash or, possibly, execute arbitrary code with the privileges of the user\n running the application. (CVE-2010-2500)\n \n Several buffer overflow flaws were found in the FreeType demo applications.\n If a user loaded a carefully-crafted font file with a demo application, it\n could cause the application to crash or, possibly, execute arbitrary code\n with the privileges of the user running the application. (CVE-2010-2527,\n CVE-2010-2541)\n \n Red Hat would like to thank Robert Swiecki of the Google Security Team for\n the discovery of the CVE-2010-2500 and CVE-2010-2527 issues.\n \n Note: All of the issues in this erratum only affect the FreeType 2 font\n engine.\n \n Users are advised to upgrade to these updated packages, which contain\n backported patches to correct these issues. The X server must be restarted\n (log out, then log back in) for this update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"freetype on CentOS 3\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2010-August/016920.html\");\n script_id(880403);\n script_version(\"$Revision: 8130 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-15 07:31:09 +0100 (Fri, 15 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-20 14:57:11 +0200 (Fri, 20 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2010:0577\");\n script_cve_id(\"CVE-2010-2500\", \"CVE-2010-2527\", \"CVE-2010-2541\");\n script_name(\"CentOS Update for freetype CESA-2010:0577 centos3 i386\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of freetype\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.1.4~15.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.1.4~15.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.1.4~15.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-utils\", rpm:\"freetype-utils~2.1.4~15.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-19T15:04:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2500", "CVE-2010-2527", "CVE-2010-2541"], "description": "Check for the Version of freetype", "modified": "2018-01-19T00:00:00", "published": "2010-08-02T00:00:00", "id": "OPENVAS:1361412562310870301", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870301", "type": "openvas", "title": "RedHat Update for freetype RHSA-2010:0577-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for freetype RHSA-2010:0577-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"FreeType is a free, high-quality, portable font engine that can open and\n manage font files. It also loads, hints, and renders individual glyphs\n efficiently. These packages provide both the FreeType 1 and FreeType 2 font\n engines.\n\n An integer overflow flaw was found in the way the FreeType font engine\n processed font files. If a user loaded a carefully-crafted font file with\n an application linked against FreeType, it could cause the application to\n crash or, possibly, execute arbitrary code with the privileges of the user\n running the application. (CVE-2010-2500)\n \n Several buffer overflow flaws were found in the FreeType demo applications.\n If a user loaded a carefully-crafted font file with a demo application, it\n could cause the application to crash or, possibly, execute arbitrary code\n with the privileges of the user running the application. (CVE-2010-2527,\n CVE-2010-2541)\n \n Red Hat would like to thank Robert Swiecki of the Google Security Team for\n the discovery of the CVE-2010-2500 and CVE-2010-2527 issues.\n \n Note: All of the issues in this erratum only affect the FreeType 2 font\n engine.\n \n Users are advised to upgrade to these updated packages, which contain\n backported patches to correct these issues. The X server must be restarted\n (log out, then log back in) for this update to take effect.\";\n\ntag_affected = \"freetype on Red Hat Enterprise Linux AS version 3,\n Red Hat Enterprise Linux ES version 3,\n Red Hat Enterprise Linux WS version 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2010-July/msg00025.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870301\");\n script_version(\"$Revision: 8469 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-19 08:58:21 +0100 (Fri, 19 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-02 12:38:17 +0200 (Mon, 02 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2010:0577-01\");\n script_cve_id(\"CVE-2010-2500\", \"CVE-2010-2527\", \"CVE-2010-2541\");\n script_name(\"RedHat Update for freetype RHSA-2010:0577-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of freetype\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_3\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.1.4~15.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-debuginfo\", rpm:\"freetype-debuginfo~2.1.4~15.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.1.4~15.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-21T11:32:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2500", "CVE-2010-2527", "CVE-2010-2541"], "description": "Check for the Version of freetype", "modified": "2017-12-21T00:00:00", "published": "2010-08-02T00:00:00", "id": "OPENVAS:870301", "href": "http://plugins.openvas.org/nasl.php?oid=870301", "type": "openvas", "title": "RedHat Update for freetype RHSA-2010:0577-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for freetype RHSA-2010:0577-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"FreeType is a free, high-quality, portable font engine that can open and\n manage font files. It also loads, hints, and renders individual glyphs\n efficiently. These packages provide both the FreeType 1 and FreeType 2 font\n engines.\n\n An integer overflow flaw was found in the way the FreeType font engine\n processed font files. If a user loaded a carefully-crafted font file with\n an application linked against FreeType, it could cause the application to\n crash or, possibly, execute arbitrary code with the privileges of the user\n running the application. (CVE-2010-2500)\n \n Several buffer overflow flaws were found in the FreeType demo applications.\n If a user loaded a carefully-crafted font file with a demo application, it\n could cause the application to crash or, possibly, execute arbitrary code\n with the privileges of the user running the application. (CVE-2010-2527,\n CVE-2010-2541)\n \n Red Hat would like to thank Robert Swiecki of the Google Security Team for\n the discovery of the CVE-2010-2500 and CVE-2010-2527 issues.\n \n Note: All of the issues in this erratum only affect the FreeType 2 font\n engine.\n \n Users are advised to upgrade to these updated packages, which contain\n backported patches to correct these issues. The X server must be restarted\n (log out, then log back in) for this update to take effect.\";\n\ntag_affected = \"freetype on Red Hat Enterprise Linux AS version 3,\n Red Hat Enterprise Linux ES version 3,\n Red Hat Enterprise Linux WS version 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2010-July/msg00025.html\");\n script_id(870301);\n script_version(\"$Revision: 8205 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-21 07:30:37 +0100 (Thu, 21 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-02 12:38:17 +0200 (Mon, 02 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2010:0577-01\");\n script_cve_id(\"CVE-2010-2500\", \"CVE-2010-2527\", \"CVE-2010-2541\");\n script_name(\"RedHat Update for freetype RHSA-2010:0577-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of freetype\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_3\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.1.4~15.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-debuginfo\", rpm:\"freetype-debuginfo~2.1.4~15.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.1.4~15.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-22T13:05:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2500", "CVE-2010-2527", "CVE-2010-2519", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2541"], "description": "Check for the Version of freetype", "modified": "2018-01-22T00:00:00", "published": "2010-08-02T00:00:00", "id": "OPENVAS:1361412562310870300", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870300", "type": "openvas", "title": "RedHat Update for freetype RHSA-2010:0578-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for freetype RHSA-2010:0578-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"FreeType is a free, high-quality, portable font engine that can open and\n manage font files. It also loads, hints, and renders individual glyphs\n efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide\n both the FreeType 1 and FreeType 2 font engines. The freetype packages for\n Red Hat Enterprise Linux 5 provide only the FreeType 2 font engine.\n\n An invalid memory management flaw was found in the way the FreeType font\n engine processed font files. If a user loaded a carefully-crafted font file\n with an application linked against FreeType, it could cause the application\n to crash or, possibly, execute arbitrary code with the privileges of the\n user running the application. (CVE-2010-2498)\n \n An integer overflow flaw was found in the way the FreeType font engine\n processed font files. If a user loaded a carefully-crafted font file with\n an application linked against FreeType, it could cause the application to\n crash or, possibly, execute arbitrary code with the privileges of the user\n running the application. (CVE-2010-2500)\n \n Several buffer overflow flaws were found in the way the FreeType font\n engine processed font files. If a user loaded a carefully-crafted font file\n with an application linked against FreeType, it could cause the application\n to crash or, possibly, execute arbitrary code with the privileges of the\n user running the application. (CVE-2010-2499, CVE-2010-2519)\n \n Several buffer overflow flaws were found in the FreeType demo applications.\n If a user loaded a carefully-crafted font file with a demo application, it\n could cause the application to crash or, possibly, execute arbitrary code\n with the privileges of the user running the application. (CVE-2010-2527,\n CVE-2010-2541)\n \n Red Hat would like to thank Robert Swiecki of the Google Security Team for\n the discovery of the CVE-2010-2498, CVE-2010-2500, CVE-2010-2499,\n CVE-2010-2519, and CVE-2010-2527 issues.\n \n Note: All of the issues in this erratum only affect the FreeType 2 font\n engine.\n \n Users are advised to upgrade to these updated packages, which contain\n backported patches to correct these issues. The X server must be restarted\n (log out, then log back in) for this update to take effect.\";\n\ntag_affected = \"freetype on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2010-July/msg00026.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870300\");\n script_version(\"$Revision: 8485 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-22 08:57:57 +0100 (Mon, 22 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-02 12:38:17 +0200 (Mon, 02 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2010:0578-01\");\n script_cve_id(\"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2527\", \"CVE-2010-2541\");\n script_name(\"RedHat Update for freetype RHSA-2010:0578-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of freetype\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.2.1~25.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-debuginfo\", rpm:\"freetype-debuginfo~2.2.1~25.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.2.1~25.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.2.1~25.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.1.9~14.el4.8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-debuginfo\", rpm:\"freetype-debuginfo~2.1.9~14.el4.8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.1.9~14.el4.8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.1.9~14.el4.8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-utils\", rpm:\"freetype-utils~2.1.9~14.el4.8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2500", "CVE-2010-2527", "CVE-2010-2519", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2541"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:1361412562310880576", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880576", "type": "openvas", "title": "CentOS Update for freetype CESA-2010:0578 centos5 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for freetype CESA-2010:0578 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2010-August/016855.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880576\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2010:0578\");\n script_cve_id(\"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2527\", \"CVE-2010-2541\");\n script_name(\"CentOS Update for freetype CESA-2010:0578 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'freetype'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"freetype on CentOS 5\");\n script_tag(name:\"insight\", value:\"FreeType is a free, high-quality, portable font engine that can open and\n manage font files. It also loads, hints, and renders individual glyphs\n efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide\n both the FreeType 1 and FreeType 2 font engines. The freetype packages for\n Red Hat Enterprise Linux 5 provide only the FreeType 2 font engine.\n\n An invalid memory management flaw was found in the way the FreeType font\n engine processed font files. If a user loaded a carefully-crafted font file\n with an application linked against FreeType, it could cause the application\n to crash or, possibly, execute arbitrary code with the privileges of the\n user running the application. (CVE-2010-2498)\n\n An integer overflow flaw was found in the way the FreeType font engine\n processed font files. If a user loaded a carefully-crafted font file with\n an application linked against FreeType, it could cause the application to\n crash or, possibly, execute arbitrary code with the privileges of the user\n running the application. (CVE-2010-2500)\n\n Several buffer overflow flaws were found in the way the FreeType font\n engine processed font files. If a user loaded a carefully-crafted font file\n with an application linked against FreeType, it could cause the application\n to crash or, possibly, execute arbitrary code with the privileges of the\n user running the application. (CVE-2010-2499, CVE-2010-2519)\n\n Several buffer overflow flaws were found in the FreeType demo applications.\n If a user loaded a carefully-crafted font file with a demo application, it\n could cause the application to crash or, possibly, execute arbitrary code\n with the privileges of the user running the application. (CVE-2010-2527,\n CVE-2010-2541)\n\n Red Hat would like to thank Robert Swiecki of the Google Security Team for\n the discovery of the CVE-2010-2498, CVE-2010-2500, CVE-2010-2499,\n CVE-2010-2519, and CVE-2010-2527 issues.\n\n Note: All of the issues in this erratum only affect the FreeType 2 font\n engine.\n\n Users are advised to upgrade to these updated packages, which contain\n backported patches to correct these issues. The X server must be restarted\n (log out, then log back in) for this update to take effect.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.2.1~25.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.2.1~25.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.2.1~25.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-25T10:55:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2500", "CVE-2010-2527", "CVE-2010-2519", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2541"], "description": "Check for the Version of freetype", "modified": "2017-07-10T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:880576", "href": "http://plugins.openvas.org/nasl.php?oid=880576", "type": "openvas", "title": "CentOS Update for freetype CESA-2010:0578 centos5 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for freetype CESA-2010:0578 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"FreeType is a free, high-quality, portable font engine that can open and\n manage font files. It also loads, hints, and renders individual glyphs\n efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide\n both the FreeType 1 and FreeType 2 font engines. The freetype packages for\n Red Hat Enterprise Linux 5 provide only the FreeType 2 font engine.\n\n An invalid memory management flaw was found in the way the FreeType font\n engine processed font files. If a user loaded a carefully-crafted font file\n with an application linked against FreeType, it could cause the application\n to crash or, possibly, execute arbitrary code with the privileges of the\n user running the application. (CVE-2010-2498)\n \n An integer overflow flaw was found in the way the FreeType font engine\n processed font files. If a user loaded a carefully-crafted font file with\n an application linked against FreeType, it could cause the application to\n crash or, possibly, execute arbitrary code with the privileges of the user\n running the application. (CVE-2010-2500)\n \n Several buffer overflow flaws were found in the way the FreeType font\n engine processed font files. If a user loaded a carefully-crafted font file\n with an application linked against FreeType, it could cause the application\n to crash or, possibly, execute arbitrary code with the privileges of the\n user running the application. (CVE-2010-2499, CVE-2010-2519)\n \n Several buffer overflow flaws were found in the FreeType demo applications.\n If a user loaded a carefully-crafted font file with a demo application, it\n could cause the application to crash or, possibly, execute arbitrary code\n with the privileges of the user running the application. (CVE-2010-2527,\n CVE-2010-2541)\n \n Red Hat would like to thank Robert Swiecki of the Google Security Team for\n the discovery of the CVE-2010-2498, CVE-2010-2500, CVE-2010-2499,\n CVE-2010-2519, and CVE-2010-2527 issues.\n \n Note: All of the issues in this erratum only affect the FreeType 2 font\n engine.\n \n Users are advised to upgrade to these updated packages, which contain\n backported patches to correct these issues. The X server must be restarted\n (log out, then log back in) for this update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"freetype on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2010-August/016855.html\");\n script_id(880576);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2010:0578\");\n script_cve_id(\"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2527\", \"CVE-2010-2541\");\n script_name(\"CentOS Update for freetype CESA-2010:0578 centos5 i386\");\n\n script_summary(\"Check for the Version of freetype\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.2.1~25.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.2.1~25.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.2.1~25.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:54:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2500", "CVE-2010-2527", "CVE-2010-2519", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2541"], "description": "Check for the Version of freetype", "modified": "2017-12-22T00:00:00", "published": "2010-08-02T00:00:00", "id": "OPENVAS:870300", "href": "http://plugins.openvas.org/nasl.php?oid=870300", "type": "openvas", "title": "RedHat Update for freetype RHSA-2010:0578-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for freetype RHSA-2010:0578-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"FreeType is a free, high-quality, portable font engine that can open and\n manage font files. It also loads, hints, and renders individual glyphs\n efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide\n both the FreeType 1 and FreeType 2 font engines. The freetype packages for\n Red Hat Enterprise Linux 5 provide only the FreeType 2 font engine.\n\n An invalid memory management flaw was found in the way the FreeType font\n engine processed font files. If a user loaded a carefully-crafted font file\n with an application linked against FreeType, it could cause the application\n to crash or, possibly, execute arbitrary code with the privileges of the\n user running the application. (CVE-2010-2498)\n \n An integer overflow flaw was found in the way the FreeType font engine\n processed font files. If a user loaded a carefully-crafted font file with\n an application linked against FreeType, it could cause the application to\n crash or, possibly, execute arbitrary code with the privileges of the user\n running the application. (CVE-2010-2500)\n \n Several buffer overflow flaws were found in the way the FreeType font\n engine processed font files. If a user loaded a carefully-crafted font file\n with an application linked against FreeType, it could cause the application\n to crash or, possibly, execute arbitrary code with the privileges of the\n user running the application. (CVE-2010-2499, CVE-2010-2519)\n \n Several buffer overflow flaws were found in the FreeType demo applications.\n If a user loaded a carefully-crafted font file with a demo application, it\n could cause the application to crash or, possibly, execute arbitrary code\n with the privileges of the user running the application. (CVE-2010-2527,\n CVE-2010-2541)\n \n Red Hat would like to thank Robert Swiecki of the Google Security Team for\n the discovery of the CVE-2010-2498, CVE-2010-2500, CVE-2010-2499,\n CVE-2010-2519, and CVE-2010-2527 issues.\n \n Note: All of the issues in this erratum only affect the FreeType 2 font\n engine.\n \n Users are advised to upgrade to these updated packages, which contain\n backported patches to correct these issues. The X server must be restarted\n (log out, then log back in) for this update to take effect.\";\n\ntag_affected = \"freetype on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2010-July/msg00026.html\");\n script_id(870300);\n script_version(\"$Revision: 8226 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-22 07:30:26 +0100 (Fri, 22 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-02 12:38:17 +0200 (Mon, 02 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2010:0578-01\");\n script_cve_id(\"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2527\", \"CVE-2010-2541\");\n script_name(\"RedHat Update for freetype RHSA-2010:0578-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of freetype\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.2.1~25.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-debuginfo\", rpm:\"freetype-debuginfo~2.2.1~25.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.2.1~25.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.2.1~25.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.1.9~14.el4.8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-debuginfo\", rpm:\"freetype-debuginfo~2.1.9~14.el4.8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.1.9~14.el4.8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.1.9~14.el4.8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-utils\", rpm:\"freetype-utils~2.1.9~14.el4.8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:35:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2500", "CVE-2010-2527", "CVE-2010-2519", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2541"], "description": "Oracle Linux Local Security Checks ELSA-2010-0578", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310122337", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122337", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2010-0578", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2010-0578.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122337\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:17:02 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2010-0578\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2010-0578\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2010-0578.html\");\n script_cve_id(\"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2527\", \"CVE-2010-2541\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.2.1~25.el5_5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.2.1~25.el5_5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.2.1~25.el5_5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-23T13:05:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2500", "CVE-2010-2527", "CVE-2010-2520", "CVE-2010-2519", "CVE-2010-2498", "CVE-2010-2499"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-963-1", "modified": "2018-01-23T00:00:00", "published": "2010-07-23T00:00:00", "id": "OPENVAS:1361412562310840461", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840461", "type": "openvas", "title": "Ubuntu Update for freetype vulnerabilities USN-963-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_963_1.nasl 8495 2018-01-23 07:57:49Z teissa $\n#\n# Ubuntu Update for freetype vulnerabilities USN-963-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Robert Święcki discovered that FreeType did not correctly handle certain\n malformed font files. If a user were tricked into using a specially crafted\n font file, a remote attacker could execute arbitrary code with user\n privileges.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-963-1\";\ntag_affected = \"freetype vulnerabilities on Ubuntu 6.06 LTS ,\n Ubuntu 8.04 LTS ,\n Ubuntu 9.04 ,\n Ubuntu 9.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-963-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840461\");\n script_version(\"$Revision: 8495 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-23 08:57:49 +0100 (Tue, 23 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-23 16:10:25 +0200 (Fri, 23 Jul 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"USN\", value: \"963-1\");\n script_cve_id(\"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2520\", \"CVE-2010-2527\");\n script_name(\"Ubuntu Update for freetype vulnerabilities USN-963-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-dev\", ver:\"2.3.9-5ubuntu0.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.3.9-5ubuntu0.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"freetype2-demos\", ver:\"2.3.9-5ubuntu0.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-udeb\", ver:\"2.3.9-5ubuntu0.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-dev\", ver:\"2.1.10-1ubuntu2.7\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.1.10-1ubuntu2.7\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"freetype2-demos\", ver:\"2.1.10-1ubuntu2.7\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-udeb\", ver:\"2.1.10-1ubuntu2.7\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-dev\", ver:\"2.3.11-1ubuntu2.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.3.11-1ubuntu2.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"freetype2-demos\", ver:\"2.3.11-1ubuntu2.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-udeb\", ver:\"2.3.11-1ubuntu2.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU9.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-dev\", ver:\"2.3.9-4ubuntu0.2\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.3.9-4ubuntu0.2\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"freetype2-demos\", ver:\"2.3.9-4ubuntu0.2\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-udeb\", ver:\"2.3.9-4ubuntu0.2\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-dev\", ver:\"2.3.5-1ubuntu4.8.04.3\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.3.5-1ubuntu4.8.04.3\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"freetype2-demos\", ver:\"2.3.5-1ubuntu4.8.04.3\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-udeb\", ver:\"2.3.5-1ubuntu4.8.04.3\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-04T11:17:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2500", "CVE-2010-2527", "CVE-2010-2520", "CVE-2010-2519", "CVE-2010-2498", "CVE-2010-2499"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-963-1", "modified": "2017-12-01T00:00:00", "published": "2010-07-23T00:00:00", "id": "OPENVAS:840461", "href": "http://plugins.openvas.org/nasl.php?oid=840461", "type": "openvas", "title": "Ubuntu Update for freetype vulnerabilities USN-963-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_963_1.nasl 7965 2017-12-01 07:38:25Z santu $\n#\n# Ubuntu Update for freetype vulnerabilities USN-963-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Robert Święcki discovered that FreeType did not correctly handle certain\n malformed font files. If a user were tricked into using a specially crafted\n font file, a remote attacker could execute arbitrary code with user\n privileges.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-963-1\";\ntag_affected = \"freetype vulnerabilities on Ubuntu 6.06 LTS ,\n Ubuntu 8.04 LTS ,\n Ubuntu 9.04 ,\n Ubuntu 9.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-963-1/\");\n script_id(840461);\n script_version(\"$Revision: 7965 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:38:25 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-23 16:10:25 +0200 (Fri, 23 Jul 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"USN\", value: \"963-1\");\n script_cve_id(\"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2520\", \"CVE-2010-2527\");\n script_name(\"Ubuntu Update for freetype vulnerabilities USN-963-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-dev\", ver:\"2.3.9-5ubuntu0.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.3.9-5ubuntu0.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"freetype2-demos\", ver:\"2.3.9-5ubuntu0.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-udeb\", ver:\"2.3.9-5ubuntu0.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-dev\", ver:\"2.1.10-1ubuntu2.7\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.1.10-1ubuntu2.7\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"freetype2-demos\", ver:\"2.1.10-1ubuntu2.7\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-udeb\", ver:\"2.1.10-1ubuntu2.7\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-dev\", ver:\"2.3.11-1ubuntu2.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.3.11-1ubuntu2.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"freetype2-demos\", ver:\"2.3.11-1ubuntu2.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-udeb\", ver:\"2.3.11-1ubuntu2.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU9.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-dev\", ver:\"2.3.9-4ubuntu0.2\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.3.9-4ubuntu0.2\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"freetype2-demos\", ver:\"2.3.9-4ubuntu0.2\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-udeb\", ver:\"2.3.9-4ubuntu0.2\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-dev\", ver:\"2.3.5-1ubuntu4.8.04.3\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.3.5-1ubuntu4.8.04.3\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"freetype2-demos\", ver:\"2.3.5-1ubuntu4.8.04.3\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6-udeb\", ver:\"2.3.5-1ubuntu4.8.04.3\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-06T09:26:30", "description": "Updated freetype packages that fix various security issues are now\navailable for Red Hat Enterprise Linux 3.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open\nand manage font files. It also loads, hints, and renders individual\nglyphs efficiently. These packages provide both the FreeType 1 and\nFreeType 2 font engines.\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed font files. If a user loaded a carefully-crafted font file\nwith an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2500)\n\nSeveral buffer overflow flaws were found in the FreeType demo\napplications. If a user loaded a carefully-crafted font file with a\ndemo application, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2527, CVE-2010-2541)\n\nRed Hat would like to thank Robert Swiecki of the Google Security Team\nfor the discovery of the CVE-2010-2500 and CVE-2010-2527 issues.\n\nNote: All of the issues in this erratum only affect the FreeType 2\nfont engine.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be\nrestarted (log out, then log back in) for this update to take effect.", "edition": 26, "published": "2010-08-17T00:00:00", "title": "CentOS 3 : freetype (CESA-2010:0577)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2500", "CVE-2010-2527", "CVE-2010-2541"], "modified": "2010-08-17T00:00:00", "cpe": ["p-cpe:/a:centos:centos:freetype-utils", "p-cpe:/a:centos:centos:freetype", "p-cpe:/a:centos:centos:freetype-demos", "p-cpe:/a:centos:centos:freetype-devel", "cpe:/o:centos:centos:3"], "id": "CENTOS_RHSA-2010-0577.NASL", "href": "https://www.tenable.com/plugins/nessus/48343", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0577 and \n# CentOS Errata and Security Advisory 2010:0577 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48343);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2010-2500\", \"CVE-2010-2527\", \"CVE-2010-2541\");\n script_bugtraq_id(41663, 60740, 60750);\n script_xref(name:\"RHSA\", value:\"2010:0577\");\n\n script_name(english:\"CentOS 3 : freetype (CESA-2010:0577)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated freetype packages that fix various security issues are now\navailable for Red Hat Enterprise Linux 3.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open\nand manage font files. It also loads, hints, and renders individual\nglyphs efficiently. These packages provide both the FreeType 1 and\nFreeType 2 font engines.\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed font files. If a user loaded a carefully-crafted font file\nwith an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2500)\n\nSeveral buffer overflow flaws were found in the FreeType demo\napplications. If a user loaded a carefully-crafted font file with a\ndemo application, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2527, CVE-2010-2541)\n\nRed Hat would like to thank Robert Swiecki of the Google Security Team\nfor the discovery of the CVE-2010-2500 and CVE-2010-2527 issues.\n\nNote: All of the issues in this erratum only affect the FreeType 2\nfont engine.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be\nrestarted (log out, then log back in) for this update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-August/016920.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?122b5a41\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-August/016921.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a85b27d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freetype packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freetype-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freetype-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freetype-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 3.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"freetype-2.1.4-15.el3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"freetype-2.1.4-15.el3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"freetype-demos-2.1.4-15.el3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"freetype-demos-2.1.4-15.el3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"freetype-devel-2.1.4-15.el3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"freetype-devel-2.1.4-15.el3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"freetype-utils-2.1.4-15.el3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"freetype-utils-2.1.4-15.el3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype / freetype-demos / freetype-devel / freetype-utils\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:44:59", "description": "FreeType is a free, high-quality, portable font engine that can open\nand manage font files. It also loads, hints, and renders individual\nglyphs efficiently. These packages provide both the FreeType 1 and\nFreeType 2 font engines.\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed font files. If a user loaded a carefully-crafted font file\nwith an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2500)\n\nSeveral buffer overflow flaws were found in the FreeType demo\napplications. If a user loaded a carefully-crafted font file with a\ndemo application, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2527, CVE-2010-2541)\n\nWe would like to thank Robert Swiecki of the Google Security Team for\nthe discovery of the CVE-2010-2500 and CVE-2010-2527 issues.\n\nNote: All of the issues in this erratum only affect the FreeType 2\nfont engine.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be\nrestarted (log out, then log back in) for this update to take effect.", "edition": 24, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : freetype on SL3", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2500", "CVE-2010-2527", "CVE-2010-2541"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20100730_FREETYPE_ON_SL3.NASL", "href": "https://www.tenable.com/plugins/nessus/60826", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60826);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-2500\", \"CVE-2010-2527\", \"CVE-2010-2541\");\n\n script_name(english:\"Scientific Linux Security Update : freetype on SL3\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"FreeType is a free, high-quality, portable font engine that can open\nand manage font files. It also loads, hints, and renders individual\nglyphs efficiently. These packages provide both the FreeType 1 and\nFreeType 2 font engines.\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed font files. If a user loaded a carefully-crafted font file\nwith an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2500)\n\nSeveral buffer overflow flaws were found in the FreeType demo\napplications. If a user loaded a carefully-crafted font file with a\ndemo application, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2527, CVE-2010-2541)\n\nWe would like to thank Robert Swiecki of the Google Security Team for\nthe discovery of the CVE-2010-2500 and CVE-2010-2527 issues.\n\nNote: All of the issues in this erratum only affect the FreeType 2\nfont engine.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be\nrestarted (log out, then log back in) for this update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1008&L=scientific-linux-errata&T=0&P=77\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?627cc76b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freetype and / or freetype-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL3\", reference:\"freetype-2.1.4-15.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"freetype-devel-2.1.4-15.el3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:08:05", "description": "Updated freetype packages that fix various security issues are now\navailable for Red Hat Enterprise Linux 3.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open\nand manage font files. It also loads, hints, and renders individual\nglyphs efficiently. These packages provide both the FreeType 1 and\nFreeType 2 font engines.\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed font files. If a user loaded a carefully-crafted font file\nwith an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2500)\n\nSeveral buffer overflow flaws were found in the FreeType demo\napplications. If a user loaded a carefully-crafted font file with a\ndemo application, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2527, CVE-2010-2541)\n\nRed Hat would like to thank Robert Swiecki of the Google Security Team\nfor the discovery of the CVE-2010-2500 and CVE-2010-2527 issues.\n\nNote: All of the issues in this erratum only affect the FreeType 2\nfont engine.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be\nrestarted (log out, then log back in) for this update to take effect.", "edition": 27, "published": "2010-08-02T00:00:00", "title": "RHEL 3 : freetype (RHSA-2010:0577)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2500", "CVE-2010-2527", "CVE-2010-2541"], "modified": "2010-08-02T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:3", "p-cpe:/a:redhat:enterprise_linux:freetype", "p-cpe:/a:redhat:enterprise_linux:freetype-devel"], "id": "REDHAT-RHSA-2010-0577.NASL", "href": "https://www.tenable.com/plugins/nessus/48211", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0577. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48211);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-2500\", \"CVE-2010-2527\", \"CVE-2010-2541\");\n script_bugtraq_id(41663, 60740, 60750);\n script_xref(name:\"RHSA\", value:\"2010:0577\");\n\n script_name(english:\"RHEL 3 : freetype (RHSA-2010:0577)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated freetype packages that fix various security issues are now\navailable for Red Hat Enterprise Linux 3.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open\nand manage font files. It also loads, hints, and renders individual\nglyphs efficiently. These packages provide both the FreeType 1 and\nFreeType 2 font engines.\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed font files. If a user loaded a carefully-crafted font file\nwith an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2500)\n\nSeveral buffer overflow flaws were found in the FreeType demo\napplications. If a user loaded a carefully-crafted font file with a\ndemo application, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2527, CVE-2010-2541)\n\nRed Hat would like to thank Robert Swiecki of the Google Security Team\nfor the discovery of the CVE-2010-2500 and CVE-2010-2527 issues.\n\nNote: All of the issues in this erratum only affect the FreeType 2\nfont engine.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be\nrestarted (log out, then log back in) for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2500\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2527\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2541\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0577\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freetype and / or freetype-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0577\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"freetype-2.1.4-15.el3\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"freetype-devel-2.1.4-15.el3\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype / freetype-devel\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T12:45:14", "description": "From Red Hat Security Advisory 2010:0577 :\n\nUpdated freetype packages that fix various security issues are now\navailable for Red Hat Enterprise Linux 3.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open\nand manage font files. It also loads, hints, and renders individual\nglyphs efficiently. These packages provide both the FreeType 1 and\nFreeType 2 font engines.\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed font files. If a user loaded a carefully-crafted font file\nwith an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2500)\n\nSeveral buffer overflow flaws were found in the FreeType demo\napplications. If a user loaded a carefully-crafted font file with a\ndemo application, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2527, CVE-2010-2541)\n\nRed Hat would like to thank Robert Swiecki of the Google Security Team\nfor the discovery of the CVE-2010-2500 and CVE-2010-2527 issues.\n\nNote: All of the issues in this erratum only affect the FreeType 2\nfont engine.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be\nrestarted (log out, then log back in) for this update to take effect.", "edition": 24, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 3 : freetype (ELSA-2010-0577)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2500", "CVE-2010-2527", "CVE-2010-2541"], "modified": "2013-07-12T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:freetype-devel", "cpe:/o:oracle:linux:3", "p-cpe:/a:oracle:linux:freetype"], "id": "ORACLELINUX_ELSA-2010-0577.NASL", "href": "https://www.tenable.com/plugins/nessus/68074", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2010:0577 and \n# Oracle Linux Security Advisory ELSA-2010-0577 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68074);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-2500\", \"CVE-2010-2527\", \"CVE-2010-2541\");\n script_bugtraq_id(41663, 60740, 60750);\n script_xref(name:\"RHSA\", value:\"2010:0577\");\n\n script_name(english:\"Oracle Linux 3 : freetype (ELSA-2010-0577)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2010:0577 :\n\nUpdated freetype packages that fix various security issues are now\navailable for Red Hat Enterprise Linux 3.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open\nand manage font files. It also loads, hints, and renders individual\nglyphs efficiently. These packages provide both the FreeType 1 and\nFreeType 2 font engines.\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed font files. If a user loaded a carefully-crafted font file\nwith an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2500)\n\nSeveral buffer overflow flaws were found in the FreeType demo\napplications. If a user loaded a carefully-crafted font file with a\ndemo application, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2527, CVE-2010-2541)\n\nRed Hat would like to thank Robert Swiecki of the Google Security Team\nfor the discovery of the CVE-2010-2500 and CVE-2010-2527 issues.\n\nNote: All of the issues in this erratum only affect the FreeType 2\nfont engine.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be\nrestarted (log out, then log back in) for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-July/001574.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freetype packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:freetype-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"freetype-2.1.4-15.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"freetype-2.1.4-15.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"freetype-devel-2.1.4-15.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"freetype-devel-2.1.4-15.el3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype / freetype-devel\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:26:31", "description": "Updated freetype packages that fix various security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open\nand manage font files. It also loads, hints, and renders individual\nglyphs efficiently. The freetype packages for Red Hat Enterprise Linux\n4 provide both the FreeType 1 and FreeType 2 font engines. The\nfreetype packages for Red Hat Enterprise Linux 5 provide only the\nFreeType 2 font engine.\n\nAn invalid memory management flaw was found in the way the FreeType\nfont engine processed font files. If a user loaded a carefully-crafted\nfont file with an application linked against FreeType, it could cause\nthe application to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2498)\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed font files. If a user loaded a carefully-crafted font file\nwith an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2500)\n\nSeveral buffer overflow flaws were found in the way the FreeType font\nengine processed font files. If a user loaded a carefully-crafted font\nfile with an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2499,\nCVE-2010-2519)\n\nSeveral buffer overflow flaws were found in the FreeType demo\napplications. If a user loaded a carefully-crafted font file with a\ndemo application, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2527, CVE-2010-2541)\n\nRed Hat would like to thank Robert Swiecki of the Google Security Team\nfor the discovery of the CVE-2010-2498, CVE-2010-2500, CVE-2010-2499,\nCVE-2010-2519, and CVE-2010-2527 issues.\n\nNote: All of the issues in this erratum only affect the FreeType 2\nfont engine.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be\nrestarted (log out, then log back in) for this update to take effect.", "edition": 26, "published": "2010-08-03T00:00:00", "title": "CentOS 4 / 5 : freetype (CESA-2010:0578)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2500", "CVE-2010-2527", "CVE-2010-2519", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2541"], "modified": "2010-08-03T00:00:00", "cpe": ["p-cpe:/a:centos:centos:freetype-utils", "p-cpe:/a:centos:centos:freetype", "cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:freetype-demos", "cpe:/o:centos:centos:5", "p-cpe:/a:centos:centos:freetype-devel"], "id": "CENTOS_RHSA-2010-0578.NASL", "href": "https://www.tenable.com/plugins/nessus/48217", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0578 and \n# CentOS Errata and Security Advisory 2010:0578 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48217);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2527\", \"CVE-2010-2541\");\n script_bugtraq_id(60740, 60750);\n script_xref(name:\"RHSA\", value:\"2010:0578\");\n\n script_name(english:\"CentOS 4 / 5 : freetype (CESA-2010:0578)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated freetype packages that fix various security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open\nand manage font files. It also loads, hints, and renders individual\nglyphs efficiently. The freetype packages for Red Hat Enterprise Linux\n4 provide both the FreeType 1 and FreeType 2 font engines. The\nfreetype packages for Red Hat Enterprise Linux 5 provide only the\nFreeType 2 font engine.\n\nAn invalid memory management flaw was found in the way the FreeType\nfont engine processed font files. If a user loaded a carefully-crafted\nfont file with an application linked against FreeType, it could cause\nthe application to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2498)\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed font files. If a user loaded a carefully-crafted font file\nwith an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2500)\n\nSeveral buffer overflow flaws were found in the way the FreeType font\nengine processed font files. If a user loaded a carefully-crafted font\nfile with an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2499,\nCVE-2010-2519)\n\nSeveral buffer overflow flaws were found in the FreeType demo\napplications. If a user loaded a carefully-crafted font file with a\ndemo application, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2527, CVE-2010-2541)\n\nRed Hat would like to thank Robert Swiecki of the Google Security Team\nfor the discovery of the CVE-2010-2498, CVE-2010-2500, CVE-2010-2499,\nCVE-2010-2519, and CVE-2010-2527 issues.\n\nNote: All of the issues in this erratum only affect the FreeType 2\nfont engine.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be\nrestarted (log out, then log back in) for this update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-August/016854.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b9d2110d\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-August/016855.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?eb8b8ddf\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-August/016884.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b78c705f\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-August/016885.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fecd5c92\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freetype packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freetype-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freetype-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freetype-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x / 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"freetype-2.1.9-14.el4.8\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"freetype-2.1.9-14.el4.8\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"freetype-demos-2.1.9-14.el4.8\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"freetype-demos-2.1.9-14.el4.8\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"freetype-devel-2.1.9-14.el4.8\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"freetype-devel-2.1.9-14.el4.8\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"freetype-utils-2.1.9-14.el4.8\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"freetype-utils-2.1.9-14.el4.8\")) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"freetype-2.2.1-25.el5_5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"freetype-demos-2.2.1-25.el5_5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"freetype-devel-2.2.1-25.el5_5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype / freetype-demos / freetype-devel / freetype-utils\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T12:45:14", "description": "From Red Hat Security Advisory 2010:0578 :\n\nUpdated freetype packages that fix various security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open\nand manage font files. It also loads, hints, and renders individual\nglyphs efficiently. The freetype packages for Red Hat Enterprise Linux\n4 provide both the FreeType 1 and FreeType 2 font engines. The\nfreetype packages for Red Hat Enterprise Linux 5 provide only the\nFreeType 2 font engine.\n\nAn invalid memory management flaw was found in the way the FreeType\nfont engine processed font files. If a user loaded a carefully-crafted\nfont file with an application linked against FreeType, it could cause\nthe application to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2498)\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed font files. If a user loaded a carefully-crafted font file\nwith an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2500)\n\nSeveral buffer overflow flaws were found in the way the FreeType font\nengine processed font files. If a user loaded a carefully-crafted font\nfile with an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2499,\nCVE-2010-2519)\n\nSeveral buffer overflow flaws were found in the FreeType demo\napplications. If a user loaded a carefully-crafted font file with a\ndemo application, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2527, CVE-2010-2541)\n\nRed Hat would like to thank Robert Swiecki of the Google Security Team\nfor the discovery of the CVE-2010-2498, CVE-2010-2500, CVE-2010-2499,\nCVE-2010-2519, and CVE-2010-2527 issues.\n\nNote: All of the issues in this erratum only affect the FreeType 2\nfont engine.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be\nrestarted (log out, then log back in) for this update to take effect.", "edition": 24, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 4 / 5 : freetype (ELSA-2010-0578)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2500", "CVE-2010-2527", "CVE-2010-2519", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2541"], "modified": "2013-07-12T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:freetype-utils", "p-cpe:/a:oracle:linux:freetype-demos", "p-cpe:/a:oracle:linux:freetype-devel", "cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:4", "p-cpe:/a:oracle:linux:freetype"], "id": "ORACLELINUX_ELSA-2010-0578.NASL", "href": "https://www.tenable.com/plugins/nessus/68075", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2010:0578 and \n# Oracle Linux Security Advisory ELSA-2010-0578 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68075);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2527\", \"CVE-2010-2541\");\n script_bugtraq_id(60740, 60750);\n script_xref(name:\"RHSA\", value:\"2010:0578\");\n\n script_name(english:\"Oracle Linux 4 / 5 : freetype (ELSA-2010-0578)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2010:0578 :\n\nUpdated freetype packages that fix various security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open\nand manage font files. It also loads, hints, and renders individual\nglyphs efficiently. The freetype packages for Red Hat Enterprise Linux\n4 provide both the FreeType 1 and FreeType 2 font engines. The\nfreetype packages for Red Hat Enterprise Linux 5 provide only the\nFreeType 2 font engine.\n\nAn invalid memory management flaw was found in the way the FreeType\nfont engine processed font files. If a user loaded a carefully-crafted\nfont file with an application linked against FreeType, it could cause\nthe application to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2498)\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed font files. If a user loaded a carefully-crafted font file\nwith an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2500)\n\nSeveral buffer overflow flaws were found in the way the FreeType font\nengine processed font files. If a user loaded a carefully-crafted font\nfile with an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2499,\nCVE-2010-2519)\n\nSeveral buffer overflow flaws were found in the FreeType demo\napplications. If a user loaded a carefully-crafted font file with a\ndemo application, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2527, CVE-2010-2541)\n\nRed Hat would like to thank Robert Swiecki of the Google Security Team\nfor the discovery of the CVE-2010-2498, CVE-2010-2500, CVE-2010-2499,\nCVE-2010-2519, and CVE-2010-2527 issues.\n\nNote: All of the issues in this erratum only affect the FreeType 2\nfont engine.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be\nrestarted (log out, then log back in) for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-July/001572.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-July/001573.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freetype packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:freetype-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:freetype-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:freetype-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4 / 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"freetype-2.1.9-14.el4.8\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"freetype-demos-2.1.9-14.el4.8\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"freetype-devel-2.1.9-14.el4.8\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"freetype-utils-2.1.9-14.el4.8\")) flag++;\n\nif (rpm_check(release:\"EL5\", reference:\"freetype-2.2.1-25.el5_5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"freetype-demos-2.2.1-25.el5_5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"freetype-devel-2.2.1-25.el5_5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype / freetype-demos / freetype-devel / freetype-utils\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:08:05", "description": "Updated freetype packages that fix various security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open\nand manage font files. It also loads, hints, and renders individual\nglyphs efficiently. The freetype packages for Red Hat Enterprise Linux\n4 provide both the FreeType 1 and FreeType 2 font engines. The\nfreetype packages for Red Hat Enterprise Linux 5 provide only the\nFreeType 2 font engine.\n\nAn invalid memory management flaw was found in the way the FreeType\nfont engine processed font files. If a user loaded a carefully-crafted\nfont file with an application linked against FreeType, it could cause\nthe application to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2498)\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed font files. If a user loaded a carefully-crafted font file\nwith an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2500)\n\nSeveral buffer overflow flaws were found in the way the FreeType font\nengine processed font files. If a user loaded a carefully-crafted font\nfile with an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2499,\nCVE-2010-2519)\n\nSeveral buffer overflow flaws were found in the FreeType demo\napplications. If a user loaded a carefully-crafted font file with a\ndemo application, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2527, CVE-2010-2541)\n\nRed Hat would like to thank Robert Swiecki of the Google Security Team\nfor the discovery of the CVE-2010-2498, CVE-2010-2500, CVE-2010-2499,\nCVE-2010-2519, and CVE-2010-2527 issues.\n\nNote: All of the issues in this erratum only affect the FreeType 2\nfont engine.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be\nrestarted (log out, then log back in) for this update to take effect.", "edition": 27, "published": "2010-08-02T00:00:00", "title": "RHEL 4 / 5 : freetype (RHSA-2010:0578)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2500", "CVE-2010-2527", "CVE-2010-2519", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2541"], "modified": "2010-08-02T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:freetype-demos", "cpe:/o:redhat:enterprise_linux:4.8", "p-cpe:/a:redhat:enterprise_linux:freetype", "p-cpe:/a:redhat:enterprise_linux:freetype-utils", "p-cpe:/a:redhat:enterprise_linux:freetype-devel"], "id": "REDHAT-RHSA-2010-0578.NASL", "href": "https://www.tenable.com/plugins/nessus/48212", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0578. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48212);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2527\", \"CVE-2010-2541\");\n script_bugtraq_id(60740, 60750);\n script_xref(name:\"RHSA\", value:\"2010:0578\");\n\n script_name(english:\"RHEL 4 / 5 : freetype (RHSA-2010:0578)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated freetype packages that fix various security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open\nand manage font files. It also loads, hints, and renders individual\nglyphs efficiently. The freetype packages for Red Hat Enterprise Linux\n4 provide both the FreeType 1 and FreeType 2 font engines. The\nfreetype packages for Red Hat Enterprise Linux 5 provide only the\nFreeType 2 font engine.\n\nAn invalid memory management flaw was found in the way the FreeType\nfont engine processed font files. If a user loaded a carefully-crafted\nfont file with an application linked against FreeType, it could cause\nthe application to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2498)\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed font files. If a user loaded a carefully-crafted font file\nwith an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2500)\n\nSeveral buffer overflow flaws were found in the way the FreeType font\nengine processed font files. If a user loaded a carefully-crafted font\nfile with an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2499,\nCVE-2010-2519)\n\nSeveral buffer overflow flaws were found in the FreeType demo\napplications. If a user loaded a carefully-crafted font file with a\ndemo application, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2527, CVE-2010-2541)\n\nRed Hat would like to thank Robert Swiecki of the Google Security Team\nfor the discovery of the CVE-2010-2498, CVE-2010-2500, CVE-2010-2499,\nCVE-2010-2519, and CVE-2010-2527 issues.\n\nNote: All of the issues in this erratum only affect the FreeType 2\nfont engine.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be\nrestarted (log out, then log back in) for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2498\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2499\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2500\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2527\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2541\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0578\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0578\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"freetype-2.1.9-14.el4.8\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"freetype-demos-2.1.9-14.el4.8\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"freetype-devel-2.1.9-14.el4.8\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"freetype-utils-2.1.9-14.el4.8\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", reference:\"freetype-2.2.1-25.el5_5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"freetype-demos-2.2.1-25.el5_5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"freetype-demos-2.2.1-25.el5_5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"freetype-demos-2.2.1-25.el5_5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"freetype-devel-2.2.1-25.el5_5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype / freetype-demos / freetype-devel / freetype-utils\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:44:59", "description": "An invalid memory management flaw was found in the way the FreeType\nfont engine processed font files. If a user loaded a carefully-crafted\nfont file with an application linked against FreeType, it could cause\nthe application to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2498)\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed font files. If a user loaded a carefully-crafted font file\nwith an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2500)\n\nSeveral buffer overflow flaws were found in the way the FreeType font\nengine processed font files. If a user loaded a carefully-crafted font\nfile with an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2499,\nCVE-2010-2519)\n\nSeveral buffer overflow flaws were found in the FreeType demo\napplications. If a user loaded a carefully-crafted font file with a\ndemo application, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2527, CVE-2010-2541)\n\nNote: All of the issues in this erratum only affect the FreeType 2\nfont engine.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be\nrestarted (log out, then log back in) for this update to take effect.\n\nFile List", "edition": 24, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : freetype for SL4 , SL5", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2500", "CVE-2010-2527", "CVE-2010-2519", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2541"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20100730_FREETYPE_FOR_SL4.NASL", "href": "https://www.tenable.com/plugins/nessus/60825", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60825);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2527\", \"CVE-2010-2541\");\n\n script_name(english:\"Scientific Linux Security Update : freetype for SL4 , SL5\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An invalid memory management flaw was found in the way the FreeType\nfont engine processed font files. If a user loaded a carefully-crafted\nfont file with an application linked against FreeType, it could cause\nthe application to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2498)\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed font files. If a user loaded a carefully-crafted font file\nwith an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2500)\n\nSeveral buffer overflow flaws were found in the way the FreeType font\nengine processed font files. If a user loaded a carefully-crafted font\nfile with an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2499,\nCVE-2010-2519)\n\nSeveral buffer overflow flaws were found in the FreeType demo\napplications. If a user loaded a carefully-crafted font file with a\ndemo application, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2527, CVE-2010-2541)\n\nNote: All of the issues in this erratum only affect the FreeType 2\nfont engine.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be\nrestarted (log out, then log back in) for this update to take effect.\n\nFile List\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1007&L=scientific-linux-errata&T=0&P=3474\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a2ba5fda\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"freetype-2.1.9-14.el4.8\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"freetype-debuginfo-2.1.9-14.el4.8\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"freetype-demos-2.1.9-14.el4.8\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"freetype-devel-2.1.9-14.el4.8\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"freetype-utils-2.1.9-14.el4.8\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"freetype-2.2.1-25.el5_5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"freetype-debuginfo-2.2.1-25.el5_5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"freetype-demos-2.2.1-25.el5_5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"freetype-devel-2.2.1-25.el5_5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T06:57:36", "description": "Robert Swiecki discovered that FreeType did not correctly handle\ncertain malformed font files. If a user were tricked into using a\nspecially crafted font file, a remote attacker could execute arbitrary\ncode with user privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2010-07-21T00:00:00", "title": "Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : freetype vulnerabilities (USN-963-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2500", "CVE-2010-2527", "CVE-2010-2520", "CVE-2010-2519", "CVE-2010-2498", "CVE-2010-2499"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libfreetype6", "p-cpe:/a:canonical:ubuntu_linux:freetype2-demos", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "cpe:/o:canonical:ubuntu_linux:9.10", "p-cpe:/a:canonical:ubuntu_linux:libfreetype6-dev", "cpe:/o:canonical:ubuntu_linux:9.04", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts"], "id": "UBUNTU_USN-963-1.NASL", "href": "https://www.tenable.com/plugins/nessus/47778", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-963-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47778);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/09/19 12:54:26\");\n\n script_cve_id(\"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2520\", \"CVE-2010-2527\");\n script_bugtraq_id(41663, 60750);\n script_xref(name:\"USN\", value:\"963-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : freetype vulnerabilities (USN-963-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Robert Swiecki discovered that FreeType did not correctly handle\ncertain malformed font files. If a user were tricked into using a\nspecially crafted font file, a remote attacker could execute arbitrary\ncode with user privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/963-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected freetype2-demos, libfreetype6 and / or\nlibfreetype6-dev packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:freetype2-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libfreetype6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libfreetype6-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(6\\.06|8\\.04|9\\.04|9\\.10|10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 8.04 / 9.04 / 9.10 / 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"freetype2-demos\", pkgver:\"2.1.10-1ubuntu2.7\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libfreetype6\", pkgver:\"2.1.10-1ubuntu2.7\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libfreetype6-dev\", pkgver:\"2.1.10-1ubuntu2.7\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"freetype2-demos\", pkgver:\"2.3.5-1ubuntu4.8.04.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libfreetype6\", pkgver:\"2.3.5-1ubuntu4.8.04.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libfreetype6-dev\", pkgver:\"2.3.5-1ubuntu4.8.04.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"freetype2-demos\", pkgver:\"2.3.9-4ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libfreetype6\", pkgver:\"2.3.9-4ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libfreetype6-dev\", pkgver:\"2.3.9-4ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"freetype2-demos\", pkgver:\"2.3.9-5ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libfreetype6\", pkgver:\"2.3.9-5ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libfreetype6-dev\", pkgver:\"2.3.9-5ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"freetype2-demos\", pkgver:\"2.3.11-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libfreetype6\", pkgver:\"2.3.11-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libfreetype6-dev\", pkgver:\"2.3.11-1ubuntu2.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype2-demos / libfreetype6 / libfreetype6-dev\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:08:08", "description": " - Mon Oct 4 2010 Marek Kasik <mkasik at redhat.com>\n 2.3.11-6\n\n - Add freetype-2.3.11-CVE-2010-2805.patch (Fix\n comparison.)\n\n - Add freetype-2.3.11-CVE-2010-2806.patch (Protect against\n negative string_size. Fix comparison.)\n\n - Add freetype-2.3.11-CVE-2010-2808.patch (Check the total\n length of collected POST segments.)\n\n - Add freetype-2.3.11-CVE-2010-3311.patch (Don't seek\n behind end of stream.)\n\n - Resolves: #638522\n\n - Mon Oct 4 2010 Marek Kasik <mkasik at redhat.com>\n 2.3.11-5\n\n - Add freetype-2.3.11-CVE-2010-1797.patch (Check stack\n after execution of operations too. Skip the\n evaluations of the values in decoder, if\n cff_decoder_parse_charstrings() returns any error.)\n\n - Resolves: #621627\n\n - Fri Oct 1 2010 Marek Kasik <mkasik at redhat.com>\n 2.3.11-4\n\n - Add freetype-2.3.11-CVE-2010-2498.patch (Assure that\n `end_point' is not larger than `glyph->num_points')\n\n - Add freetype-2.3.11-CVE-2010-2499.patch (Check the\n buffer size during gathering PFB fragments)\n\n - Add freetype-2.3.11-CVE-2010-2500.patch (Use smaller\n threshold values for `width' and `height')\n\n - Add freetype-2.3.11-CVE-2010-2519.patch (Check `rlen'\n the length of fragment declared in the POST fragment\n header)\n\n - Add freetype-2.3.11-CVE-2010-2520.patch (Fix bounds\n check)\n\n - Add freetype-2.3.11-CVE-2010-2527.patch (Use precision\n for `%s' where appropriate to avoid buffer overflows)\n\n - Add freetype-2.3.11-CVE-2010-2541.patch (Avoid overflow\n when dealing with names of axes)\n\n - Resolves: #613299\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "published": "2010-10-20T00:00:00", "title": "Fedora 13 : freetype-2.3.11-6.fc13 (2010-15705)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2500", "CVE-2010-2808", "CVE-2010-2527", "CVE-2010-2520", "CVE-2010-2805", "CVE-2010-2806", "CVE-2010-3311", "CVE-2010-2519", "CVE-2010-2498", "CVE-2010-1797", "CVE-2010-2499", "CVE-2010-2541"], "modified": "2010-10-20T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:13", "p-cpe:/a:fedoraproject:fedora:freetype"], "id": "FEDORA_2010-15705.NASL", "href": "https://www.tenable.com/plugins/nessus/50026", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-15705.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50026);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-1797\", \"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2520\", \"CVE-2010-2527\", \"CVE-2010-2541\", \"CVE-2010-2805\", \"CVE-2010-2806\", \"CVE-2010-2808\", \"CVE-2010-3311\");\n script_bugtraq_id(41663, 42241, 42285, 43700);\n script_xref(name:\"FEDORA\", value:\"2010-15705\");\n\n script_name(english:\"Fedora 13 : freetype-2.3.11-6.fc13 (2010-15705)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Mon Oct 4 2010 Marek Kasik <mkasik at redhat.com>\n 2.3.11-6\n\n - Add freetype-2.3.11-CVE-2010-2805.patch (Fix\n comparison.)\n\n - Add freetype-2.3.11-CVE-2010-2806.patch (Protect against\n negative string_size. Fix comparison.)\n\n - Add freetype-2.3.11-CVE-2010-2808.patch (Check the total\n length of collected POST segments.)\n\n - Add freetype-2.3.11-CVE-2010-3311.patch (Don't seek\n behind end of stream.)\n\n - Resolves: #638522\n\n - Mon Oct 4 2010 Marek Kasik <mkasik at redhat.com>\n 2.3.11-5\n\n - Add freetype-2.3.11-CVE-2010-1797.patch (Check stack\n after execution of operations too. Skip the\n evaluations of the values in decoder, if\n cff_decoder_parse_charstrings() returns any error.)\n\n - Resolves: #621627\n\n - Fri Oct 1 2010 Marek Kasik <mkasik at redhat.com>\n 2.3.11-4\n\n - Add freetype-2.3.11-CVE-2010-2498.patch (Assure that\n `end_point' is not larger than `glyph->num_points')\n\n - Add freetype-2.3.11-CVE-2010-2499.patch (Check the\n buffer size during gathering PFB fragments)\n\n - Add freetype-2.3.11-CVE-2010-2500.patch (Use smaller\n threshold values for `width' and `height')\n\n - Add freetype-2.3.11-CVE-2010-2519.patch (Check `rlen'\n the length of fragment declared in the POST fragment\n header)\n\n - Add freetype-2.3.11-CVE-2010-2520.patch (Fix bounds\n check)\n\n - Add freetype-2.3.11-CVE-2010-2527.patch (Use precision\n for `%s' where appropriate to avoid buffer overflows)\n\n - Add freetype-2.3.11-CVE-2010-2541.patch (Avoid overflow\n when dealing with names of axes)\n\n - Resolves: #613299\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=613160\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=613162\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=613167\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=613194\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=613198\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=614557\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=617342\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=621144\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=621907\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=621980\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=623625\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=625626\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/049605.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1b04ead5\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freetype package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"freetype-2.3.11-6.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2020-07-17T03:28:28", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2500", "CVE-2010-2527", "CVE-2010-2541"], "description": "**CentOS Errata and Security Advisory** CESA-2010:0577\n\n\nFreeType is a free, high-quality, portable font engine that can open and\nmanage font files. It also loads, hints, and renders individual glyphs\nefficiently. These packages provide both the FreeType 1 and FreeType 2 font\nengines.\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed font files. If a user loaded a carefully-crafted font file with\nan application linked against FreeType, it could cause the application to\ncrash or, possibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2500)\n\nSeveral buffer overflow flaws were found in the FreeType demo applications.\nIf a user loaded a carefully-crafted font file with a demo application, it\ncould cause the application to crash or, possibly, execute arbitrary code\nwith the privileges of the user running the application. (CVE-2010-2527,\nCVE-2010-2541)\n\nRed Hat would like to thank Robert Swiecki of the Google Security Team for\nthe discovery of the CVE-2010-2500 and CVE-2010-2527 issues.\n\nNote: All of the issues in this erratum only affect the FreeType 2 font\nengine.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be restarted\n(log out, then log back in) for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-August/028958.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-August/028959.html\n\n**Affected packages:**\nfreetype\nfreetype-demos\nfreetype-devel\nfreetype-utils\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0577.html", "edition": 5, "modified": "2010-08-16T21:21:24", "published": "2010-08-16T21:19:51", "href": "http://lists.centos.org/pipermail/centos-announce/2010-August/028958.html", "id": "CESA-2010:0577", "title": "freetype security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-20T18:25:03", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2500", "CVE-2010-2527", "CVE-2010-2519", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2541"], "description": "**CentOS Errata and Security Advisory** CESA-2010:0578\n\n\nFreeType is a free, high-quality, portable font engine that can open and\nmanage font files. It also loads, hints, and renders individual glyphs\nefficiently. The freetype packages for Red Hat Enterprise Linux 4 provide\nboth the FreeType 1 and FreeType 2 font engines. The freetype packages for\nRed Hat Enterprise Linux 5 provide only the FreeType 2 font engine.\n\nAn invalid memory management flaw was found in the way the FreeType font\nengine processed font files. If a user loaded a carefully-crafted font file\nwith an application linked against FreeType, it could cause the application\nto crash or, possibly, execute arbitrary code with the privileges of the\nuser running the application. (CVE-2010-2498)\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed font files. If a user loaded a carefully-crafted font file with\nan application linked against FreeType, it could cause the application to\ncrash or, possibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2500)\n\nSeveral buffer overflow flaws were found in the way the FreeType font\nengine processed font files. If a user loaded a carefully-crafted font file\nwith an application linked against FreeType, it could cause the application\nto crash or, possibly, execute arbitrary code with the privileges of the\nuser running the application. (CVE-2010-2499, CVE-2010-2519)\n\nSeveral buffer overflow flaws were found in the FreeType demo applications.\nIf a user loaded a carefully-crafted font file with a demo application, it\ncould cause the application to crash or, possibly, execute arbitrary code\nwith the privileges of the user running the application. (CVE-2010-2527,\nCVE-2010-2541)\n\nRed Hat would like to thank Robert Swiecki of the Google Security Team for\nthe discovery of the CVE-2010-2498, CVE-2010-2500, CVE-2010-2499,\nCVE-2010-2519, and CVE-2010-2527 issues.\n\nNote: All of the issues in this erratum only affect the FreeType 2 font\nengine.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be restarted\n(log out, then log back in) for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-August/028892.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-August/028893.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-August/028922.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-August/028923.html\n\n**Affected packages:**\nfreetype\nfreetype-demos\nfreetype-devel\nfreetype-utils\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0578.html", "edition": 5, "modified": "2010-08-06T23:26:41", "published": "2010-08-03T00:36:19", "href": "http://lists.centos.org/pipermail/centos-announce/2010-August/028892.html", "id": "CESA-2010:0578", "title": "freetype security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:46:12", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2500", "CVE-2010-2527", "CVE-2010-2541"], "description": "FreeType is a free, high-quality, portable font engine that can open and\nmanage font files. It also loads, hints, and renders individual glyphs\nefficiently. These packages provide both the FreeType 1 and FreeType 2 font\nengines.\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed font files. If a user loaded a carefully-crafted font file with\nan application linked against FreeType, it could cause the application to\ncrash or, possibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2500)\n\nSeveral buffer overflow flaws were found in the FreeType demo applications.\nIf a user loaded a carefully-crafted font file with a demo application, it\ncould cause the application to crash or, possibly, execute arbitrary code\nwith the privileges of the user running the application. (CVE-2010-2527,\nCVE-2010-2541)\n\nRed Hat would like to thank Robert Swiecki of the Google Security Team for\nthe discovery of the CVE-2010-2500 and CVE-2010-2527 issues.\n\nNote: All of the issues in this erratum only affect the FreeType 2 font\nengine.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be restarted\n(log out, then log back in) for this update to take effect.\n", "modified": "2018-05-26T04:26:18", "published": "2010-07-30T04:00:00", "id": "RHSA-2010:0577", "href": "https://access.redhat.com/errata/RHSA-2010:0577", "type": "redhat", "title": "(RHSA-2010:0577) Important: freetype security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:47:02", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2500", "CVE-2010-2519", "CVE-2010-2527", "CVE-2010-2541"], "description": "FreeType is a free, high-quality, portable font engine that can open and\nmanage font files. It also loads, hints, and renders individual glyphs\nefficiently. The freetype packages for Red Hat Enterprise Linux 4 provide\nboth the FreeType 1 and FreeType 2 font engines. The freetype packages for\nRed Hat Enterprise Linux 5 provide only the FreeType 2 font engine.\n\nAn invalid memory management flaw was found in the way the FreeType font\nengine processed font files. If a user loaded a carefully-crafted font file\nwith an application linked against FreeType, it could cause the application\nto crash or, possibly, execute arbitrary code with the privileges of the\nuser running the application. (CVE-2010-2498)\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed font files. If a user loaded a carefully-crafted font file with\nan application linked against FreeType, it could cause the application to\ncrash or, possibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2500)\n\nSeveral buffer overflow flaws were found in the way the FreeType font\nengine processed font files. If a user loaded a carefully-crafted font file\nwith an application linked against FreeType, it could cause the application\nto crash or, possibly, execute arbitrary code with the privileges of the\nuser running the application. (CVE-2010-2499, CVE-2010-2519)\n\nSeveral buffer overflow flaws were found in the FreeType demo applications.\nIf a user loaded a carefully-crafted font file with a demo application, it\ncould cause the application to crash or, possibly, execute arbitrary code\nwith the privileges of the user running the application. (CVE-2010-2527,\nCVE-2010-2541)\n\nRed Hat would like to thank Robert Swiecki of the Google Security Team for\nthe discovery of the CVE-2010-2498, CVE-2010-2500, CVE-2010-2499,\nCVE-2010-2519, and CVE-2010-2527 issues.\n\nNote: All of the issues in this erratum only affect the FreeType 2 font\nengine.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be restarted\n(log out, then log back in) for this update to take effect.\n", "modified": "2017-09-08T11:50:38", "published": "2010-07-30T04:00:00", "id": "RHSA-2010:0578", "href": "https://access.redhat.com/errata/RHSA-2010:0578", "type": "redhat", "title": "(RHSA-2010:0578) Important: freetype security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:46:20", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0758", "CVE-2010-0211", "CVE-2010-0212", "CVE-2010-0428", "CVE-2010-0429", "CVE-2010-0431", "CVE-2010-0435", "CVE-2010-1084", "CVE-2010-1797", "CVE-2010-2066", "CVE-2010-2070", "CVE-2010-2226", "CVE-2010-2244", "CVE-2010-2248", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2500", "CVE-2010-2519", "CVE-2010-2521", "CVE-2010-2524", "CVE-2010-2527", "CVE-2010-2541", "CVE-2010-2784", "CVE-2010-2811"], "description": "The rhev-hypervisor package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor\nis a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes\neverything necessary to run and manage virtual machines: A subset of the\nRed Hat Enterprise Linux operating environment and the Red Hat Enterprise\nVirtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions.\n\nIt was found that the libspice component of QEMU-KVM on the host did not\nvalidate all pointers provided from a guest system's QXL graphics card\ndriver. A privileged guest user could use this flaw to cause the host to\ndereference an invalid pointer, causing the guest to crash (denial of\nservice) or, possibly, resulting in the privileged guest user escalating\ntheir privileges on the host. (CVE-2010-0428)\n\nIt was found that the libspice component of QEMU-KVM on the host could be\nforced to perform certain memory management operations on memory addresses\ncontrolled by a guest. A privileged guest user could use this flaw to crash\nthe guest (denial of service) or, possibly, escalate their privileges on\nthe host. (CVE-2010-0429)\n\nIt was found that QEMU-KVM on the host did not validate all pointers\nprovided from a guest system's QXL graphics card driver. A privileged guest\nuser could use this flaw to cause the host to dereference an invalid\npointer, causing the guest to crash (denial of service) or, possibly,\nresulting in the privileged guest user escalating their privileges on the\nhost. (CVE-2010-0431)\n\nA flaw was found in QEMU-KVM, allowing the guest some control over the\nindex used to access the callback array during sub-page MMIO\ninitialization. A privileged guest user could use this flaw to crash the\nguest (denial of service) or, possibly, escalate their privileges on the\nhost. (CVE-2010-2784)\n\nA NULL pointer dereference flaw was found when Red Hat Enterprise\nVirtualization Hypervisor was run on a system that has a processor with the\nIntel VT-x extension enabled. A privileged guest user could use this flaw\nto trick the host into emulating a certain instruction, which could crash\nthe host (denial of service). (CVE-2010-0435)\n\nA flaw was found in the way VDSM accepted SSL connections. An attacker\ncould trigger this flaw by creating a crafted SSL connection to VDSM,\npreventing VDSM from accepting SSL connections from other users.\n(CVE-2010-2811)\n\nThese updated packages provide updated components that include fixes for\nsecurity issues; however, these issues have no security impact for Red Hat\nEnterprise Virtualization Hypervisor. These fixes are for avahi issues\nCVE-2009-0758 and CVE-2010-2244; freetype issues CVE-2010-1797,\nCVE-2010-2498, CVE-2010-2499, CVE-2010-2500, CVE-2010-2519, CVE-2010-2527,\nand CVE-2010-2541; kernel issues CVE-2010-1084, CVE-2010-2066,\nCVE-2010-2070, CVE-2010-2226, CVE-2010-2248, CVE-2010-2521, and\nCVE-2010-2524; and openldap issues CVE-2010-0211 and CVE-2010-0212.\n\nThese updated rhev-hypervisor packages also fix two bugs. Documentation for\nthese bug fixes will be available shortly from\nhttp://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Virtualization_for_Servers/2.2/html/Technical_Notes/index.html\n\nAs Red Hat Enterprise Virtualization Hypervisor is based on KVM, the bug\nfixes from the KVM update RHSA-2010:0627 have been included in this update.\nAlso included are the bug fixes from the VDSM update RHSA-2010:0628.\n\nKVM: https://rhn.redhat.com/errata/RHSA-2010-0627.html\nVDSM: https://rhn.redhat.com/errata/RHSA-2010-0628.html\n\nUsers of Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to these updated rhev-hypervisor packages, which resolve these\nissues.\n", "modified": "2019-03-22T23:44:57", "published": "2010-08-19T04:00:00", "id": "RHSA-2010:0622", "href": "https://access.redhat.com/errata/RHSA-2010:0622", "type": "redhat", "title": "(RHSA-2010:0622) Important: rhev-hypervisor security and bug fix update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:37:48", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2500", "CVE-2010-2527"], "description": "[2.1.4-15.el3]\n- Add freetype-2.1.4-axis-name-overflow.patch\n (Avoid overflow when dealing with names of axes)\n- Resolves: #614014\n[2.1.4-14.el3]\n- Add freetype-2.1.4-CVE-2010-2527.patch\n (Use precision for '%s' where appropriate to avoid buffer overflows)\n- Resolves: #614014\n[2.1.4-13.el3]\n- Add freetype-2.1.4-CVE-2010-2500.patch\n (Use smaller threshold values for 'width' and 'height')\n- Resolves: #614014", "edition": 4, "modified": "2010-07-30T00:00:00", "published": "2010-07-30T00:00:00", "id": "ELSA-2010-0577", "href": "http://linux.oracle.com/errata/ELSA-2010-0577.html", "title": "freetype security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:46", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2500", "CVE-2010-2527", "CVE-2010-2519", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2541"], "description": "[2.2.1-25]\n- Add freetype-2.2.1-axis-name-overflow.patch\n (Avoid overflow when dealing with names of axes)\n- Resolves: #614012\n[2.2.1-24]\n- Modify freetype-2.2.1-CVE-2010-2519.patch (additional fix)\n (If the type of the POST fragment is 0, the segment is completely ignored)\n- Resolves: #614012\n[2.2.1-23]\n- Add freetype-2.2.1-CVE-2010-2527.patch\n (Use precision for '%s' where appropriate to avoid buffer overflows)\n- Resolves: #614012\n[2.2.1-22]\n- Add freetype-2.2.1-CVE-2010-2498.patch\n (Assure that 'end_point' is not larger than 'glyph->num_points')\n- Add freetype-2.2.1-CVE-2010-2499.patch\n (Check the buffer size during gathering PFB fragments)\n- Add freetype-2.2.1-CVE-2010-2500.patch\n (Use smaller threshold values for 'width' and 'height')\n- Add freetype-2.2.1-CVE-2010-2519.patch\n (Check 'rlen' the length of fragment declared in the POST fragment header)\n- Resolves: #614012 ", "edition": 4, "modified": "2010-07-30T00:00:00", "published": "2010-07-30T00:00:00", "id": "ELSA-2010-0578", "href": "http://linux.oracle.com/errata/ELSA-2010-0578.html", "title": "freetype security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-07-08T23:33:11", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2500", "CVE-2010-2527", "CVE-2010-2520", "CVE-2010-2519", "CVE-2010-2498", "CVE-2010-2499"], "description": "Robert \u015awi\u0119cki discovered that FreeType did not correctly handle certain \nmalformed font files. If a user were tricked into using a specially crafted \nfont file, a remote attacker could execute arbitrary code with user \nprivileges.", "edition": 5, "modified": "2010-07-20T00:00:00", "published": "2010-07-20T00:00:00", "id": "USN-963-1", "href": "https://ubuntu.com/security/notices/USN-963-1", "title": "FreeType vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-08T23:33:30", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2807", "CVE-2010-2808", "CVE-2010-2805", "CVE-2010-2806", "CVE-2010-1797", "CVE-2010-2541"], "description": "It was discovered that FreeType did not correctly handle certain malformed \nfont files. If a user were tricked into using a specially crafted font \nfile, a remote attacker could cause FreeType to crash or possibly execute \narbitrary code with user privileges.", "edition": 5, "modified": "2010-08-17T00:00:00", "published": "2010-08-17T00:00:00", "id": "USN-972-1", "href": "https://ubuntu.com/security/notices/USN-972-1", "title": "FreeType vulnerabilities", "type": "ubuntu", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1797", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2500", "CVE-2010-2519", "CVE-2010-2520", "CVE-2010-2527", "CVE-2010-2541", "CVE-2010-2805", "CVE-2010-2806", "CVE-2010-2808", "CVE-2010-3311"], "description": "The FreeType engine is a free and portable font rendering engine, developed to provide advanced font support for a variety of platforms and environments. FreeType is a library which can open and manages font files as well as efficiently load, hint and render individual glyphs. FreeType is not a font server or a complete text-rendering library. ", "modified": "2010-10-19T07:23:19", "published": "2010-10-19T07:23:19", "id": "FEDORA:0DCDA110ECC", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: freetype-2.3.11-6.fc13", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1797", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2500", "CVE-2010-2519", "CVE-2010-2520", "CVE-2010-2527", "CVE-2010-2541", "CVE-2010-2805", "CVE-2010-2806", "CVE-2010-2808", "CVE-2010-3311"], "description": "The FreeType engine is a free and portable font rendering engine, developed to provide advanced font support for a variety of platforms and environments. FreeType is a library which can open and manages font files as well as efficiently load, hint and render individual glyphs. FreeType is not a font server or a complete text-rendering library. ", "modified": "2010-11-01T20:53:44", "published": "2010-11-01T20:53:44", "id": "FEDORA:33CDB110894", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: freetype-2.3.11-6.fc12", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1797", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2500", "CVE-2010-2519", "CVE-2010-2520", "CVE-2010-2527", "CVE-2010-2541", "CVE-2010-2805", "CVE-2010-2806", "CVE-2010-2808", "CVE-2010-3311", "CVE-2010-3855"], "description": "The FreeType engine is a free and portable font rendering engine, developed to provide advanced font support for a variety of platforms and environments. FreeType is a library which can open and manages font files as well as efficiently load, hint and render individual glyphs. FreeType is not a font server or a complete text-rendering library. ", "modified": "2010-11-21T21:56:42", "published": "2010-11-21T21:56:42", "id": "FEDORA:CAB2111090C", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: freetype-2.3.11-7.fc12", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1797", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2500", "CVE-2010-2519", "CVE-2010-2520", "CVE-2010-2527", "CVE-2010-2541", "CVE-2010-2805", "CVE-2010-2806", "CVE-2010-2808", "CVE-2010-3311", "CVE-2010-3855"], "description": "The FreeType engine is a free and portable font rendering engine, developed to provide advanced font support for a variety of platforms and environments. FreeType is a library which can open and manages font files as well as efficiently load, hint and render individual glyphs. FreeType is not a font server or a complete text-rendering library. ", "modified": "2010-11-21T21:52:29", "published": "2010-11-21T21:52:29", "id": "FEDORA:3F648110911", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: freetype-2.3.11-7.fc13", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2020-11-11T13:21:25", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2500", "CVE-2010-2527", "CVE-2010-2520", "CVE-2010-2519", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2497"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-2070-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nJuly 14, 2010 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : freetype\nVulnerability : several\nProblem type : local(remote)\nDebian-specific: no\nCVE Id(s) : CVE-2010-2497 CVE-2010-2498 CVE-2010-2499 CVE-2010-2500 CVE-2010-2519 CVE-2010-2520 CVE-2010-2527\n\nRobert Swiecki discovered several vulnerabilities in the FreeType font \nlibrary, which could lead to the execution of arbitrary code if a\nmalformed font file is processed.\n\nAlso, several buffer overflows were found in the included demo programs.\n\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.3.7-2+lenny2.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.4.0-1.\n\nWe recommend that you upgrade your freetype packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny2.dsc\n Size/MD5 checksum: 1219 a5930e5dfa3757bed045a67b7ef0e3e2\n http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7.orig.tar.gz\n Size/MD5 checksum: 1567540 c1a9f44fde316470176fd6d66af3a0e8\n http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny2.diff.gz\n Size/MD5 checksum: 36156 f1cb13247588b40f8f6c9d232df7efde\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_alpha.deb\n Size/MD5 checksum: 775180 d9d1a2680550113aab5a5aa23998458e\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_alpha.deb\n Size/MD5 checksum: 411954 63d800f83bd77f18b9307cd77b5cfd1d\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_alpha.deb\n Size/MD5 checksum: 253784 b95be0af80d58e4e0818dd9b66447d9e\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_alpha.udeb\n Size/MD5 checksum: 296564 6e080492ee03692588c5953b36bade6d\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_amd64.udeb\n Size/MD5 checksum: 269680 4c9e6efc6c36f0867c74dde033b97ac8\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_amd64.deb\n Size/MD5 checksum: 223010 5b9c55fc8ef35251ccdc3c1d22b13edd\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_amd64.deb\n Size/MD5 checksum: 713084 b5933f78399f7d690f786fb7f04d1eca\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_amd64.deb\n Size/MD5 checksum: 385600 741877f101eef1dd6f77aead47ddbba1\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_arm.deb\n Size/MD5 checksum: 205134 624b8b38b6cea2d569c70a18a5f78934\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_arm.udeb\n Size/MD5 checksum: 242180 d7c5020f9cb5417378b80571bc2eccd4\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_arm.deb\n Size/MD5 checksum: 686080 a12f9cb0b5f76071ed204cfdcc571cd5\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_arm.deb\n Size/MD5 checksum: 356996 ff79207089cce445fa6d0514156f12cf\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_armel.deb\n Size/MD5 checksum: 684278 7654ae1ba45138f11c53da2acce6055c\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_armel.deb\n Size/MD5 checksum: 210040 2d05fa53273572a89c81c9085a291fee\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_armel.udeb\n Size/MD5 checksum: 236524 727d731977efad369b51fdc28d42bade\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_armel.deb\n Size/MD5 checksum: 353412 0bd84857e81e20c777cfaa5cf75532f2\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_hppa.deb\n Size/MD5 checksum: 390130 633e25d7f8c8c618d9bae093ccb82ce3\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_hppa.deb\n Size/MD5 checksum: 226818 cddac3930a33e08d60652f33c9a74951\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_hppa.deb\n Size/MD5 checksum: 724826 9b77d359086e5379ded04c10e2acd20e\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_hppa.udeb\n Size/MD5 checksum: 273756 4e144120db5dcbf29368b95a783e55ca\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_i386.deb\n Size/MD5 checksum: 198154 db88552ea82caf3939e7b0cf50aaacd6\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_i386.deb\n Size/MD5 checksum: 369100 303fa098f2a6ae9b96dda6911f0bd7fb\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_i386.deb\n Size/MD5 checksum: 681856 df21b1a3835e262d844f60f9da27b279\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_i386.udeb\n Size/MD5 checksum: 254120 bfb155340e5d588d06f09901b508661b\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_ia64.deb\n Size/MD5 checksum: 530172 3eb3af7df07000f3f77046c21476d336\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_ia64.udeb\n Size/MD5 checksum: 415500 a7790020bc8e89e29d22ba21de275386\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_ia64.deb\n Size/MD5 checksum: 331586 c0c579a4f47c6239c33cf1b139850d1c\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_ia64.deb\n Size/MD5 checksum: 876158 52006540c63793635d2dcac9f8179dbf\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_mips.deb\n Size/MD5 checksum: 716244 e62cde7460caa83b189326abbe6a5347\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_mips.deb\n Size/MD5 checksum: 370118 606f0b24f3694f40eb5331e8d74c4f3b\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_mips.deb\n Size/MD5 checksum: 215180 33b08b6b36a20501276e657c3613701e\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_mips.udeb\n Size/MD5 checksum: 253874 fe4977d926f17b3cbc338ea9926fec40\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_mipsel.udeb\n Size/MD5 checksum: 254212 58be71c203785b01889176e8b028afac\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_mipsel.deb\n Size/MD5 checksum: 215322 f376b04c5b8450a03b7299a86cc4a586\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_mipsel.deb\n Size/MD5 checksum: 369756 412a79e35817f664f76dcaab0df63a59\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_mipsel.deb\n Size/MD5 checksum: 716552 3bc89b0f776eaaf3fcd5ec8f6373b599\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_powerpc.deb\n Size/MD5 checksum: 379634 a6f5c6e8ff755639559e55973ec1074d\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_powerpc.deb\n Size/MD5 checksum: 708420 6596bcb33887463503ad0507b216e4ed\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_powerpc.deb\n Size/MD5 checksum: 233050 40ee5ec08547be283b808d3afd5f97ba\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_powerpc.udeb\n Size/MD5 checksum: 262690 ed1fff07f9e2f763ca481b2f8599e4af\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_s390.deb\n Size/MD5 checksum: 383824 3fbd3dc038b0ac35b961a964cb1147e6\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_s390.deb\n Size/MD5 checksum: 225144 04291aff7589607427d175721aafe8c3\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_s390.udeb\n Size/MD5 checksum: 268070 d565627ddbf45d36920a27b8f42c1f55\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_s390.deb\n Size/MD5 checksum: 698596 f161a20932cbdbb2ccf4d3a30a555231\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_sparc.deb\n Size/MD5 checksum: 351162 9f308ff70921739fffbbfe9fca486a87\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_sparc.deb\n Size/MD5 checksum: 679330 4bee549927cdfc3b52fc62a5f16b3d49\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_sparc.udeb\n Size/MD5 checksum: 235344 ed806b039d7d8868ae9f7c89fe794629\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_sparc.deb\n Size/MD5 checksum: 200794 49a26fa64c57498279481a4786919055\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 3, "modified": "2010-07-14T20:05:08", "published": "2010-07-14T20:05:08", "id": "DEBIAN:DSA-2070-1:50712", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2010/msg00115.html", "title": "[SECURITY] [DSA 2070-1] New freetype packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-11T13:12:59", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2807", "CVE-2010-3053", "CVE-2010-2808", "CVE-2010-2805", "CVE-2010-2806", "CVE-2010-1797", "CVE-2010-2541"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-2105-1 security@debian.org\nhttp://www.debian.org/security/ Giuseppe Iuculano\nSeptember 07, 2010 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : freetype\nVulnerability : several\nProblem type : local(remote)\nDebian-specific: no\nCVE Id(s) : CVE-2010-1797 CVE-2010-2541 CVE-2010-2805 CVE-2010-2806\n CVE-2010-2807 CVE-2010-2808 CVE-2010-3053\n\n\nSeveral vulnerabilities have been discovered in the FreeType font \nlibrary. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\nCVE-2010-1797\n\n Multiple stack-based buffer overflows in the \n cff_decoder_parse_charstrings function in the CFF Type2 CharStrings\n interpreter in cff/cffgload.c in FreeType allow remote attackers to\n execute arbitrary code or cause a denial of service (memory\n corruption) via crafted CFF opcodes in embedded fonts in a PDF\n document, as demonstrated by JailbreakMe.\n\nCVE-2010-2541\n\n Buffer overflow in ftmulti.c in the ftmulti demo program in FreeType\n allows remote attackers to cause a denial of service (application\n crash) or possibly execute arbitrary code via a crafted font file.\n\nCVE-2010-2805\n\n The FT_Stream_EnterFrame function in base/ftstream.c in FreeType does\n not properly validate certain position values, which allows remote\n attackers to cause a denial of service (application crash) or\n possibly execute arbitrary code via a crafted font file\n\nCVE-2010-2806\n\n Array index error in the t42_parse_sfnts function in\n type42/t42parse.c in FreeType allows remote attackers to cause a\n denial of service (application crash) or possibly execute arbitrary\n code via negative size values for certain strings in FontType42 font\n files, leading to a heap-based buffer overflow.\n\nCVE-2010-2807\n\n FreeType uses incorrect integer data types during bounds checking,\n which allows remote attackers to cause a denial of service\n (application crash) or possibly execute arbitrary code via a crafted\n font file.\n\nCVE-2010-2808\n\n Buffer overflow in the Mac_Read_POST_Resource function in\n base/ftobjs.c in FreeType allows remote attackers to cause a denial\n of service (memory corruption and application crash) or possibly\n execute arbitrary code via a crafted Adobe Type 1 Mac Font File (aka\n LWFN) font.\n\nCVE-2010-3053\n\n bdf/bdflib.c in FreeType allows remote attackers to cause a denial of\n service (application crash) via a crafted BDF font file, related to\n an attempted modification of a value in a static string.\n\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.3.7-2+lenny3\n\nFor the unstable distribution (sid) and the testing distribution\n(squeeze), these problems have been fixed in version 2.4.2-1\n\n\nWe recommend that you upgrade your freetype package.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nDebian (stable)\n- ---------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny3.diff.gz\n Size/MD5 checksum: 39230 95a3841e7258573ca2d3e0075b8e7f73\n http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7.orig.tar.gz\n Size/MD5 checksum: 1567540 c1a9f44fde316470176fd6d66af3a0e8\n http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny3.dsc\n Size/MD5 checksum: 1219 2a2bf3d4568d92e2a48ebcda38140e73\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_alpha.deb\n Size/MD5 checksum: 775278 2f2ca060588fc33b6d7baae02201dbd2\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_alpha.deb\n Size/MD5 checksum: 412188 ad9537e93ed3fb61f9348470940f3ce5\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_alpha.udeb\n Size/MD5 checksum: 296592 e689b1c4b6bd7779e44d1cd641be9622\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_alpha.deb\n Size/MD5 checksum: 253786 287a98ca57139d4dee8041eba2881e3b\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_amd64.deb\n Size/MD5 checksum: 713260 f1d4002e7b6d185ff9f46bc25d67c4c9\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_amd64.deb\n Size/MD5 checksum: 223170 cb00f76d826be115243faa9dfd0b8a91\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_amd64.udeb\n Size/MD5 checksum: 269796 40762e686138c27ac92b20174e67012e\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_amd64.deb\n Size/MD5 checksum: 385848 0294d7e3e1d6b37532f98344a9849cde\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_arm.deb\n Size/MD5 checksum: 686154 fbe32c7124ba2ce093b31f46736e002b\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_arm.deb\n Size/MD5 checksum: 357158 0d793d543a33cfa192098234c925d639\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_arm.udeb\n Size/MD5 checksum: 242196 1cfc9f7dc6a7cd0843aa234bab35b69e\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_arm.deb\n Size/MD5 checksum: 205120 39ab4dfbc19c8a63affc493e0b5aaf2d\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_armel.deb\n Size/MD5 checksum: 684568 325686fbc2fba7687da424ada57b9419\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_armel.deb\n Size/MD5 checksum: 209992 69f6a68fb90658ec74dfd7cc7cc0b766\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_armel.udeb\n Size/MD5 checksum: 236564 a48afca5c6798d16b140b3362dfac0ca\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_armel.deb\n Size/MD5 checksum: 353814 76960109910d6de2f74ec0e345f00854\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_i386.udeb\n Size/MD5 checksum: 254452 a34af74eda0feb2b763cfc6f5b8330c1\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_i386.deb\n Size/MD5 checksum: 371586 ec294ffffeb9ddec389e3e988d880534\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_i386.deb\n Size/MD5 checksum: 198558 3283ad058d37eed8bca46df743c6a915\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_i386.deb\n Size/MD5 checksum: 684624 014d335b35ed41022adb628796a0c122\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_ia64.deb\n Size/MD5 checksum: 332160 2dbb364f09414e4b0e0f59d9e91d1edc\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_ia64.deb\n Size/MD5 checksum: 876692 2f6d3421d6c8424523388347c5640666\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_ia64.deb\n Size/MD5 checksum: 531496 5dd7755f63271f597b64c3f513e8e7f1\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_ia64.udeb\n Size/MD5 checksum: 415934 ea2ba16157b3504d8b9c8f251b69b16f\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_mips.deb\n Size/MD5 checksum: 717022 9ee8c246af10f4bf7cdf5cdc54010dd6\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_mips.deb\n Size/MD5 checksum: 213212 3641ad81738e8935c5df2b648383c8e0\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_mips.deb\n Size/MD5 checksum: 369018 18559e273ffcea5614e71ab32b95ef47\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_mips.udeb\n Size/MD5 checksum: 253924 1be1e224f27a780beb6799d55fa74663\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_mipsel.deb\n Size/MD5 checksum: 369772 6181d98166fe1f004fb033f2665ce4af\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_mipsel.deb\n Size/MD5 checksum: 214802 6edbec67ff79e96921d1fe4bf57b0fce\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_mipsel.deb\n Size/MD5 checksum: 712502 4a99ccc68b1913f88901c5e0686fea4f\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_mipsel.udeb\n Size/MD5 checksum: 254212 e30825a94175fd78a561b8365392cbad\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_powerpc.udeb\n Size/MD5 checksum: 262804 d35ced8ba625f39dc7a04e3e61e0d49d\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_powerpc.deb\n Size/MD5 checksum: 233882 6e294c19dd0109ee80fe6cd401b6a185\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_powerpc.deb\n Size/MD5 checksum: 378612 c96a180e7132c543396486b14107cdad\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_powerpc.deb\n Size/MD5 checksum: 708212 9602a7786b2ebffd1d75d443901574c5\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_s390.deb\n Size/MD5 checksum: 225190 393c9515f7cd89bcd8b0c38d6d6dd7ac\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_s390.deb\n Size/MD5 checksum: 384160 4e20bc56e5fc65fb08529d8765d28850\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_s390.deb\n Size/MD5 checksum: 698798 f589b6b8882d998bb7b89fa1dfa40b3a\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_s390.udeb\n Size/MD5 checksum: 268272 7b6511b9ad657aa165e906a4fcbfee11\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_sparc.deb\n Size/MD5 checksum: 200078 29c1833cbde5b4da5c2e35aaf856ab58\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_sparc.udeb\n Size/MD5 checksum: 235424 e64a8fc3b744253b22161e31fbb6e92a\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_sparc.deb\n Size/MD5 checksum: 352544 a7f480889460b104bbab16fd8d8da2d5\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_sparc.deb\n Size/MD5 checksum: 676520 6d0f57a5bd6457a9b9b85271c7001531\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 9, "modified": "2010-09-07T20:39:45", "published": "2010-09-07T20:39:45", "id": "DEBIAN:DSA-2105-1:33FFA", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2010/msg00152.html", "title": "[SECURITY] [DSA-2105-1] New freetype packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:35", "bulletinFamily": "software", "cvelist": ["CVE-2010-2500", "CVE-2010-2527", "CVE-2010-2520", "CVE-2010-2519", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2497"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- ------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2070-1 security@debian.org\r\nhttp://www.debian.org/security/ Moritz Muehlenhoff\r\nJuly 14, 2010 http://www.debian.org/security/faq\r\n- ------------------------------------------------------------------------\r\n\r\nPackage : freetype\r\nVulnerability : several\r\nProblem type : local(remote)\r\nDebian-specific: no\r\nCVE Id(s) : CVE-2010-2497 CVE-2010-2498 CVE-2010-2499 CVE-2010-2500 CVE-2010-2519 CVE-2010-2520 CVE-2010-2527\r\n\r\nRobert Swiecki discovered several vulnerabilities in the FreeType font \r\nlibrary, which could lead to the execution of arbitrary code if a\r\nmalformed font file is processed.\r\n\r\nAlso, several buffer overflows were found in the included demo programs.\r\n\r\n\r\nFor the stable distribution (lenny), these problems have been fixed in\r\nversion 2.3.7-2+lenny2.\r\n\r\nFor the unstable distribution (sid), these problems have been fixed in\r\nversion 2.4.0-1.\r\n\r\nWe recommend that you upgrade your freetype packages.\r\n\r\nUpgrade instructions\r\n- --------------------\r\n\r\nwget url\r\n will fetch the file for you\r\ndpkg -i file.deb\r\n will install the referenced file.\r\n\r\nIf you are using the apt-get package manager, use the line for\r\nsources.list as given below:\r\n\r\napt-get update\r\n will update the internal database\r\napt-get upgrade\r\n will install corrected packages\r\n\r\nYou may use an automated update by adding the resources from the\r\nfooter to the proper configuration.\r\n\r\n\r\nDebian GNU/Linux 5.0 alias lenny\r\n- --------------------------------\r\n\r\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\r\n\r\nSource archives:\r\n\r\n http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny2.dsc\r\n Size/MD5 checksum: 1219 a5930e5dfa3757bed045a67b7ef0e3e2\r\n http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7.orig.tar.gz\r\n Size/MD5 checksum: 1567540 c1a9f44fde316470176fd6d66af3a0e8\r\n http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny2.diff.gz\r\n Size/MD5 checksum: 36156 f1cb13247588b40f8f6c9d232df7efde\r\n\r\nalpha architecture (DEC Alpha)\r\n\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_alpha.deb\r\n Size/MD5 checksum: 775180 d9d1a2680550113aab5a5aa23998458e\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_alpha.deb\r\n Size/MD5 checksum: 411954 63d800f83bd77f18b9307cd77b5cfd1d\r\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_alpha.deb\r\n Size/MD5 checksum: 253784 b95be0af80d58e4e0818dd9b66447d9e\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_alpha.udeb\r\n Size/MD5 checksum: 296564 6e080492ee03692588c5953b36bade6d\r\n\r\namd64 architecture (AMD x86_64 (AMD64))\r\n\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_amd64.udeb\r\n Size/MD5 checksum: 269680 4c9e6efc6c36f0867c74dde033b97ac8\r\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_amd64.deb\r\n Size/MD5 checksum: 223010 5b9c55fc8ef35251ccdc3c1d22b13edd\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_amd64.deb\r\n Size/MD5 checksum: 713084 b5933f78399f7d690f786fb7f04d1eca\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_amd64.deb\r\n Size/MD5 checksum: 385600 741877f101eef1dd6f77aead47ddbba1\r\n\r\narm architecture (ARM)\r\n\r\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_arm.deb\r\n Size/MD5 checksum: 205134 624b8b38b6cea2d569c70a18a5f78934\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_arm.udeb\r\n Size/MD5 checksum: 242180 d7c5020f9cb5417378b80571bc2eccd4\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_arm.deb\r\n Size/MD5 checksum: 686080 a12f9cb0b5f76071ed204cfdcc571cd5\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_arm.deb\r\n Size/MD5 checksum: 356996 ff79207089cce445fa6d0514156f12cf\r\n\r\narmel architecture (ARM EABI)\r\n\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_armel.deb\r\n Size/MD5 checksum: 684278 7654ae1ba45138f11c53da2acce6055c\r\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_armel.deb\r\n Size/MD5 checksum: 210040 2d05fa53273572a89c81c9085a291fee\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_armel.udeb\r\n Size/MD5 checksum: 236524 727d731977efad369b51fdc28d42bade\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_armel.deb\r\n Size/MD5 checksum: 353412 0bd84857e81e20c777cfaa5cf75532f2\r\n\r\nhppa architecture (HP PA RISC)\r\n\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_hppa.deb\r\n Size/MD5 checksum: 390130 633e25d7f8c8c618d9bae093ccb82ce3\r\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_hppa.deb\r\n Size/MD5 checksum: 226818 cddac3930a33e08d60652f33c9a74951\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_hppa.deb\r\n Size/MD5 checksum: 724826 9b77d359086e5379ded04c10e2acd20e\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_hppa.udeb\r\n Size/MD5 checksum: 273756 4e144120db5dcbf29368b95a783e55ca\r\n\r\ni386 architecture (Intel ia32)\r\n\r\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_i386.deb\r\n Size/MD5 checksum: 198154 db88552ea82caf3939e7b0cf50aaacd6\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_i386.deb\r\n Size/MD5 checksum: 369100 303fa098f2a6ae9b96dda6911f0bd7fb\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_i386.deb\r\n Size/MD5 checksum: 681856 df21b1a3835e262d844f60f9da27b279\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_i386.udeb\r\n Size/MD5 checksum: 254120 bfb155340e5d588d06f09901b508661b\r\n\r\nia64 architecture (Intel ia64)\r\n\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_ia64.deb\r\n Size/MD5 checksum: 530172 3eb3af7df07000f3f77046c21476d336\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_ia64.udeb\r\n Size/MD5 checksum: 415500 a7790020bc8e89e29d22ba21de275386\r\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_ia64.deb\r\n Size/MD5 checksum: 331586 c0c579a4f47c6239c33cf1b139850d1c\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_ia64.deb\r\n Size/MD5 checksum: 876158 52006540c63793635d2dcac9f8179dbf\r\n\r\nmips architecture (MIPS (Big Endian))\r\n\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_mips.deb\r\n Size/MD5 checksum: 716244 e62cde7460caa83b189326abbe6a5347\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_mips.deb\r\n Size/MD5 checksum: 370118 606f0b24f3694f40eb5331e8d74c4f3b\r\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_mips.deb\r\n Size/MD5 checksum: 215180 33b08b6b36a20501276e657c3613701e\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_mips.udeb\r\n Size/MD5 checksum: 253874 fe4977d926f17b3cbc338ea9926fec40\r\n\r\nmipsel architecture (MIPS (Little Endian))\r\n\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_mipsel.udeb\r\n Size/MD5 checksum: 254212 58be71c203785b01889176e8b028afac\r\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_mipsel.deb\r\n Size/MD5 checksum: 215322 f376b04c5b8450a03b7299a86cc4a586\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_mipsel.deb\r\n Size/MD5 checksum: 369756 412a79e35817f664f76dcaab0df63a59\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_mipsel.deb\r\n Size/MD5 checksum: 716552 3bc89b0f776eaaf3fcd5ec8f6373b599\r\n\r\npowerpc architecture (PowerPC)\r\n\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_powerpc.deb\r\n Size/MD5 checksum: 379634 a6f5c6e8ff755639559e55973ec1074d\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_powerpc.deb\r\n Size/MD5 checksum: 708420 6596bcb33887463503ad0507b216e4ed\r\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_powerpc.deb\r\n Size/MD5 checksum: 233050 40ee5ec08547be283b808d3afd5f97ba\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_powerpc.udeb\r\n Size/MD5 checksum: 262690 ed1fff07f9e2f763ca481b2f8599e4af\r\n\r\ns390 architecture (IBM S/390)\r\n\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_s390.deb\r\n Size/MD5 checksum: 383824 3fbd3dc038b0ac35b961a964cb1147e6\r\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_s390.deb\r\n Size/MD5 checksum: 225144 04291aff7589607427d175721aafe8c3\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_s390.udeb\r\n Size/MD5 checksum: 268070 d565627ddbf45d36920a27b8f42c1f55\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_s390.deb\r\n Size/MD5 checksum: 698596 f161a20932cbdbb2ccf4d3a30a555231\r\n\r\nsparc architecture (Sun SPARC/UltraSPARC)\r\n\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_sparc.deb\r\n Size/MD5 checksum: 351162 9f308ff70921739fffbbfe9fca486a87\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_sparc.deb\r\n Size/MD5 checksum: 679330 4bee549927cdfc3b52fc62a5f16b3d49\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_sparc.udeb\r\n Size/MD5 checksum: 235344 ed806b039d7d8868ae9f7c89fe794629\r\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_sparc.deb\r\n Size/MD5 checksum: 200794 49a26fa64c57498279481a4786919055\r\n\r\n\r\n These files will probably be moved into the stable distribution on\r\n its next update.\r\n\r\n- ---------------------------------------------------------------------------------\r\nFor apt-get: deb http://security.debian.org/ stable/updates main\r\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\r\nMailing list: debian-security-announce@lists.debian.org\r\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.10 (GNU/Linux)\r\n\r\niEYEARECAAYFAkw+GCUACgkQXm3vHE4uylrkywCgy9GpS2XDmy5Y+pj3JOVAwpFs\r\nmWwAn1lQsDqPntOyBssbJ901IHmL8FW/\r\n=Y+AX\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2010-07-16T00:00:00", "published": "2010-07-16T00:00:00", "id": "SECURITYVULNS:DOC:24241", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:24241", "title": "[SECURITY] [DSA 2070-1] New freetype packages fix several vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:37", "bulletinFamily": "software", "cvelist": ["CVE-2010-2500", "CVE-2010-2807", "CVE-2010-3053", "CVE-2010-2808", "CVE-2010-2527", "CVE-2010-2520", "CVE-2010-2805", "CVE-2010-2806", "CVE-2010-3311", "CVE-2010-2519", "CVE-2010-2498", "CVE-2010-1797", "CVE-2010-3855", "CVE-2010-2499", "CVE-2010-2497", "CVE-2010-2541", "CVE-2010-3814", "CVE-2011-3439"], "description": "Memory corruptions on fonts parsing.", "edition": 1, "modified": "2011-11-27T00:00:00", "published": "2011-11-27T00:00:00", "id": "SECURITYVULNS:VULN:11001", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11001", "title": "freetype library multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:36", "bulletinFamily": "software", "cvelist": ["CVE-2010-2807", "CVE-2010-2808", "CVE-2010-2805", "CVE-2010-2806", "CVE-2010-1797", "CVE-2010-2541"], "description": "===========================================================\r\nUbuntu Security Notice USN-972-1 August 17, 2010\r\nfreetype vulnerabilities\r\nCVE-2010-1797, CVE-2010-2541, CVE-2010-2805, CVE-2010-2806,\r\nCVE-2010-2807, CVE-2010-2808\r\n===========================================================\r\n\r\nA security issue affects the following Ubuntu releases:\r\n\r\nUbuntu 6.06 LTS\r\nUbuntu 8.04 LTS\r\nUbuntu 9.04\r\nUbuntu 9.10\r\nUbuntu 10.04 LTS\r\n\r\nThis advisory also applies to the corresponding versions of\r\nKubuntu, Edubuntu, and Xubuntu.\r\n\r\nThe problem can be corrected by upgrading your system to the\r\nfollowing package versions:\r\n\r\nUbuntu 6.06 LTS:\r\n libfreetype6 2.1.10-1ubuntu2.8\r\n\r\nUbuntu 8.04 LTS:\r\n libfreetype6 2.3.5-1ubuntu4.8.04.4\r\n\r\nUbuntu 9.04:\r\n libfreetype6 2.3.9-4ubuntu0.3\r\n\r\nUbuntu 9.10:\r\n libfreetype6 2.3.9-5ubuntu0.2\r\n\r\nUbuntu 10.04 LTS:\r\n libfreetype6 2.3.11-1ubuntu2.2\r\n\r\nAfter a standard system update you need to restart your session to make\r\nall the necessary changes.\r\n\r\nDetails follow:\r\n\r\nIt was discovered that FreeType did not correctly handle certain malformed\r\nfont files. If a user were tricked into using a specially crafted font\r\nfile, a remote attacker could cause FreeType to crash or possibly execute\r\narbitrary code with user privileges.\r\n\r\n\r\nUpdated packages for Ubuntu 6.06 LTS:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.10-1ubuntu2.8.diff.gz\r\n Size/MD5: 70961 d986f14b69d50fe1884e8dd5f9386731\r\n http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.10-1ubuntu2.8.dsc\r\n Size/MD5: 719 a91985ecc92b75aa3f3647506bad4039\r\n http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.10.orig.tar.gz\r\n Size/MD5: 1323617 adf145ce51196ad1b3054d5fb032efe6\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.8_amd64.deb\r\n Size/MD5: 717794 f332d5b1974aa53f200e4e6ecf9df088\r\n http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.8_amd64.deb\r\n Size/MD5: 440974 afa83868cc67cec692f72a9dc93635ff\r\n http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.8_amd64.deb\r\n Size/MD5: 133902 dca56851436275285b4563c96388a070\r\n http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.8_amd64.udeb\r\n Size/MD5: 251958 358627e207009dbe0c5be095e7bed18d\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.8_i386.deb\r\n Size/MD5: 677592 ee43f5e97f31b8da57582dbdb1e63033\r\n http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.8_i386.deb\r\n Size/MD5: 416328 ef092c08ba2c167af0da25ab743ea663\r\n http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.8_i386.deb\r\n Size/MD5: 117302 b2633ed4487657fe349fd3de76fce405\r\n http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.8_i386.udeb\r\n Size/MD5: 227436 f55ab8a9bb7e76ad743f6c0fa2974e64\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.8_powerpc.deb\r\n Size/MD5: 708654 ee71c714e62e96a9af4cf7ba909142e6\r\n http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.8_powerpc.deb\r\n Size/MD5: 431036 4f1c6a1e28d3a14b593bef37605119ab\r\n http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.8_powerpc.deb\r\n Size/MD5: 134260 66ba7d95f551eaadb1bba5a56d76529d\r\n http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.8_powerpc.udeb\r\n Size/MD5: 241726 d2c4f13b12c8280b1fad56cdc0965502\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.8_sparc.deb\r\n Size/MD5: 683964 49df9101deb9a317229351d72b5804ec\r\n http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.8_sparc.deb\r\n Size/MD5: 411982 efaca20d5deec9e51be023710902852b\r\n http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.8_sparc.deb\r\n Size/MD5: 120138 ff723720ed499e40049e3487844b9db3\r\n http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.8_sparc.udeb\r\n Size/MD5: 222676 71f172ba71fc507b04e5337d55b32ed6\r\n\r\nUpdated packages for Ubuntu 8.04 LTS:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.5-1ubuntu4.8.04.4.diff.gz\r\n Size/MD5: 40949 1cc5014da4db8200edb54df32561fcd0\r\n http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.5-1ubuntu4.8.04.4.dsc\r\n Size/MD5: 907 7f698125814f4ca67a01b0a66d9bcfe9\r\n http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.5.orig.tar.gz\r\n Size/MD5: 1536077 4a5bdbe1ab92f3fe4c4816f9934a5ec2\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.4_amd64.deb\r\n Size/MD5: 694322 c740e1665d09a0c691163a543c8d650b\r\n http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.4_amd64.deb\r\n Size/MD5: 362386 5b085e83764fcda129bede2c5c4ca179\r\n http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.4_amd64.deb\r\n Size/MD5: 221392 dbebbbaffc086dccf550468fff1daa92\r\n http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.4_amd64.udeb\r\n Size/MD5: 258454 f3903d4e43891753f3c6439cd862617f\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.4_i386.deb\r\n Size/MD5: 663330 7601af27049730f0f7afcfa30244ae88\r\n http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.4_i386.deb\r\n Size/MD5: 347172 de53a441e28e385598d20333ff636026\r\n http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.4_i386.deb\r\n Size/MD5: 201266 c9c50bdc87d0a46fc43f3bbca26adec5\r\n http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.4_i386.udeb\r\n Size/MD5: 243462 16bb61f604fe48a301f6faeaa094d266\r\n\r\n lpia architecture (Low Power Intel Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.4_lpia.deb\r\n Size/MD5: 665120 bf0dcd13b8a171f6a740ca225d943e68\r\n http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.4_lpia.deb\r\n Size/MD5: 347512 d2beee3ccf7fe0233825d46cc61ca62d\r\n http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.4_lpia.deb\r\n Size/MD5: 205560 7879f630a5356e3d6e9c0609e8008de9\r\n http://ports.ubuntu.com/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.4_lpia.udeb\r\n Size/MD5: 244324 4e10fb5e68a78312eb02c69508120c6a\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.4_powerpc.deb\r\n Size/MD5: 687156 6d36300396fa84d6f889147b0247f385\r\n http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.4_powerpc.deb\r\n Size/MD5: 358086 06b9874cc9ba11fdb6feb10b0831e890\r\n http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.4_powerpc.deb\r\n Size/MD5: 235578 ce514bab4cbc028a0451742c38c633cd\r\n http://ports.ubuntu.com/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.4_powerpc.udeb\r\n Size/MD5: 254526 d50f40a9421b52f4302c4d260170edb3\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.4_sparc.deb\r\n Size/MD5: 658094 184f0f51023baa8ce459fababaa190d9\r\n http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.4_sparc.deb\r\n Size/MD5: 332124 5aa036de5269896c893ea8f825329b84\r\n http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.4_sparc.deb\r\n Size/MD5: 199782 9323f9209333cf42114e97d3305d901c\r\n http://ports.ubuntu.com/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.4_sparc.udeb\r\n Size/MD5: 227810 7657e99ad137ad5ce654b74cfbbfdc10\r\n\r\nUpdated packages for Ubuntu 9.04:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9-4ubuntu0.3.diff.gz\r\n Size/MD5: 44032 17b27322a6448d40599c55561209c940\r\n http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9-4ubuntu0.3.dsc\r\n Size/MD5: 1311 5124a4df7016a625a631c1ff4661aae9\r\n http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9.orig.tar.gz\r\n Size/MD5: 1624314 7b2ab681f1a436876ed888041204e478\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.9-4ubuntu0.3_amd64.deb\r\n Size/MD5: 729408 788a2af765a8356c4a7c01e893695b0b\r\n http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.9-4ubuntu0.3_amd64.udeb\r\n Size/MD5: 272950 a1f9a0ad0d036e5a14b073c139ce5408\r\n http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.9-4ubuntu0.3_amd64.deb\r\n Size/MD5: 407052 bfd510dc0c46a0f25dd3329693ee66a8\r\n http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.9-4ubuntu0.3_amd64.deb\r\n Size/MD5: 226474 9b8e6c521d8629b9b1db2760209460a3\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.9-4ubuntu0.3_i386.deb\r\n Size/MD5: 697818 9176ee8649b8441333d7c5d9359c53a6\r\n http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.9-4ubuntu0.3_i386.udeb\r\n Size/MD5: 257896 c26f46491d69a174fa9cad126a3201cf\r\n http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.9-4ubuntu0.3_i386.deb\r\n Size/MD5: 392692 648d0605a187b74291b3233e5e4930e3\r\n http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.9-4ubuntu0.3_i386.deb\r\n Size/MD5: 198834 0b41da08de5417a7db21e24e730e03d9\r\n\r\n lpia architecture (Low Power Intel Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-4ubuntu0.3_lpia.deb\r\n Size/MD5: 698682 12c20dd647db986bd87a250d8706e8e8\r\n http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-4ubuntu0.3_lpia.udeb\r\n Size/MD5: 257736 dee60e4b8a1824d2aa13364ec0f01602\r\n http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-4ubuntu0.3_lpia.deb\r\n Size/MD5: 392978 e19bcc3c8c0cec76227c64843b01516a\r\n http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-4ubuntu0.3_lpia.deb\r\n Size/MD5: 201636 a558e986b6c6e878e115126e7d3a28a5\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-4ubuntu0.3_powerpc.deb\r\n Size/MD5: 720040 70c8792cddd9cfe45480f8d760dd0163\r\n http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-4ubuntu0.3_powerpc.udeb\r\n Size/MD5: 265790 b356a500845d045f431db6ef4db4f811\r\n http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-4ubuntu0.3_powerpc.deb\r\n Size/MD5: 400532 91aa4eea6b8e9b67a721b552caab8468\r\n http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-4ubuntu0.3_powerpc.deb\r\n Size/MD5: 227834 fa22e303b8d06dfb99a8c3c1f2980061\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-4ubuntu0.3_sparc.deb\r\n Size/MD5: 689244 dff22369b1bb07d4ef7c6d9f474149db\r\n http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-4ubuntu0.3_sparc.udeb\r\n Size/MD5: 238164 cb1e597bd0065d2ffbad763a52088c1d\r\n http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-4ubuntu0.3_sparc.deb\r\n Size/MD5: 372422 c6f36ae3119f8f17368d796943ba9908\r\n http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-4ubuntu0.3_sparc.deb\r\n Size/MD5: 201390 c3f108859375787b11190d3c5a1d966b\r\n\r\nUpdated packages for Ubuntu 9.10:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9-5ubuntu0.2.diff.gz\r\n Size/MD5: 43530 f78681f1641b93f34d41ff4d6f31eb71\r\n http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9-5ubuntu0.2.dsc\r\n Size/MD5: 1311 8a9a302e0a62f2dbe2a62aba456e2108\r\n http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9.orig.tar.gz\r\n Size/MD5: 1624314 7b2ab681f1a436876ed888041204e478\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.9-5ubuntu0.2_amd64.deb\r\n Size/MD5: 731028 3b5ed0ad073cca0c1eee212b0e12f255\r\n http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.9-5ubuntu0.2_amd64.udeb\r\n Size/MD5: 275110 a23822489a0d7d45152f341b86f0df20\r\n http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.9-5ubuntu0.2_amd64.deb\r\n Size/MD5: 409362 ba180d650e17df6980ca09b8d1a109e1\r\n http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.9-5ubuntu0.2_amd64.deb\r\n Size/MD5: 230774 a0a51691eefc0fb6e94d41c3282c3ab2\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.9-5ubuntu0.2_i386.deb\r\n Size/MD5: 696892 ad2164ed812ccd9cf7829659cff219c7\r\n http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.9-5ubuntu0.2_i386.udeb\r\n Size/MD5: 258710 c2d256e87eaee83ab83592247588bee7\r\n http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.9-5ubuntu0.2_i386.deb\r\n Size/MD5: 393912 c8d04b785d17066229bab50a3c13e1af\r\n http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.9-5ubuntu0.2_i386.deb\r\n Size/MD5: 195702 02aa03f1f62a61383d829b5bf494b7b0\r\n\r\n lpia architecture (Low Power Intel Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-5ubuntu0.2_lpia.deb\r\n Size/MD5: 699382 ff8200917b43322062d2f3b5f3f6bab8\r\n http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-5ubuntu0.2_lpia.udeb\r\n Size/MD5: 259348 0395bdbaf357d161d0f1d3b257ae4732\r\n http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-5ubuntu0.2_lpia.deb\r\n Size/MD5: 394122 8481f2e278a5da28b28ef0fa79207662\r\n http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-5ubuntu0.2_lpia.deb\r\n Size/MD5: 198546 a3f0a848da83a64d14344b6744b33a90\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-5ubuntu0.2_powerpc.deb\r\n Size/MD5: 719762 bd7185c852b151794c27f8c2ead4da94\r\n http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-5ubuntu0.2_powerpc.udeb\r\n Size/MD5: 264578 58a77cbf2ae4c2a447a81cce72f6b8c5\r\n http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-5ubuntu0.2_powerpc.deb\r\n Size/MD5: 399118 c943fa66513b862ccb6ac99699c9e33c\r\n http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-5ubuntu0.2_powerpc.deb\r\n Size/MD5: 203834 842dd94d9b3fad52c0b1b6489775d2ea\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-5ubuntu0.2_sparc.deb\r\n Size/MD5: 691054 557de31093ac67c2dedec97e55998295\r\n http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-5ubuntu0.2_sparc.udeb\r\n Size/MD5: 240534 f3c79ed9e84e7169851de3f432b613c3\r\n http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-5ubuntu0.2_sparc.deb\r\n Size/MD5: 374982 e84af1b516f050ee9bdb93c213994943\r\n http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-5ubuntu0.2_sparc.deb\r\n Size/MD5: 195786 599978c8d9cff2525eba228c793833c3\r\n\r\nUpdated packages for Ubuntu 10.04:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.11-1ubuntu2.2.diff.gz\r\n Size/MD5: 41646 9b97425327300eda74c492034fed50ad\r\n http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.11-1ubuntu2.2.dsc\r\n Size/MD5: 1313 b7b625334a0d9c926bf34cc83dcc904c\r\n http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.11.orig.tar.gz\r\n Size/MD5: 1709600 5aa22c0bc6aa3815b40a309ead2b9d1b\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.11-1ubuntu2.2_amd64.deb\r\n Size/MD5: 739530 db9147ce9477b7ab22374f89d24b24ca\r\n http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.11-1ubuntu2.2_amd64.udeb\r\n Size/MD5: 277536 35fc46f3c281aee82eeed4e00cfdacdc\r\n http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.11-1ubuntu2.2_amd64.deb\r\n Size/MD5: 434932 1bf8e620c3008504b87354470e7be9a5\r\n http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.11-1ubuntu2.2_amd64.deb\r\n Size/MD5: 221434 4b4fcbd633bf1b3c2151617adae44835\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.11-1ubuntu2.2_i386.deb\r\n Size/MD5: 704694 f58601afde2b4bc257492762654cbf94\r\n http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.11-1ubuntu2.2_i386.udeb\r\n Size/MD5: 260916 a540a7f9ae973bce66bbd3fdb9a4f849\r\n http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.11-1ubuntu2.2_i386.deb\r\n Size/MD5: 419000 d4a78ce7ae146caa59b61f43b27d363c\r\n http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.11-1ubuntu2.2_i386.deb\r\n Size/MD5: 188710 e94b4202fcfe184fdf81409fe610a42a\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.11-1ubuntu2.2_powerpc.deb\r\n Size/MD5: 728090 5f2e98a54cb2a0ac03591c387aacf461\r\n http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.11-1ubuntu2.2_powerpc.udeb\r\n Size/MD5: 266750 66bf2b146ab219d1b78e1887d0053f2a\r\n http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.11-1ubuntu2.2_powerpc.deb\r\n Size/MD5: 424614 fd964644b45bbbc79729c9609c4b6bb8\r\n http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.11-1ubuntu2.2_powerpc.deb\r\n Size/MD5: 196686 b88a8cebff19c95b6c9c161f7d1bb472\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.11-1ubuntu2.2_sparc.deb\r\n Size/MD5: 707164 bf26d7cb1aa3f759ca31510f92888053\r\n http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.11-1ubuntu2.2_sparc.udeb\r\n Size/MD5: 250768 100b4d4b270421fb1dcb503c88b547e8\r\n http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.11-1ubuntu2.2_sparc.deb\r\n Size/MD5: 408132 b009cd0f1aafa500f8cc16273e9f2ed9\r\n http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.11-1ubuntu2.2_sparc.deb\r\n Size/MD5: 198302 504ec3da9ee2048391e2c4035d7149fc\r\n\r\n\r\n", "edition": 1, "modified": "2010-08-19T00:00:00", "published": "2010-08-19T00:00:00", "id": "SECURITYVULNS:DOC:24546", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:24546", "title": "[USN-972-1] FreeType vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:37", "bulletinFamily": "software", "cvelist": ["CVE-2010-2500", "CVE-2010-2215", "CVE-2010-3648", "CVE-2008-4546", "CVE-2010-4010", "CVE-2010-2160", "CVE-2010-1449", "CVE-2010-1832", "CVE-2009-0796", "CVE-2010-3640", "CVE-2010-1845", "CVE-2010-2161", "CVE-2010-1841", "CVE-2010-3786", "CVE-2009-0946", "CVE-2010-1846", "CVE-2010-3785", "CVE-2010-1843", "CVE-2010-3796", "CVE-2010-1833", "CVE-2010-2176", "CVE-2010-3790", "CVE-2010-2941", "CVE-2010-2177", "CVE-2010-2484", "CVE-2010-3798", "CVE-2010-1205", "CVE-2010-2186", "CVE-2010-3644", "CVE-2010-3639", "CVE-2010-0434", "CVE-2010-2531", "CVE-2010-1844", "CVE-2010-1828", "CVE-2010-3789", "CVE-2010-3654", "CVE-2010-2174", "CVE-2010-1836", "CVE-2010-2166", "CVE-2010-1834", "CVE-2010-2807", "CVE-2010-1450", "CVE-2010-1847", "CVE-2010-3053", "CVE-2010-2808", "CVE-2010-2173", "CVE-2010-2884", "CVE-2010-2188", "CVE-2010-1842", "CVE-2010-0212", "CVE-2010-2165", "CVE-2010-1840", "CVE-2010-2170", "CVE-2010-0001", "CVE-2010-3645", "CVE-2010-0408", "CVE-2010-3638", "CVE-2010-3788", "CVE-2010-2171", "CVE-2010-2520", "CVE-2010-2805", "CVE-2010-2249", "CVE-2010-2806", "CVE-2010-2184", "CVE-2010-1752", "CVE-2010-2182", "CVE-2010-3652", "CVE-2010-3784", "CVE-2010-3794", "CVE-2010-1811", "CVE-2010-3636", "CVE-2010-3641", "CVE-2010-3793", "CVE-2010-3054", "CVE-2010-2181", "CVE-2010-3797", "CVE-2010-2163", "CVE-2010-0105", "CVE-2010-2519", "CVE-2010-3976", "CVE-2010-1803", "CVE-2010-2183", "CVE-2010-1850", "CVE-2010-2216", "CVE-2010-0209", "CVE-2010-3791", "CVE-2010-2169", "CVE-2010-1831", "CVE-2010-1297", "CVE-2010-2213", "CVE-2010-3650", "CVE-2010-1378", "CVE-2010-2179", "CVE-2010-2498", "CVE-2010-2172", "CVE-2010-2189", "CVE-2010-0211", "CVE-2009-2473", "CVE-2010-3783", "CVE-2010-1848", "CVE-2010-2185", "CVE-2010-1837", "CVE-2010-2214", "CVE-2010-2164", "CVE-2009-2474", "CVE-2010-2499", "CVE-2010-2497", "CVE-2009-3793", "CVE-2010-1830", "CVE-2010-1838", "CVE-2010-1829", "CVE-2010-2167", "CVE-2010-3795", "CVE-2010-3647", "CVE-2010-1849", "CVE-2010-0397", "CVE-2010-3643", "CVE-2010-2162", "CVE-2009-4134", "CVE-2009-2624", "CVE-2010-3646", "CVE-2010-3642", "CVE-2010-2175", "CVE-2010-2180", "CVE-2010-3792", "CVE-2010-2187", "CVE-2010-3649", "CVE-2010-0205", "CVE-2010-3787", "CVE-2010-2178"], "description": "About the security content of Mac OS X v10.6.5 and Security Update 2010-007\r\n\r\n * Last Modified: November 12, 2010\r\n * Article: HT4435\r\n\r\nEmail this article\r\nPrint this page\r\nSummary\r\n\r\nThis document describes the security content of Mac OS X v10.6.5 and Security Update 2010-007, which can be downloaded and installed via Software Update preferences, or from Apple Downloads.\r\n\r\nFor the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.\r\n\r\nFor information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."\r\n\r\nWhere possible, CVE IDs are used to reference the vulnerabilities for further information.\r\n\r\nTo learn about other Security Updates, see "Apple Security Updates."\r\nProducts Affected\r\n\r\nMac OS X 10.6, Product Security, Security Update 2010-007, Mac OS X v10.6.\r\nMac OS X v10.6.5 and Security Update 2010-007\r\n\r\n *\r\n\r\n AFP Server\r\n\r\n CVE-ID: CVE-2010-1828\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A remote attacker may cause AFP Server to unexpectedly shutdown\r\n\r\n Description: A null pointer dereference exists in AFP Server's handling of reconnect authentication packets. A remote attacker may cause AFP Server to unexpectedly shutdown. Mac OS X automatically restarts AFP Server after a shutdown. This issue is addressed through improved validation of reconnect packets. Credit: Apple.\r\n\r\n *\r\n\r\n AFP Server\r\n\r\n CVE-ID: CVE-2010-1829\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: An authenticated user may cause arbitrary code execution\r\n\r\n Description: A directory traversal issue exists in AFP Server, which may allow an authenticated user to create files outside of a share with the permissions of the user. With a system configuration where users are permitted file sharing access only, this may lead to arbitrary code execution. This issue is addressed through improved path validation. Credit: Apple.\r\n\r\n *\r\n\r\n AFP Server\r\n\r\n CVE-ID: CVE-2010-1830\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A remote attacker may determine the existence of an AFP share\r\n\r\n Description: An error handling issue exists in AFP Server. This may allow a remote attacker to determine the existence of an AFP share with a given name. This issue is addressed through improved signaling of error conditions. Credit: Apple.\r\n\r\n *\r\n\r\n Apache mod_perl\r\n\r\n CVE-ID: CVE-2009-0796\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A remote attacker may cause cross-site scripting against the web server\r\n\r\n Description: A cross-site scripting issue exists in Apache mod_perl's encoding of HTML output for the /perl-status page. An attacker may leverage this issue to inject arbitrary script code in the context of a web site served by Apache. This issue does not affect the default configuration as mod_perl and its status page are not enabled by default. This issue is addressed by properly escaping HTML output.\r\n\r\n *\r\n\r\n Apache\r\n\r\n CVE-ID: CVE-2010-0408, CVE-2010-0434\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Multiple vulnerabilities in Apache 2.2.14\r\n\r\n Description: Apache is updated to version 2.2.15 to address several vulnerabilities, the most serious of which may lead to a denial of service. Further information is available via the Apache web site at http://httpd.apache.org/\r\n\r\n *\r\n\r\n AppKit\r\n\r\n CVE-ID: CVE-2010-1842\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Rendering a bidirectional string that requires truncation may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A buffer overflow exists in AppKit. If a string containing bidirectional text is rendered, and it is truncated with an ellipsis, AppKit may apply an inappropriate layout calculation. This could lead to an unexpected application termination or arbitrary code execution. This issue is addressed by avoiding the inappropriate layout calculation. Credit to Jesse Ruderman of Mozilla Corporation for reporting this issue.\r\n\r\n *\r\n\r\n ATS\r\n\r\n CVE-ID: CVE-2010-1831\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution\r\n\r\n Description: A buffer overflow exists in Apple Type Services' handling of embedded fonts with long names. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution. This issue is addressed through improved bounds checking.\r\n\r\n *\r\n\r\n ATS\r\n\r\n CVE-ID: CVE-2010-1832\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution\r\n\r\n Description: A stack buffer overflow exists in Apple Type Services' handling of embedded fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution. On Mac OS X v10.6 systems this issue is mitigated by the -fstack-protector compiler flag. This issue is addressed through improved bounds checking. Credit: Apple.\r\n\r\n *\r\n\r\n ATS\r\n\r\n CVE-ID: CVE-2010-1833\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution\r\n\r\n Description: A memory corruption issue exists in Apple Type Services' handling of embedded fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution. This issue is addressed through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.6. Credit to Marc Schoenefeld of Red Hat, and Christoph Diehl of Mozilla for reporting this issue.\r\n\r\n *\r\n\r\n ATS\r\n\r\n CVE-ID: CVE-2010-4010\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\r\n\r\n Impact: Viewing or downloading a document containing a maliciously crafted embedded CFF font may lead to arbitrary code execution\r\n\r\n Description: A signedness issue exists in Apple Type Services' handling of Compact Font Format (CFF) fonts. Viewing or downloading a document containing a maliciously crafted embedded CFF font may lead to arbitrary code execution. This issue is addressed through improved handling of CFF fonts. This issue does not affect Mac OS X v10.6 systems. Credit to Matias Eissler and Anibal Sacco of Core Security Technologies for reporting this issue.\r\n\r\n *\r\n\r\n CFNetwork\r\n\r\n CVE-ID: CVE-2010-1752\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A stack overflow exists in CFNetwork's URL handling code. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to Laurent OUDOT of TEHTRI-Security, and Neil Fryer of IT Security Geeks for reporting this issue.\r\n\r\n *\r\n\r\n CFNetwork\r\n\r\n CVE-ID: CVE-2010-1834\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Visiting a maliciously crafted website may cause cookies to be set for other sites\r\n\r\n Description: An implementation issue exists in CFNetwork's handling of domain specifications in cookies. CFNetwork allows cookies to be set for a partial IP address. A maliciously crafted website may set a cookie that will be sent to a third-party site, if the third-party site is accessed by IP address. This update addresses the issue by through improved validation of domains specified in cookies.\r\n\r\n *\r\n\r\n CoreGraphics\r\n\r\n CVE-ID: CVE-2010-1836\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A stack buffer overflow exists in CoreGraphics' handling of PDF files. Opening a maliciously crafted PDF file may lead to an unexpected application termination. On 32-bit systems, it may also lead to arbitrary code execution. This update addresses the issues through improved bounds and error checking. Credit to Andrew Kiss for reporting this issue.\r\n\r\n *\r\n\r\n CoreText\r\n\r\n CVE-ID: CVE-2010-1837\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue exists in CoreText's handling of font files. Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved validation of font files. Credit: Apple.\r\n\r\n *\r\n\r\n CUPS\r\n\r\n CVE-ID: CVE-2010-2941\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue exists in the handling of Internet Printing Protocol (IPP) requests in CUPS. By sending a maliciously crafted IPP request, a remote attacker may cause an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management. This issue may only be triggered remotely on systems with Printer Sharing enabled. Printer Sharing is not enabled by default. Credit to Emmanuel Bouillon of NATO C3 Agency for reporting this issue.\r\n\r\n *\r\n\r\n Directory Services\r\n\r\n CVE-ID: CVE-2010-1838\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A local attacker may bypass the password validation and log in to a mobile account\r\n\r\n Description: An error handling issue exists in Directory Service. A local attacker with knowledge of the name of a disabled mobile account, or a mobile account that allows a limited number of login failures, may bypass the password validation and log in to the account. This issue is addressed through improved handling of disabled accounts.\r\n\r\n *\r\n\r\n Directory Services\r\n\r\n CVE-ID: CVE-2010-1840\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: An attacker may be able to cause an unexpected application termination or arbitrary code execution\r\n\r\n Description: A stack buffer overflow exists in Directory Services' password validation. An attacker may be able to cause an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to Rodrigo Rubira Branco from Check Point Vulnerability Discovery Team (VDT), and Rainer Mueller for reporting this issue.\r\n\r\n *\r\n\r\n diskdev_cmds\r\n\r\n CVE-ID: CVE-2010-0105\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A local user may be able to prevent the system from starting properly\r\n\r\n Description: An implementation issue exists fsck_hfs' handling of directory trees. A local user may be able to prevent the system from starting properly. This issue is addressed through improved validation of directory trees. Credit to Maksymilian Arciemowicz of SecurityReason for reporting this issue.\r\n\r\n *\r\n\r\n Disk Images\r\n\r\n CVE-ID: CVE-2010-1841\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Opening a maliciously crafted disk image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue exists in processing UDIF disk images. Opening a maliciously crafted disk image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved validation of UDIF disk images. Credit to Marc Schoenefeld of Red Hat for reporting this issue.\r\n\r\n *\r\n\r\n Flash Player plug-in\r\n\r\n CVE-ID: CVE-2008-4546, CVE-2009-3793, CVE-2010-0209, CVE-2010-1297, CVE-2010-2160, CVE-2010-2161, CVE-2010-2162, CVE-2010-2163, CVE-2010-2164, CVE-2010-2165, CVE-2010-2166, CVE-2010-2167, CVE-2010-2169, CVE-2010-2170, CVE-2010-2171, CVE-2010-2172, CVE-2010-2173, CVE-2010-2174, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2179, CVE-2010-2180, CVE-2010-2181, CVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185, CVE-2010-2186, CVE-2010-2187, CVE-2010-2189, CVE-2010-2188, CVE-2010-2213, CVE-2010-2214, CVE-2010-2215, CVE-2010-2216, CVE-2010-2884, CVE-2010-3636, CVE-2010-3638, CVE-2010-3639, CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, CVE-2010-3652, CVE-2010-3654, CVE-2010-3976\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Multiple vulnerabilities in Adobe Flash Player plug-in\r\n\r\n Description: Multiple issues exist in the Adobe Flash Player plug-in, the most serious of which may lead to arbitrary code execution. The issues are addressed by updating the Flash Player plug-in to version 10.1.102.64. Further information is available via the Adobe web site at http://www.adobe.com/support/security/\r\n\r\n *\r\n\r\n gzip\r\n\r\n CVE-ID: CVE-2010-0001\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Extracting a maliciously crafted archive may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An integer overflow exists in gzip's handling of archives that use LZW compression. Extracting a maliciously crafted archive may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.6. Credit to Aki Helin of the Oulu University Secure Programming Group for reporting this issue.\r\n\r\n *\r\n\r\n gzip\r\n\r\n CVE-ID: CVE-2009-2624\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Extracting a maliciously crafted archive may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An buffer overflow exists in gzip. Extracting a maliciously crafted archive may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management.\r\n\r\n *\r\n\r\n Image Capture\r\n\r\n CVE-ID: CVE-2010-1844\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Downloading a maliciously crafted image may lead to an unexpected system shutdown\r\n\r\n Description: A unbounded memory consumption issue exists in Image Capture. Downloading a maliciously crafted image may lead to an unexpected system shutdown. This issue is addressed through improved input validation. This issue does not affect systems prior to Mac OS X v10.6. Credit to Steven Fisher of Discovery Software Ltd. for reporting this issue.\r\n\r\n *\r\n\r\n ImageIO\r\n\r\n CVE-ID: CVE-2010-1845\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted PSD image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: Multiple memory corruption issues exist in ImageIO's handling of PSD images. Viewing a maliciously crafted PSD image may lead to an unexpected application termination or arbitrary code execution. These issues are addressed through improved validation of PSD images. Credit to Dominic Chell of NGSSoftware for reporting one of these issues.\r\n\r\n *\r\n\r\n ImageIO\r\n\r\n CVE-ID: CVE-2010-1811\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A heap buffer overflow exists in the handling of TIFF Images. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit: Apple.\r\n\r\n *\r\n\r\n ImageIO\r\n\r\n CVE-ID: CVE-2010-2249, CVE-2010-1205\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Multiple vulnerabilities in libpng\r\n\r\n Description: libpng is updated to version 1.4.3 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html\r\n\r\n *\r\n\r\n Image RAW\r\n\r\n CVE-ID: CVE-2010-1846\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted RAW image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A heap buffer overflow exists in Image RAW's handling of images. Viewing a maliciously crafted RAW image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit: Apple.\r\n\r\n *\r\n\r\n Kernel\r\n\r\n CVE-ID: CVE-2010-1847\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A local user may cause an unexpected system shutdown\r\n\r\n Description: A memory management issue in the handling of terminal devices may allow a local user to cause an unexpected system shutdown. This issue is addressed through improved memory management.\r\n\r\n *\r\n\r\n MySQL\r\n\r\n CVE-ID: CVE-2010-1848, CVE-2010-1849, CVE-2010-1850\r\n\r\n Available for: Mac OS X Server v10.5.8, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Multiple vulnerabilities in MySQL 5.0.88\r\n\r\n Description: MySQL is updated to version 5.0.91 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. MySQL is only provided with Mac OS X Server systems. Further information is available via the MySQL web site at http://dev.mysql.com/doc/refman/5.0/en/news-5-0-91.html\r\n\r\n *\r\n\r\n neon\r\n\r\n CVE-ID: CVE-2009-2473, CVE-2009-2474\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Multiple vulnerabilities in neon 0.28.3\r\n\r\n Description: neon is updated to version 0.28.6 to address several vulnerabilities, the most serious of which may allow a man-in-the-middle attacker to redirect connections and intercept user credentials or other sensitive information. Further information is available via the neon web site at http://www.webdav.org/neon/\r\n\r\n *\r\n\r\n Networking\r\n\r\n CVE-ID: CVE-2010-1843\r\n\r\n Available for: Mac OS X v10.6.2 through v10.6.4, Mac OS X Server v10.6.2 through v10.6.4\r\n\r\n Impact: A remote attacker may cause an unexpected system shutdown\r\n\r\n Description: A null pointer dereference issue exists in the handling of Protocol Independent Multicast (PIM) packets. By sending a maliciously crafted PIM packet, a remote attacker may cause an unexpected system shutdown. This issue is addressed through improved validation of PIM packets. This issue does not affect systems prior to Mac OS X v10.6.2. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.\r\n\r\n *\r\n\r\n OpenLDAP\r\n\r\n CVE-ID: CVE-2010-0211\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A remote attacker may cause a denial of service or arbitrary code execution\r\n\r\n Description: A memory management issue exists in OpenLDAP. By sending a maliciously crafted query an attacker may cause a denial of service or arbitrary code execution. This issue is addressed through improved memory management.\r\n\r\n *\r\n\r\n OpenLDAP\r\n\r\n CVE-ID: CVE-2010-0212\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A remote attacker may cause a denial of service\r\n\r\n Description: A null pointer dereference exists in OpenLDAP. By sending a maliciously crafted query an attacker may cause a denial of service. This issue is addressed through improved memory management. Credit to Ilkka Mattila and Tuomas Salomaki for reporting this issue.\r\n\r\n *\r\n\r\n OpenSSL\r\n\r\n CVE-ID: CVE-2010-1378\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A remote user may bypass TLS authentication or spoof a trusted server\r\n\r\n Description: An arithmetic issue exists in OpenSSL's certificate validation. A remote user may bypass certificate validation steps, and cause OpenSSL to accept any certificate signed by a trusted root as valid. This issue is addressed through improved certificate validation. This issue does not affect systems prior to Mac OS X v10.6. This issue only affects the Mac OS X distribution of OpenSSL. Credit to Ryan Govostes of RPISEC for reporting this issue.\r\n\r\n *\r\n\r\n Password Server\r\n\r\n CVE-ID: CVE-2010-3783\r\n\r\n Available for: Mac OS X Server v10.5.8, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A remote attacker may be able to log in with an outdated password\r\n\r\n Description: An implementation issue in Password Server's handling of replication may cause passwords to not be replicated. A remote attacker may be able to log in to a system using an outdated password. This issue is addressed through improved handling of password replication. This issue only affects Mac OS X Server systems. Credit: Apple.\r\n\r\n *\r\n\r\n PHP\r\n\r\n CVE-ID: CVE-2010-0397, CVE-2010-2531\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Multiple vulnerabilities in PHP 5.3.2\r\n\r\n Description: PHP is updated to version 5.3.3 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the PHP website at http://www.php.net/\r\n\r\n *\r\n\r\n PHP\r\n\r\n CVE-ID: CVE-2010-0397, CVE-2010-2531, CVE-2010-2484\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\r\n\r\n Impact: Multiple vulnerabilities in PHP 5.2.12\r\n\r\n Description: PHP is updated to version 5.2.14 to address multiple vulnerabilities, the most serious of which may lead to arbitary code execution. Further information is available via the PHP website at http://www.php.net/\r\n\r\n *\r\n\r\n Printing\r\n\r\n CVE-ID: CVE-2010-3784\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Applications that use the PMPageFormatCreateWithDataRepresentation API may be vulnerable to an unexpected application termination\r\n\r\n Description: A null dereference issue exists in the PMPageFormatCreateWithDataRepresentation API's handling of XML data. Applications that use this API may be vulnerable to an unexpected application termination. This issue is addressed through improved handling of XML data. Credit to Wujun Li of Microsoft for reporting this issue.\r\n\r\n *\r\n\r\n python\r\n\r\n CVE-ID: CVE-2009-4134, CVE-2010-1449, CVE-2010-1450\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Python applications using the rgbimg and audioop modules may be vulnerable to an unexpected application termination or arbitrary code execution.\r\n\r\n Description: Multiple integer overflows exists in python's rgbimg and audioop modules. Python applications using the rgbimg and audioop modules may be vulnerable to an unexpected application termination or arbitrary code execution. These issues are addressed through improved bounds checking.\r\n\r\n *\r\n\r\n QuickLook\r\n\r\n CVE-ID: CVE-2010-3785\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A buffer overflow exists in QuickLook's handling of Microsoft Office files. Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit: Apple.\r\n\r\n *\r\n\r\n QuickLook\r\n\r\n CVE-ID: CVE-2010-3786\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Downloading a maliciously crafted Excel file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue exists in QuickLook's handling of Excel files. Downloading a maliciously crafted Excel file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.6. Credit to Tobias Klein, working with VeriSign iDefense Labs for reporting this issue.\r\n\r\n *\r\n\r\n QuickTime\r\n\r\n CVE-ID: CVE-2010-3787\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted JP2 image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A heap buffer overflow exists in QuickTime's handling of JP2 images. Viewing a maliciously crafted JP2 image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to Nils of MWR InfoSecurity for reporting this issue.\r\n\r\n *\r\n\r\n QuickTime\r\n\r\n CVE-ID: CVE-2010-3788\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted JP2 image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An uninitialized memory access issue exists in QuickTime's handling of JP2 images. Viewing a maliciously crafted JP2 image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved validation of JP2 images. Credit to Damian Put and Procyun, working with TippingPoint's Zero Day Initiative for reporting this issue.\r\n\r\n *\r\n\r\n QuickTime\r\n\r\n CVE-ID: CVE-2010-3789\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted avi file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue is in QuickTime's handling of avi files. Viewing a maliciously crafted avi file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of avi files. Credit to Damian Put working with TippingPoint's Zero Day Initiative for reporting this issue.\r\n\r\n *\r\n\r\n QuickTime\r\n\r\n CVE-ID: CVE-2010-3790\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue exists in QuickTime's handling of movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of movie files. Credit to Honggang Ren of Fortinet's FortiGuard Labs for reporting this issue.\r\n\r\n *\r\n\r\n QuickTime\r\n\r\n CVE-ID: CVE-2010-3791\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A buffer overflow exists in QuickTime's handling of MPEG encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.\r\n\r\n *\r\n\r\n QuickTime\r\n\r\n CVE-ID: CVE-2010-3792\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A signedness issue exists in QuickTime's handling of MPEG encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of MPEG encoded movie files. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.\r\n\r\n *\r\n\r\n QuickTime\r\n\r\n CVE-ID: CVE-2010-3793\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue exists in the handling of Sorenson encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved validation of Sorenson encoded movie files. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative and Carsten Eiram of Secunia Research for reporting this issue.\r\n\r\n *\r\n\r\n QuickTime\r\n\r\n CVE-ID: CVE-2010-3794\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted FlashPix image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An uninitialized memory access issue exists in QuickTime's handling of FlashPix images. Viewing a maliciously crafted FlashPix image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.\r\n\r\n *\r\n\r\n QuickTime\r\n\r\n CVE-ID: CVE-2010-3795\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted GIF image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An unitialized memory access issue exists in QuickTime's handling of GIF images. Viewing a maliciously crafted GIF image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.\r\n\r\n *\r\n\r\n Safari RSS\r\n\r\n CVE-ID: CVE-2010-3796\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Accessing a maliciously crafted "feed:" URL may lead to the disclosure of sensitive information\r\n\r\n Description: Java applets are allowed in RSS feeds. Since Java applets can modify the loading DOM, accessing a maliciously crafted "feed:" URL may lead to the disclosure of sensitive information. This issue is addressed by disallowing Java applets in RSS feeds. Credit to Jason Hullinger of IOActive for reporting this issue.\r\n\r\n *\r\n\r\n Time Machine\r\n\r\n CVE-ID: CVE-2010-1803\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A remote attacker may access a user's Time Machine information\r\n\r\n Description: The user may designate a remote AFP volume to be used for Time Machine backups. Time Machine does not verify that the same physical device is being used for subsequent backup operations. An attacker who is able to spoof the remote AFP volume can gain access to the user's backup information. This issue is addressed by verifying the unique identifier associated with a disk for backup operations. This issue does not affect Mac OS X v10.5 systems. Credit to Renaud Deraison of Tenable Network Security, Inc. for reporting this issue.\r\n\r\n *\r\n\r\n Wiki Server\r\n\r\n CVE-ID: CVE-2010-3797\r\n\r\n Available for: Mac OS X Server v10.5.8, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A user who can edit wiki pages may obtain the credentials of other users\r\n\r\n Description: A JavaScript injection issue exists in Wiki Server. A user who can edit wiki pages may obtain the credentials of any user who visits the edited pages. This issue is addressed through improved input validation. This issue only affects Mac OS X Server systems. Credit: Apple.\r\n\r\n *\r\n\r\n X11\r\n\r\n CVE-ID: CVE-2010-1205, CVE-2010-2249, CVE-2010-0205\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Multiple vulnerabilities in libpng version 1.2.41\r\n\r\n Description: Multiple vulnerabilities exist in libpng version 1.2.42, the most serious of which may lead to arbitrary code execution. These issues are addressed by updating to version 1.2.44. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html\r\n\r\n *\r\n\r\n X11\r\n\r\n CVE-ID: CVE-2009-0946, CVE-2010-2497, CVE-2010-2498, CVE-2010-2499, CVE-2010-2500, CVE-2010-2519, CVE-2010-2520, CVE-2010-2805, CVE-2010-2806, CVE-2010-2807, CVE-2010-2808, CVE-2010-3053, CVE-2010-3054\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Multiple vulnerabilities in FreeType 2.3.9\r\n\r\n Description: Multiple vulnerabilities exist in FreeType 2.3.9, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font. These issues are addressed by updating FreeType to version 2.4.2. Further information is available via the FreeType site at http://www.freetype.org/\r\n\r\n *\r\n\r\n xar\r\n\r\n CVE-ID: CVE-2010-3798\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Extracting a maliciously crafted xar archive may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A heap buffer overflow exists in xar. Extracting a maliciously crafted xar archive may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.6. Credit: Apple.\r\n\r\n", "edition": 1, "modified": "2010-11-18T00:00:00", "published": "2010-11-18T00:00:00", "id": "SECURITYVULNS:DOC:25153", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:25153", "title": "About the security content of Mac OS X v10.6.5 and Security Update 2010-007", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "n0where": [{"lastseen": "2019-05-29T18:37:11", "bulletinFamily": "tools", "cvelist": ["CVE-2010-2500", "CVE-2010-2527", "CVE-2010-2520", "CVE-2010-2519", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2497"], "description": "Honggfuzz is a general-purpose fuzzing tool. Given a starting corpus of test files, Hongfuzz supplies and modifies input to a test program and utilize the ** ptrace() API ** / ** POSIX signal interface ** to detect and log crashes. \n\n\n\n## Features \n\n * ** Easy setup ** : No complicated configuration files or setup necessary \u2014 Hongfuzz can be run directly from the command line. \n * ** Fast ** : Multiple Hongfuzz instances can be run simultaneously for more efficient fuzzing. \n * ** Powerful analysis capabilities ** : Hongfuzz will use the most powerful process state analysis (e.g. ptrace) interface under a given OS. \n\n## Requirements \n\n * A POSIX compilant operating system \n * (under Linux) \u2013 BFD library (libbfd-dev) and LibUnwind (libunwind-dev/libunwind8-dev) \n * (under FreeBSD) \u2013 gmake \n * The [ capstone ](<https://github.com/google/honggfuzz/blob/master/docs/capstone.md>) library (wth x86/amd64 Linux boxes) \n * A corpus of input files. Honggfuzz expects a set of files to use and modify as input to the application you\u2019re fuzzing. How you get or create these files is up to you, but you might be interested in the following sources: \n * Image formats: Tavis Ormandy\u2019s [ Image Testuite ](<http://code.google.com/p/imagetestsuite/>) has been effective at finding vulnerabilities in various graphics libraries. \n * PDF: Adobe provides some [ test PDF files ](<http://acroeng.adobe.com/>) . \n\n## Description \n\n * A general-purpose, easy-to-use fuzzer with interesting analysis options. \n * Supports hardware-based [ feedback-driven fuzzing ](<https://github.com/google/honggfuzz/blob/master/docs/FeedbackDrivenFuzzing.md>) (requires Linux and a supported CPU model) \n * It works, at least, under GNU/Linux and FreeBSD (possibly under Mac OS X as well) \n * [ Can fuzz long-lasting processes ](<https://github.com/google/honggfuzz/blob/master/docs/AttachingToPid.md>) (e.g. network servers like Apache\u2019s httpd and ISC\u2019s bind) \n * It\u2019s been used to find a few interesting security problems in major software; examples: \n * FreeType 2 project: [ CVE-2010-2497 ](<https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2497>) , [ CVE-2010-2498 ](<https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2498>) , [ CVE-2010-2499 ](<https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2499>) , [ CVE-2010-2500 ](<https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2500>) , [ CVE-2010-2519 ](<https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2519>) , [ CVE-2010-2520 ](<https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2520>) , [ CVE-2010-2527 ](<https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2527>)\n * [ Multiple bugs in the libtiff library ](<http://bugzilla.maptools.org/buglist.cgi?query_format=advanced;emailreporter1=1;email1=robert@swiecki.net;product=libtiff;emailtype1=substring>)\n * [ Multiple bugs in the librsvg library ](<https://bugzilla.gnome.org/buglist.cgi?query_format=advanced;emailreporter1=1;email1=robert%40swiecki.net;product=librsvg;emailtype1=substring>)\n * [ Multiple bugs in the poppler library ](<http://lists.freedesktop.org/archives/poppler/2010-November/006726.html>)\n * [ Multiple exploitable bugs in IDA-Pro ](<https://www.hex-rays.com/bugbounty.shtml>)\n\nThis is NOT an official Google product. \n\n## Compatibility list \n\nIt should work under the following operating systems: \n\n** OS ** | ** Status ** | ** Notes ** \n---|---|--- \n** GNU/Linux ** | Works | ptrace() API (x86, x86-64 disassembly support) \n** FreeBSD ** | Works | POSIX signal interface \n** Mac OS X ** | Works | POSIX signal interface/Mac OS X crash reports (x86-64/x86 disassembly support) \n** MS Windows ** | Doesn\u2019t work | The POSIX signal implementation provided by the Cygwin project is not sufficient \n** Other Unices ** | Depends ` * ` | POSIX signal interface \n \n_ ` * ` ) It might work provided that a given operating system implements ** wait3() ** call _\n\n## Usage \n \n \n $ ./honggfuzz \r\n honggfuzz version 0.3 Robert Swiecki <swiecki@google.com>, Copyright 2010 by Google Inc. All Rights Reserved.\r\n <-f val>: input file (or input dir)\r\n [-h]: this help\r\n [-q]: null-ify children's stdin, stdout, stderr; make them quiet\r\n [-s]: standard input fuzz, instead of providing a file argument\r\n [-u]: save unique test-cases only, otherwise (if not used) append\r\n current timestamp to the output filenames\r\n [-d val]: debug level (0 - FATAL ... 4 - DEBUG), default: '3' (INFO)\r\n [-e val]: file extension (e.g swf), default: 'fuzz'\r\n [-r val]: flip rate, default: '0.001'\r\n [-m val]: flip mode (-mB - byte, -mb - bit), default: '-mB'\r\n [-c val]: command modifying input files externally (instead of -r/-m)\r\n [-t val]: timeout (in secs), default: '3' (0 - no timeout)\r\n [-a val]: address limit (from si.si_addr) below which crashes\r\n are not reported, default: '0' (suggested: 65535)\r\n [-n val]: number of concurrent fuzzing processes, default: '5'\r\n [-l val]: per process memory limit in MiB, default: '0' (no limit)\r\n [-p val]: attach to a pid (a group thread), instead of monitoring\r\n previously created process, default: '0' (none) (ptrace only)\r\n usage: honggfuzz -f input_dir -- /usr/bin/tiffinfo -D ___FILE___\r\n \n\nHonggfuzz offers simple file mutation algorithm only (bits/bytes). This [ document ](<https://github.com/google/honggfuzz/blob/master/docs/ExternalFuzzerUsage.md>) explains how to use an external command to create fuzzing input. \n\n## Output Files \n\n** Mode ** | ** Output file ** \n---|--- \nUnique mode ( ** -u ** ) | ** SIGSEGV.PC.0x7ffff78c8f70.CODE.1.ADDR.0x6c9000.INSTR.mov ` _ ` ` [ ` rdi+0x10 ` ] ` , ` _ ` [ r9 ](<https://code.google.com/p/honggfuzz/source/detail?r=9>) .ttf ** \nNon-unique mode | ** SIGSEGV.PC.0x8056ad7.CODE.1.ADDR.0x30333037.INSTR.movsx_eax, ` _ ` ` [ ` eax ` ] ` .TIME.2010-06-07.02.25.04.PID.10097.ttf ** \nPOSIX signal interface | ** SIGSEGV.22758.2010-07-01.17.24.41.tif ** \n \n## [ ](<https://github.com/google/honggfuzz/blob/master/docs/USAGE.md#description>) Description \n\n * ** SIGSEGV ** , ** SIGILL ** , ** SIGBUS ** , ** SIGABRT ** , ** SIGFPE ** \u2013 Description of the signal which terminated the process (when using ptrace() API, it\u2019s a signal which was delivered to the process, even if silently discarded) \n * ** PC.0x8056ad7 ** \u2013 Program Counter (PC) value (ptrace() API only), for x86 it\u2019s a value of the EIP register (RIP for x86-64) \n * ** CODE.1 ** \u2013 Value of the _ siginfo` _ ` t.si ` _ `code _ field (see _ man 2 signaction _ for more details), valid for some signals (e.g. SIGSEGV) only \n * ** ADDR.0x30333037 ** \u2013 Value of the _ siginfo` _ ` t.si ` _ `addr _ (see _ man 2 signaction _ for more details) (most likely meaningless for SIGABRT) \n * ** INSTR.movsx_eax, ` _ ` ` [ ` eax ` ] ` ** \u2013 Disassembled instruction which was found under the last known PC (Program Counter) (x86, x86-64 architectures only, meaningless for SIGABRT) \n * ** TIME.2010-06-07.02.25.04 ** \u2013 Local time when the signal was delivered \n * ** PID.10097 ** \u2013 Fuzzing process\u2019 id (PID) (See [ AttachingToPid ](<https://github.com/google/honggfuzz/blob/master/docs/AttachingToPid.md>) for more) \n\n[  ](<https://github.com/google/honggfuzz>)\n", "edition": 4, "modified": "2015-06-05T15:50:13", "published": "2015-06-05T15:50:13", "id": "N0WHERE:31614", "href": "https://n0where.net/general-purpose-fuzzing-honggfuzz", "title": "General Purpose Fuzzing: Honggfuzz", "type": "n0where", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:22", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2500", "CVE-2010-2807", "CVE-2010-3053", "CVE-2010-2808", "CVE-2010-2527", "CVE-2010-2520", "CVE-2010-2805", "CVE-2011-3256", "CVE-2010-2806", "CVE-2010-3311", "CVE-2010-3054", "CVE-2010-2519", "CVE-2011-0226", "CVE-2010-2498", "CVE-2010-1797", "CVE-2010-3855", "CVE-2010-2499", "CVE-2010-2497", "CVE-2010-2541", "CVE-2010-3814", "CVE-2011-3439"], "edition": 1, "description": "### Background\n\nFreeType is a high-quality and portable font engine.\n\n### Description\n\nMultiple vulnerabilities have been discovered in FreeType. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted font, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application, or a Denial of Service. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll FreeType users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/freetype-2.4.8\"", "modified": "2012-01-23T00:00:00", "published": "2012-01-23T00:00:00", "id": "GLSA-201201-09", "href": "https://security.gentoo.org/glsa/201201-09", "type": "gentoo", "title": "FreeType: Multiple vulnerabilities", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T12:43:04", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2500", "CVE-2012-1131", "CVE-2012-1136", "CVE-2012-1138", "CVE-2012-1127", "CVE-2010-3053", "CVE-2012-1126", "CVE-2010-2527", "CVE-2012-1141", "CVE-2010-2520", "CVE-2012-1130", "CVE-2010-2805", "CVE-2011-3256", "CVE-2012-1135", "CVE-2012-1133", "CVE-2012-1134", "CVE-2010-3311", "CVE-2012-1139", "CVE-2010-3054", "CVE-2010-2519", "CVE-2012-1132", "CVE-2010-2498", "CVE-2012-1142", "CVE-2010-1797", "CVE-2010-3855", "CVE-2010-2499", "CVE-2010-2497", "CVE-2010-2541", "CVE-2012-1129", "CVE-2010-3814", "CVE-2011-2895", "CVE-2012-1143", "CVE-2011-3439", "CVE-2012-1137"], "edition": 1, "description": "Specially crafted font files could have caused buffer\n overflows in freetype, which could have been exploited for\n remote code execution.\n", "modified": "2012-04-23T18:08:18", "published": "2012-04-23T18:08:18", "id": "SUSE-SU-2012:0553-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00020.html", "title": "Security update for freetype2 (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
