ID OPENVAS:71269 Type openvas Reporter Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com Modified 2017-04-10T00:00:00
Description
The remote host is missing an update to the system
as announced in the referenced advisory.
#
#VID 380e8c56-8e32-11e1-9580-4061862b8c22
# OpenVAS Vulnerability Test
# $
# Description: Auto generated from VID 380e8c56-8e32-11e1-9580-4061862b8c22
#
# Authors:
# Thomas Reinke <reinke@securityspace.com>
#
# Copyright:
# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largely excerpted from the referenced
# advisories, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
include("revisions-lib.inc");
tag_insight = "The following packages are affected:
firefox
linux-firefox
linux-seamonkey
linux-thunderbird
seamonkey
thunderbird
libxul
CVE-2011-1187
Google Chrome before 10.0.648.127 allows remote attackers to bypass
the Same Origin Policy via unspecified vectors, related to an 'error
message leak.'
CVE-2011-3062
Off-by-one error in the OpenType Sanitizer in Google Chrome before
18.0.1025.142 allows remote attackers to cause a denial of service or
possibly have unspecified other impact via a crafted OpenType file.
CVE-2012-0467
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird
5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey
before 2.9 allow remote attackers to cause a denial of service (memory
corruption and application crash) or possibly execute arbitrary code
via unknown vectors.
CVE-2012-0468
The browser engine in Mozilla Firefox 4.x through 11.0, Thunderbird
5.0 through 11.0, and SeaMonkey before 2.9 allows remote attackers to
cause a denial of service (assertion failure and memory corruption) or
possibly execute arbitrary code via vectors related to jsval.h and the
js::array_shift function.
CVE-2012-0469
Use-after-free vulnerability in the
mozilla::dom::indexedDB::IDBKeyRange::cycleCollection::Trace function
in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4,
Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and
SeaMonkey before 2.9 allows remote attackers to execute arbitrary code
via vectors related to crafted IndexedDB data.
CVE-2012-0470
Heap-based buffer overflow in the
nsSVGFEDiffuseLightingElement::LightPixel function in Mozilla Firefox
4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0
through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before
2.9 allows remote attackers to cause a denial of service (invalid
gfxImageSurface free operation) or possibly execute arbitrary code by
leveraging the use of 'different number systems.'
CVE-2012-0471
Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x
through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through
11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9
allows remote attackers to inject arbitrary web script or HTML via a
multibyte character set.
CVE-2012-0472
The cairo-dwrite implementation in Mozilla Firefox 4.x through 11.0,
Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0,
Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9, when
certain Windows Vista and Windows 7 configurations are used, does not
properly restrict font-rendering attempts, which allows remote
attackers to cause a denial of service (memory corruption) or possibly
execute arbitrary code via unspecified vectors.
CVE-2012-0473
The WebGLBuffer::FindMaxUshortElement function in Mozilla Firefox 4.x
through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through
11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9
calls the FindMaxElementInSubArray function with incorrect template
arguments, which allows remote attackers to obtain sensitive
information from video memory via a crafted WebGL.drawElements call.
CVE-2012-0474
Cross-site scripting (XSS) vulnerability in the docshell
implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x
before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x
before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to
inject arbitrary web script or HTML via vectors related to
short-circuited page loads, aka 'Universal XSS (UXSS).'
CVE-2012-0475
Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and
SeaMonkey before 2.9 do not properly construct the Origin and
Sec-WebSocket-Origin HTTP headers, which might allow remote attackers
to bypass an IPv6 literal ACL via a cross-site (1) XMLHttpRequest or
(2) WebSocket operation involving a nonstandard port number and an
IPv6 address that contains certain zero fields.
CVE-2012-0477
Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox
4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0
through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before
2.9 allow remote attackers to inject arbitrary web script or HTML via
the (1) ISO-2022-KR or (2) ISO-2022-CN character set.
CVE-2012-0478
The texImage2D implementation in the WebGL subsystem in Mozilla
Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird
5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey
before 2.9 does not properly restrict JSVAL_TO_OBJECT casts, which
might allow remote attackers to execute arbitrary code via a crafted
web page.
CVE-2012-0479
Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4,
Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and
SeaMonkey before 2.9 allow remote attackers to spoof the address bar
via an https URL for invalid (1) RSS or (2) Atom XML content.
CVE-2012-1126
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4
and other products, allows remote attackers to cause a denial of
service (invalid heap read operation and memory corruption) or
possibly execute arbitrary code via crafted property data in a BDF
font.
CVE-2012-1127
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4
and other products, allows remote attackers to cause a denial of
service (invalid heap read operation and memory corruption) or
possibly execute arbitrary code via crafted glyph or bitmap data in a
BDF font.
CVE-2012-1128
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4
and other products, allows remote attackers to cause a denial of
service (NULL pointer dereference and memory corruption) or possibly
execute arbitrary code via a crafted TrueType font.
CVE-2012-1129
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4
and other products, allows remote attackers to cause a denial of
service (invalid heap read operation and memory corruption) or
possibly execute arbitrary code via a crafted SFNT string in a Type 42
font.
CVE-2012-1130
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4
and other products, allows remote attackers to cause a denial of
service (invalid heap read operation and memory corruption) or
possibly execute arbitrary code via crafted property data in a PCF
font.
CVE-2012-1131
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4
and other products, on 64-bit platforms allows remote attackers to
cause a denial of service (invalid heap read operation and memory
corruption) or possibly execute arbitrary code via vectors related to
the cell table of a font.
CVE-2012-1132
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4
and other products, allows remote attackers to cause a denial of
service (invalid heap read operation and memory corruption) or
possibly execute arbitrary code via crafted dictionary data in a Type
1 font.
CVE-2012-1133
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4
and other products, allows remote attackers to cause a denial of
service (invalid heap write operation and memory corruption) or
possibly execute arbitrary code via crafted glyph or bitmap data in a
BDF font.
CVE-2012-1134
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4
and other products, allows remote attackers to cause a denial of
service (invalid heap write operation and memory corruption) or
possibly execute arbitrary code via crafted private-dictionary data in
a Type 1 font.
CVE-2012-1135
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4
and other products, allows remote attackers to cause a denial of
service (invalid heap read operation and memory corruption) or
possibly execute arbitrary code via vectors involving the NPUSHB and
NPUSHW instructions in a TrueType font.
CVE-2012-1136
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4
and other products, allows remote attackers to cause a denial of
service (invalid heap write operation and memory corruption) or
possibly execute arbitrary code via crafted glyph or bitmap data in a
BDF font that lacks an ENCODING field.
CVE-2012-1137
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4
and other products, allows remote attackers to cause a denial of
service (invalid heap read operation and memory corruption) or
possibly execute arbitrary code via a crafted header in a BDF font.
CVE-2012-1138
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4
and other products, allows remote attackers to cause a denial of
service (invalid heap read operation and memory corruption) or
possibly execute arbitrary code via vectors involving the MIRP
instruction in a TrueType font.
CVE-2012-1139
Array index error in FreeType before 2.4.9, as used in Mozilla Firefox
Mobile before 10.0.4 and other products, allows remote attackers to
cause a denial of service (invalid stack read operation and memory
corruption) or possibly execute arbitrary code via crafted glyph data
in a BDF font.
CVE-2012-1140
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4
and other products, allows remote attackers to cause a denial of
service (invalid heap read operation and memory corruption) or
possibly execute arbitrary code via a crafted PostScript font object.
CVE-2012-1141
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4
and other products, allows remote attackers to cause a denial of
service (invalid heap read operation and memory corruption) or
possibly execute arbitrary code via a crafted ASCII string in a BDF
font.
CVE-2012-1142
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4
and other products, allows remote attackers to cause a denial of
service (invalid heap write operation and memory corruption) or
possibly execute arbitrary code via crafted glyph-outline data in a
font.
CVE-2012-1143
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4
and other products, allows remote attackers to cause a denial of
service (divide-by-zero error) via a crafted font.
CVE-2012-1144
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4
and other products, allows remote attackers to cause a denial of
service (invalid heap write operation and memory corruption) or
possibly execute arbitrary code via a crafted TrueType font.";
tag_solution = "Update your system with the appropriate patches or
software upgrades.
http://www.mozilla.org/security/announce/2012/mfsa2012-20.html
http://www.mozilla.org/security/announce/2012/mfsa2012-21.html
http://www.mozilla.org/security/announce/2012/mfsa2012-22.html
http://www.mozilla.org/security/announce/2012/mfsa2012-23.html
http://www.mozilla.org/security/announce/2012/mfsa2012-24.html
http://www.mozilla.org/security/announce/2012/mfsa2012-25.html
http://www.mozilla.org/security/announce/2012/mfsa2012-26.html
http://www.mozilla.org/security/announce/2012/mfsa2012-27.html
http://www.mozilla.org/security/announce/2012/mfsa2012-28.html
http://www.mozilla.org/security/announce/2012/mfsa2012-29.html
http://www.mozilla.org/security/announce/2012/mfsa2012-30.html
http://www.mozilla.org/security/announce/2012/mfsa2012-31.html
http://www.mozilla.org/security/announce/2012/mfsa2012-32.html
http://www.mozilla.org/security/announce/2012/mfsa2012-33.html
http://www.vuxml.org/freebsd/380e8c56-8e32-11e1-9580-4061862b8c22.html";
tag_summary = "The remote host is missing an update to the system
as announced in the referenced advisory.";
if(description)
{
script_id(71269);
script_tag(name:"cvss_base", value:"10.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_cve_id("CVE-2011-1187", "CVE-2011-3062", "CVE-2012-0467", "CVE-2012-0468", "CVE-2012-0469", "CVE-2012-0470", "CVE-2012-0471", "CVE-2012-0472", "CVE-2012-0473", "CVE-2012-0474", "CVE-2012-0475", "CVE-2012-0477", "CVE-2012-0478", "CVE-2012-0479", "CVE-2012-1126", "CVE-2012-1127", "CVE-2012-1128", "CVE-2012-1129", "CVE-2012-1130", "CVE-2012-1131", "CVE-2012-1132", "CVE-2012-1133", "CVE-2012-1134", "CVE-2012-1135", "CVE-2012-1136", "CVE-2012-1137", "CVE-2012-1138", "CVE-2012-1139", "CVE-2012-1140", "CVE-2012-1141", "CVE-2012-1142", "CVE-2012-1143", "CVE-2012-1144");
script_version("$Revision: 5912 $");
script_tag(name:"last_modification", value:"$Date: 2017-04-10 11:01:51 +0200 (Mon, 10 Apr 2017) $");
script_tag(name:"creation_date", value:"2012-04-30 07:59:26 -0400 (Mon, 30 Apr 2012)");
script_name("FreeBSD Ports: firefox");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
script_family("FreeBSD Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/freebsdrel", "login/SSH/success");
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "summary" , value : tag_summary);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
#
# The script code starts here
#
include("pkg-lib-bsd.inc");
vuln = 0;
txt = "";
bver = portver(pkg:"firefox");
if(!isnull(bver) && revcomp(a:bver, b:"11.0,1")>0 && revcomp(a:bver, b:"12.0,1")<0) {
txt += "Package firefox version " + bver + " is installed which is known to be vulnerable.\n";
vuln = 1;
}
if(!isnull(bver) && revcomp(a:bver, b:"10.0.4,1")<0) {
txt += "Package firefox version " + bver + " is installed which is known to be vulnerable.\n";
vuln = 1;
}
bver = portver(pkg:"linux-firefox");
if(!isnull(bver) && revcomp(a:bver, b:"10.0.4,1")<0) {
txt += "Package linux-firefox version " + bver + " is installed which is known to be vulnerable.\n";
vuln = 1;
}
bver = portver(pkg:"linux-seamonkey");
if(!isnull(bver) && revcomp(a:bver, b:"2.9")<0) {
txt += "Package linux-seamonkey version " + bver + " is installed which is known to be vulnerable.\n";
vuln = 1;
}
bver = portver(pkg:"linux-thunderbird");
if(!isnull(bver) && revcomp(a:bver, b:"10.0.4")<0) {
txt += "Package linux-thunderbird version " + bver + " is installed which is known to be vulnerable.\n";
vuln = 1;
}
bver = portver(pkg:"seamonkey");
if(!isnull(bver) && revcomp(a:bver, b:"2.9")<0) {
txt += "Package seamonkey version " + bver + " is installed which is known to be vulnerable.\n";
vuln = 1;
}
bver = portver(pkg:"thunderbird");
if(!isnull(bver) && revcomp(a:bver, b:"11.0")>0 && revcomp(a:bver, b:"12.0")<0) {
txt += "Package thunderbird version " + bver + " is installed which is known to be vulnerable.\n";
vuln = 1;
}
if(!isnull(bver) && revcomp(a:bver, b:"10.0.4")<0) {
txt += "Package thunderbird version " + bver + " is installed which is known to be vulnerable.\n";
vuln = 1;
}
bver = portver(pkg:"libxul");
if(!isnull(bver) && revcomp(a:bver, b:"1.9.2")>0 && revcomp(a:bver, b:"10.0.4")<0) {
txt += "Package libxul version " + bver + " is installed which is known to be vulnerable.\n";
vuln = 1;
}
if(vuln) {
security_message(data:string(txt ));
} else if (__pkg_match) {
exit(99); # Not vulnerable.
}
{"id": "OPENVAS:71269", "type": "openvas", "bulletinFamily": "scanner", "title": "FreeBSD Ports: firefox", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "published": "2012-04-30T00:00:00", "modified": "2017-04-10T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=71269", "reporter": "Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com", "references": [], "cvelist": ["CVE-2012-0478", "CVE-2012-1140", "CVE-2012-1131", "CVE-2012-1136", "CVE-2012-0479", "CVE-2012-1138", "CVE-2012-1127", "CVE-2012-0470", "CVE-2012-1126", "CVE-2012-1141", "CVE-2012-1130", "CVE-2012-1135", "CVE-2012-1144", "CVE-2012-1133", "CVE-2012-0472", "CVE-2012-1134", "CVE-2012-0469", "CVE-2012-1139", "CVE-2012-0475", "CVE-2012-0474", "CVE-2012-1132", "CVE-2012-1142", "CVE-2011-1187", "CVE-2012-0468", "CVE-2012-1128", "CVE-2012-1129", "CVE-2011-3062", "CVE-2012-0477", "CVE-2012-0473", "CVE-2012-1143", "CVE-2012-0467", "CVE-2012-0471", "CVE-2012-1137"], "lastseen": "2017-07-02T21:10:45", "viewCount": 0, "enchantments": {"score": {"value": 7.4, "vector": "NONE", "modified": "2017-07-02T21:10:45", "rev": 2}, "dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:136141256231071283", "OPENVAS:840959", "OPENVAS:831659", "OPENVAS:1361412562310840991", "OPENVAS:1361412562310850176", "OPENVAS:1361412562310841000", "OPENVAS:1361412562310831659", "OPENVAS:136141256231071314", "OPENVAS:136141256231071269", "OPENVAS:865262"]}, {"type": "freebsd", "idList": ["380E8C56-8E32-11E1-9580-4061862B8C22", "462E2D6C-8017-11E1-A571-BCAEC565249C"]}, {"type": "nessus", "idList": ["SUSE_11_FREETYPE2-120328.NASL", "MACOSX_THUNDERBIRD_12_0.NASL", "MACOSX_FIREFOX_12_0.NASL", "MANDRIVA_MDVSA-2012-057.NASL", "UBUNTU_USN-1403-1.NASL", "GENTOO_GLSA-201204-04.NASL", "UBUNTU_USN-1430-2.NASL", "SOLARIS11_FREETYPE_20141107_2.NASL", "FREEBSD_PKG_462E2D6C801711E1A571BCAEC565249C.NASL", "FREEBSD_PKG_380E8C568E3211E195804061862B8C22.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12355"]}, {"type": "suse", "idList": ["SUSE-SU-2012:0484-1", "SUSE-SU-2012:0483-2", "OPENSUSE-SU-2012:0489-1", "SUSE-SU-2012:0521-1", "SUSE-SU-2012:0483-1"]}, {"type": "ubuntu", "idList": ["USN-1430-3", "USN-1403-1", "USN-1430-2", "USN-1430-1"]}, {"type": "gentoo", "idList": ["GLSA-201204-04"]}, {"type": "mozilla", "idList": ["MFSA2012-21"]}, {"type": "oraclelinux", "idList": ["ELSA-2012-0515", "ELSA-2012-0516", "ELSA-2012-0467"]}, {"type": "redhat", "idList": ["RHSA-2012:0515", "RHSA-2012:0516", "RHSA-2012:0467"]}, {"type": "centos", "idList": ["CESA-2012:0515", "CESA-2012:0516"]}], "modified": "2017-07-02T21:10:45", "rev": 2}, "vulnersScore": 7.4}, "pluginID": "71269", "sourceData": "#\n#VID 380e8c56-8e32-11e1-9580-4061862b8c22\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 380e8c56-8e32-11e1-9580-4061862b8c22\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n firefox\n linux-firefox\n linux-seamonkey\n linux-thunderbird\n seamonkey\n thunderbird\n libxul\n\nCVE-2011-1187\nGoogle Chrome before 10.0.648.127 allows remote attackers to bypass\nthe Same Origin Policy via unspecified vectors, related to an 'error\nmessage leak.'\nCVE-2011-3062\nOff-by-one error in the OpenType Sanitizer in Google Chrome before\n18.0.1025.142 allows remote attackers to cause a denial of service or\npossibly have unspecified other impact via a crafted OpenType file.\nCVE-2012-0467\nMultiple unspecified vulnerabilities in the browser engine in Mozilla\nFirefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird\n5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey\nbefore 2.9 allow remote attackers to cause a denial of service (memory\ncorruption and application crash) or possibly execute arbitrary code\nvia unknown vectors.\nCVE-2012-0468\nThe browser engine in Mozilla Firefox 4.x through 11.0, Thunderbird\n5.0 through 11.0, and SeaMonkey before 2.9 allows remote attackers to\ncause a denial of service (assertion failure and memory corruption) or\npossibly execute arbitrary code via vectors related to jsval.h and the\njs::array_shift function.\nCVE-2012-0469\nUse-after-free vulnerability in the\nmozilla::dom::indexedDB::IDBKeyRange::cycleCollection::Trace function\nin Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4,\nThunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and\nSeaMonkey before 2.9 allows remote attackers to execute arbitrary code\nvia vectors related to crafted IndexedDB data.\nCVE-2012-0470\nHeap-based buffer overflow in the\nnsSVGFEDiffuseLightingElement::LightPixel function in Mozilla Firefox\n4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0\nthrough 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before\n2.9 allows remote attackers to cause a denial of service (invalid\ngfxImageSurface free operation) or possibly execute arbitrary code by\nleveraging the use of 'different number systems.'\nCVE-2012-0471\nCross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x\nthrough 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through\n11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9\nallows remote attackers to inject arbitrary web script or HTML via a\nmultibyte character set.\nCVE-2012-0472\nThe cairo-dwrite implementation in Mozilla Firefox 4.x through 11.0,\nFirefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0,\nThunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9, when\ncertain Windows Vista and Windows 7 configurations are used, does not\nproperly restrict font-rendering attempts, which allows remote\nattackers to cause a denial of service (memory corruption) or possibly\nexecute arbitrary code via unspecified vectors.\nCVE-2012-0473\nThe WebGLBuffer::FindMaxUshortElement function in Mozilla Firefox 4.x\nthrough 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through\n11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9\ncalls the FindMaxElementInSubArray function with incorrect template\narguments, which allows remote attackers to obtain sensitive\ninformation from video memory via a crafted WebGL.drawElements call.\nCVE-2012-0474\nCross-site scripting (XSS) vulnerability in the docshell\nimplementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x\nbefore 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x\nbefore 10.0.4, and SeaMonkey before 2.9 allows remote attackers to\ninject arbitrary web script or HTML via vectors related to\nshort-circuited page loads, aka 'Universal XSS (UXSS).'\nCVE-2012-0475\nMozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and\nSeaMonkey before 2.9 do not properly construct the Origin and\nSec-WebSocket-Origin HTTP headers, which might allow remote attackers\nto bypass an IPv6 literal ACL via a cross-site (1) XMLHttpRequest or\n(2) WebSocket operation involving a nonstandard port number and an\nIPv6 address that contains certain zero fields.\nCVE-2012-0477\nMultiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox\n4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0\nthrough 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before\n2.9 allow remote attackers to inject arbitrary web script or HTML via\nthe (1) ISO-2022-KR or (2) ISO-2022-CN character set.\nCVE-2012-0478\nThe texImage2D implementation in the WebGL subsystem in Mozilla\nFirefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird\n5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey\nbefore 2.9 does not properly restrict JSVAL_TO_OBJECT casts, which\nmight allow remote attackers to execute arbitrary code via a crafted\nweb page.\nCVE-2012-0479\nMozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4,\nThunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and\nSeaMonkey before 2.9 allow remote attackers to spoof the address bar\nvia an https URL for invalid (1) RSS or (2) Atom XML content.\nCVE-2012-1126\nFreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4\nand other products, allows remote attackers to cause a denial of\nservice (invalid heap read operation and memory corruption) or\npossibly execute arbitrary code via crafted property data in a BDF\nfont.\nCVE-2012-1127\nFreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4\nand other products, allows remote attackers to cause a denial of\nservice (invalid heap read operation and memory corruption) or\npossibly execute arbitrary code via crafted glyph or bitmap data in a\nBDF font.\nCVE-2012-1128\nFreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4\nand other products, allows remote attackers to cause a denial of\nservice (NULL pointer dereference and memory corruption) or possibly\nexecute arbitrary code via a crafted TrueType font.\nCVE-2012-1129\nFreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4\nand other products, allows remote attackers to cause a denial of\nservice (invalid heap read operation and memory corruption) or\npossibly execute arbitrary code via a crafted SFNT string in a Type 42\nfont.\nCVE-2012-1130\nFreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4\nand other products, allows remote attackers to cause a denial of\nservice (invalid heap read operation and memory corruption) or\npossibly execute arbitrary code via crafted property data in a PCF\nfont.\nCVE-2012-1131\nFreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4\nand other products, on 64-bit platforms allows remote attackers to\ncause a denial of service (invalid heap read operation and memory\ncorruption) or possibly execute arbitrary code via vectors related to\nthe cell table of a font.\nCVE-2012-1132\nFreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4\nand other products, allows remote attackers to cause a denial of\nservice (invalid heap read operation and memory corruption) or\npossibly execute arbitrary code via crafted dictionary data in a Type\n1 font.\nCVE-2012-1133\nFreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4\nand other products, allows remote attackers to cause a denial of\nservice (invalid heap write operation and memory corruption) or\npossibly execute arbitrary code via crafted glyph or bitmap data in a\nBDF font.\nCVE-2012-1134\nFreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4\nand other products, allows remote attackers to cause a denial of\nservice (invalid heap write operation and memory corruption) or\npossibly execute arbitrary code via crafted private-dictionary data in\na Type 1 font.\nCVE-2012-1135\nFreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4\nand other products, allows remote attackers to cause a denial of\nservice (invalid heap read operation and memory corruption) or\npossibly execute arbitrary code via vectors involving the NPUSHB and\nNPUSHW instructions in a TrueType font.\nCVE-2012-1136\nFreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4\nand other products, allows remote attackers to cause a denial of\nservice (invalid heap write operation and memory corruption) or\npossibly execute arbitrary code via crafted glyph or bitmap data in a\nBDF font that lacks an ENCODING field.\nCVE-2012-1137\nFreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4\nand other products, allows remote attackers to cause a denial of\nservice (invalid heap read operation and memory corruption) or\npossibly execute arbitrary code via a crafted header in a BDF font.\nCVE-2012-1138\nFreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4\nand other products, allows remote attackers to cause a denial of\nservice (invalid heap read operation and memory corruption) or\npossibly execute arbitrary code via vectors involving the MIRP\ninstruction in a TrueType font.\nCVE-2012-1139\nArray index error in FreeType before 2.4.9, as used in Mozilla Firefox\nMobile before 10.0.4 and other products, allows remote attackers to\ncause a denial of service (invalid stack read operation and memory\ncorruption) or possibly execute arbitrary code via crafted glyph data\nin a BDF font.\nCVE-2012-1140\nFreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4\nand other products, allows remote attackers to cause a denial of\nservice (invalid heap read operation and memory corruption) or\npossibly execute arbitrary code via a crafted PostScript font object.\nCVE-2012-1141\nFreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4\nand other products, allows remote attackers to cause a denial of\nservice (invalid heap read operation and memory corruption) or\npossibly execute arbitrary code via a crafted ASCII string in a BDF\nfont.\nCVE-2012-1142\nFreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4\nand other products, allows remote attackers to cause a denial of\nservice (invalid heap write operation and memory corruption) or\npossibly execute arbitrary code via crafted glyph-outline data in a\nfont.\nCVE-2012-1143\nFreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4\nand other products, allows remote attackers to cause a denial of\nservice (divide-by-zero error) via a crafted font.\nCVE-2012-1144\nFreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4\nand other products, allows remote attackers to cause a denial of\nservice (invalid heap write operation and memory corruption) or\npossibly execute arbitrary code via a crafted TrueType font.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.mozilla.org/security/announce/2012/mfsa2012-20.html\nhttp://www.mozilla.org/security/announce/2012/mfsa2012-21.html\nhttp://www.mozilla.org/security/announce/2012/mfsa2012-22.html\nhttp://www.mozilla.org/security/announce/2012/mfsa2012-23.html\nhttp://www.mozilla.org/security/announce/2012/mfsa2012-24.html\nhttp://www.mozilla.org/security/announce/2012/mfsa2012-25.html\nhttp://www.mozilla.org/security/announce/2012/mfsa2012-26.html\nhttp://www.mozilla.org/security/announce/2012/mfsa2012-27.html\nhttp://www.mozilla.org/security/announce/2012/mfsa2012-28.html\nhttp://www.mozilla.org/security/announce/2012/mfsa2012-29.html\nhttp://www.mozilla.org/security/announce/2012/mfsa2012-30.html\nhttp://www.mozilla.org/security/announce/2012/mfsa2012-31.html\nhttp://www.mozilla.org/security/announce/2012/mfsa2012-32.html\nhttp://www.mozilla.org/security/announce/2012/mfsa2012-33.html\nhttp://www.vuxml.org/freebsd/380e8c56-8e32-11e1-9580-4061862b8c22.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(71269);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2011-1187\", \"CVE-2011-3062\", \"CVE-2012-0467\", \"CVE-2012-0468\", \"CVE-2012-0469\", \"CVE-2012-0470\", \"CVE-2012-0471\", \"CVE-2012-0472\", \"CVE-2012-0473\", \"CVE-2012-0474\", \"CVE-2012-0475\", \"CVE-2012-0477\", \"CVE-2012-0478\", \"CVE-2012-0479\", \"CVE-2012-1126\", \"CVE-2012-1127\", \"CVE-2012-1128\", \"CVE-2012-1129\", \"CVE-2012-1130\", \"CVE-2012-1131\", \"CVE-2012-1132\", \"CVE-2012-1133\", \"CVE-2012-1134\", \"CVE-2012-1135\", \"CVE-2012-1136\", \"CVE-2012-1137\", \"CVE-2012-1138\", \"CVE-2012-1139\", \"CVE-2012-1140\", \"CVE-2012-1141\", \"CVE-2012-1142\", \"CVE-2012-1143\", \"CVE-2012-1144\");\n script_version(\"$Revision: 5912 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-10 11:01:51 +0200 (Mon, 10 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 07:59:26 -0400 (Mon, 30 Apr 2012)\");\n script_name(\"FreeBSD Ports: firefox\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\nvuln = 0;\ntxt = \"\";\nbver = portver(pkg:\"firefox\");\nif(!isnull(bver) && revcomp(a:bver, b:\"11.0,1\")>0 && revcomp(a:bver, b:\"12.0,1\")<0) {\n txt += \"Package firefox version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"10.0.4,1\")<0) {\n txt += \"Package firefox version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = 1;\n}\nbver = portver(pkg:\"linux-firefox\");\nif(!isnull(bver) && revcomp(a:bver, b:\"10.0.4,1\")<0) {\n txt += \"Package linux-firefox version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = 1;\n}\nbver = portver(pkg:\"linux-seamonkey\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.9\")<0) {\n txt += \"Package linux-seamonkey version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = 1;\n}\nbver = portver(pkg:\"linux-thunderbird\");\nif(!isnull(bver) && revcomp(a:bver, b:\"10.0.4\")<0) {\n txt += \"Package linux-thunderbird version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = 1;\n}\nbver = portver(pkg:\"seamonkey\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.9\")<0) {\n txt += \"Package seamonkey version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = 1;\n}\nbver = portver(pkg:\"thunderbird\");\nif(!isnull(bver) && revcomp(a:bver, b:\"11.0\")>0 && revcomp(a:bver, b:\"12.0\")<0) {\n txt += \"Package thunderbird version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"10.0.4\")<0) {\n txt += \"Package thunderbird version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = 1;\n}\nbver = portver(pkg:\"libxul\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.9.2\")>0 && revcomp(a:bver, b:\"10.0.4\")<0) {\n txt += \"Package libxul version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt ));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "naslFamily": "FreeBSD Local Security Checks"}
{"openvas": [{"lastseen": "2019-05-29T18:39:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0478", "CVE-2012-1140", "CVE-2012-1131", "CVE-2012-1136", "CVE-2012-0479", "CVE-2012-1138", "CVE-2012-1127", "CVE-2012-0470", "CVE-2012-1126", "CVE-2012-1141", "CVE-2012-1130", "CVE-2012-1135", "CVE-2012-1144", "CVE-2012-1133", "CVE-2012-0472", "CVE-2012-1134", "CVE-2012-0469", "CVE-2012-1139", "CVE-2012-0475", "CVE-2012-0474", "CVE-2012-1132", "CVE-2012-1142", "CVE-2011-1187", "CVE-2012-0468", "CVE-2012-1128", "CVE-2012-1129", "CVE-2011-3062", "CVE-2012-0477", "CVE-2012-0473", "CVE-2012-1143", "CVE-2012-0467", "CVE-2012-0471", "CVE-2012-1137"], "description": "The remote host is missing an update to the system\n as announced in the referenced advisory.", "modified": "2019-03-14T00:00:00", "published": "2012-04-30T00:00:00", "id": "OPENVAS:136141256231071269", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071269", "type": "openvas", "title": "FreeBSD Ports: firefox", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: freebsd_firefox65.nasl 14170 2019-03-14 09:24:12Z cfischer $\n#\n# Auto generated from VID 380e8c56-8e32-11e1-9580-4061862b8c22\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71269\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2011-1187\", \"CVE-2011-3062\", \"CVE-2012-0467\", \"CVE-2012-0468\", \"CVE-2012-0469\", \"CVE-2012-0470\", \"CVE-2012-0471\", \"CVE-2012-0472\", \"CVE-2012-0473\", \"CVE-2012-0474\", \"CVE-2012-0475\", \"CVE-2012-0477\", \"CVE-2012-0478\", \"CVE-2012-0479\", \"CVE-2012-1126\", \"CVE-2012-1127\", \"CVE-2012-1128\", \"CVE-2012-1129\", \"CVE-2012-1130\", \"CVE-2012-1131\", \"CVE-2012-1132\", \"CVE-2012-1133\", \"CVE-2012-1134\", \"CVE-2012-1135\", \"CVE-2012-1136\", \"CVE-2012-1137\", \"CVE-2012-1138\", \"CVE-2012-1139\", \"CVE-2012-1140\", \"CVE-2012-1141\", \"CVE-2012-1142\", \"CVE-2012-1143\", \"CVE-2012-1144\");\n script_version(\"$Revision: 14170 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 10:24:12 +0100 (Thu, 14 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 07:59:26 -0400 (Mon, 30 Apr 2012)\");\n script_name(\"FreeBSD Ports: firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsd\", \"ssh/login/freebsdrel\");\n\n script_tag(name:\"insight\", value:\"The following packages are affected:\n\n firefox\n linux-firefox\n linux-seamonkey\n linux-thunderbird\n seamonkey\n thunderbird\n libxul\n\nCVE-2011-1187\nGoogle Chrome before 10.0.648.127 allows remote attackers to bypass\nthe Same Origin Policy via unspecified vectors, related to an 'error\nmessage leak.'\nCVE-2011-3062\nOff-by-one error in the OpenType Sanitizer in Google Chrome before\n18.0.1025.142 allows remote attackers to cause a denial of service or\npossibly have unspecified other impact via a crafted OpenType file.\nCVE-2012-0467\nMultiple unspecified vulnerabilities in the browser engine in Mozilla\nFirefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird\n5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey\nbefore 2.9 allow remote attackers to cause a denial of service (memory\ncorruption and application crash) or possibly execute arbitrary code\nvia unknown vectors.\nCVE-2012-0468\nThe browser engine in Mozilla Firefox 4.x through 11.0, Thunderbird\n5.0 through 11.0, and SeaMonkey before 2.9 allows remote attackers to\ncause a denial of service (assertion failure and memory corruption) or\npossibly execute arbitrary code via vectors related to jsval.h and the\njs::array_shift function.\nCVE-2012-0469\nUse-after-free vulnerability in the\nmozilla::dom::indexedDB::IDBKeyRange::cycleCollection::Trace function\nin Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4,\nThunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and\nSeaMonkey before 2.9 allows remote attackers to execute arbitrary code\nvia vectors related to crafted IndexedDB data.\n\nText truncated. Please see the references for more information.\");\n\n script_tag(name:\"solution\", value:\"Update your system with the appropriate patches or\n software upgrades.\");\n\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-20.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-21.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-22.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-23.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-24.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-25.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-26.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-27.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-28.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-29.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-30.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-31.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-32.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-33.html\");\n script_xref(name:\"URL\", value:\"http://www.vuxml.org/freebsd/380e8c56-8e32-11e1-9580-4061862b8c22.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update to the system\n as announced in the referenced advisory.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-bsd.inc\");\n\nvuln = FALSE;\ntxt = \"\";\n\nbver = portver(pkg:\"firefox\");\nif(!isnull(bver) && revcomp(a:bver, b:\"11.0,1\")>0 && revcomp(a:bver, b:\"12.0,1\")<0) {\n txt += \"Package firefox version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = TRUE;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"10.0.4,1\")<0) {\n txt += \"Package firefox version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = TRUE;\n}\nbver = portver(pkg:\"linux-firefox\");\nif(!isnull(bver) && revcomp(a:bver, b:\"10.0.4,1\")<0) {\n txt += \"Package linux-firefox version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = TRUE;\n}\nbver = portver(pkg:\"linux-seamonkey\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.9\")<0) {\n txt += \"Package linux-seamonkey version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = TRUE;\n}\nbver = portver(pkg:\"linux-thunderbird\");\nif(!isnull(bver) && revcomp(a:bver, b:\"10.0.4\")<0) {\n txt += \"Package linux-thunderbird version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = TRUE;\n}\nbver = portver(pkg:\"seamonkey\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.9\")<0) {\n txt += \"Package seamonkey version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = TRUE;\n}\nbver = portver(pkg:\"thunderbird\");\nif(!isnull(bver) && revcomp(a:bver, b:\"11.0\")>0 && revcomp(a:bver, b:\"12.0\")<0) {\n txt += \"Package thunderbird version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = TRUE;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"10.0.4\")<0) {\n txt += \"Package thunderbird version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = TRUE;\n}\nbver = portver(pkg:\"libxul\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.9.2\")>0 && revcomp(a:bver, b:\"10.0.4\")<0) {\n txt += \"Package libxul version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = TRUE;\n}\n\nif(vuln) {\n security_message(data:txt);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1140", "CVE-2012-1131", "CVE-2012-1136", "CVE-2012-1138", "CVE-2012-1127", "CVE-2012-1126", "CVE-2012-1141", "CVE-2012-1130", "CVE-2012-1135", "CVE-2012-1144", "CVE-2012-1133", "CVE-2012-1134", "CVE-2012-1139", "CVE-2012-1132", "CVE-2012-1142", "CVE-2012-1128", "CVE-2012-1129", "CVE-2012-1143", "CVE-2012-1137"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1403-1", "modified": "2019-03-13T00:00:00", "published": "2012-03-26T00:00:00", "id": "OPENVAS:1361412562310840959", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840959", "type": "openvas", "title": "Ubuntu Update for freetype USN-1403-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1403_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for freetype USN-1403-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1403-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840959\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-26 14:17:20 +0530 (Mon, 26 Mar 2012)\");\n script_cve_id(\"CVE-2012-1126\", \"CVE-2012-1127\", \"CVE-2012-1128\", \"CVE-2012-1129\", \"CVE-2012-1130\", \"CVE-2012-1131\", \"CVE-2012-1132\", \"CVE-2012-1133\", \"CVE-2012-1134\", \"CVE-2012-1135\", \"CVE-2012-1136\", \"CVE-2012-1137\", \"CVE-2012-1138\", \"CVE-2012-1139\", \"CVE-2012-1140\", \"CVE-2012-1141\", \"CVE-2012-1142\", \"CVE-2012-1143\", \"CVE-2012-1144\");\n script_xref(name:\"USN\", value:\"1403-1\");\n script_name(\"Ubuntu Update for freetype USN-1403-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.10|10\\.04 LTS|11\\.10|11\\.04|8\\.04 LTS)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1403-1\");\n script_tag(name:\"affected\", value:\"freetype on Ubuntu 11.10,\n Ubuntu 11.04,\n Ubuntu 10.10,\n Ubuntu 10.04 LTS,\n Ubuntu 8.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Mateusz Jurczyk discovered that FreeType did not correctly handle certain\n malformed BDF font files. If a user were tricked into using a specially crafted\n font file, a remote attacker could cause FreeType to crash. (CVE-2012-1126)\n\n Mateusz Jurczyk discovered that FreeType did not correctly handle certain\n malformed BDF font files. If a user were tricked into using a specially crafted\n font file, a remote attacker could cause FreeType to crash. (CVE-2012-1127)\n\n Mateusz Jurczyk discovered that FreeType did not correctly handle certain\n malformed TrueType font files. If a user were tricked into using a specially\n crafted font file, a remote attacker could cause FreeType to crash.\n (CVE-2012-1128)\n\n Mateusz Jurczyk discovered that FreeType did not correctly handle certain\n malformed Type42 font files. If a user were tricked into using a specially\n crafted font file, a remote attacker could cause FreeType to crash.\n (CVE-2012-1129)\n\n Mateusz Jurczyk discovered that FreeType did not correctly handle certain\n malformed PCF font files. If a user were tricked into using a specially crafted\n font file, a remote attacker could cause FreeType to crash. (CVE-2012-1130)\n\n Mateusz Jurczyk discovered that FreeType did not correctly handle certain\n malformed TrueType font files. If a user were tricked into using a specially\n crafted font file, a remote attacker could cause FreeType to crash.\n (CVE-2012-1131)\n\n Mateusz Jurczyk discovered that FreeType did not correctly handle certain\n malformed Type1 font files. If a user were tricked into using a specially\n crafted font file, a remote attacker could cause FreeType to crash.\n (CVE-2012-1132)\n\n Mateusz Jurczyk discovered that FreeType did not correctly handle certain\n malformed BDF font files. If a user were tricked into using a specially crafted\n font file, a remote attacker could cause FreeType to crash or possibly execute\n arbitrary code with user privileges. (CVE-2012-1133)\n\n Mateusz Jurczyk discovered that FreeType did not correctly handle certain\n malformed Type1 font files. If a user were tricked into using a specially\n crafted font file, a remote attacker could cause FreeType to crash or possibly\n execute arbitrary code with user privileges. (CVE-2012-1134)\n\n Mateusz Jurczyk discovered that FreeType did not correctly handle certain\n malformed TrueType font files. If a user were tricked into using a specially\n crafted font file, a remote attacker could cause FreeType to crash.\n (CVE-2012-1135)\n\n Mateusz Jurczyk discovere ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.4.2-2ubuntu0.4\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.3.11-1ubuntu2.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.4.4-2ubuntu1.2\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.4.4-1ubuntu2.3\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.3.5-1ubuntu4.8.04.9\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:41:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1140", "CVE-2012-1131", "CVE-2012-1136", "CVE-2012-1138", "CVE-2012-1127", "CVE-2012-1126", "CVE-2012-1141", "CVE-2012-1130", "CVE-2012-1135", "CVE-2012-1144", "CVE-2012-1133", "CVE-2012-1134", "CVE-2012-1139", "CVE-2012-1132", "CVE-2012-1142", "CVE-2012-1128", "CVE-2012-1129", "CVE-2012-1143", "CVE-2012-1137"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2012-12-13T00:00:00", "id": "OPENVAS:1361412562310850176", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850176", "type": "openvas", "title": "openSUSE: Security Advisory for freetype2 (openSUSE-SU-2012:0489-1)", "sourceData": "# Copyright (C) 2012 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850176\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-12-13 17:01:30 +0530 (Thu, 13 Dec 2012)\");\n script_cve_id(\"CVE-2012-1126\", \"CVE-2012-1127\", \"CVE-2012-1128\", \"CVE-2012-1129\",\n \"CVE-2012-1130\", \"CVE-2012-1131\", \"CVE-2012-1132\", \"CVE-2012-1133\",\n \"CVE-2012-1134\", \"CVE-2012-1135\", \"CVE-2012-1136\", \"CVE-2012-1137\",\n \"CVE-2012-1138\", \"CVE-2012-1139\", \"CVE-2012-1140\", \"CVE-2012-1141\",\n \"CVE-2012-1142\", \"CVE-2012-1143\", \"CVE-2012-1144\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"openSUSE-SU\", value:\"2012:0489-1\");\n script_name(\"openSUSE: Security Advisory for freetype2 (openSUSE-SU-2012:0489-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'freetype2'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(openSUSE11\\.4|openSUSE12\\.1)\");\n\n script_tag(name:\"affected\", value:\"freetype2 on openSUSE 12.1, openSUSE 11.4\");\n\n script_tag(name:\"insight\", value:\"Specially crafted font files could cause buffer overflows\n in freetype\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE11.4\") {\n if(!isnull(res = isrpmvuln(pkg:\"freetype2-debugsource\", rpm:\"freetype2-debugsource~2.4.4~7.24.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"freetype2-devel\", rpm:\"freetype2-devel~2.4.4~7.24.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreetype6\", rpm:\"libfreetype6~2.4.4~7.24.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreetype6-debuginfo\", rpm:\"libfreetype6-debuginfo~2.4.4~7.24.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"freetype2-devel-32bit\", rpm:\"freetype2-devel-32bit~2.4.4~7.24.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreetype6-32bit\", rpm:\"libfreetype6-32bit~2.4.4~7.24.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreetype6-debuginfo-32bit\", rpm:\"libfreetype6-debuginfo-32bit~2.4.4~7.24.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreetype6-debuginfo-x86\", rpm:\"libfreetype6-debuginfo-x86~2.4.4~7.24.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreetype6-x86\", rpm:\"libfreetype6-x86~2.4.4~7.24.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"openSUSE12.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"freetype2-debugsource\", rpm:\"freetype2-debugsource~2.4.7~6.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"freetype2-devel\", rpm:\"freetype2-devel~2.4.7~6.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreetype6\", rpm:\"libfreetype6~2.4.7~6.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreetype6-debuginfo\", rpm:\"libfreetype6-debuginfo~2.4.7~6.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"freetype2-devel-32bit\", rpm:\"freetype2-devel-32bit~2.4.7~6.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreetype6-32bit\", rpm:\"libfreetype6-32bit~2.4.7~6.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreetype6-debuginfo-32bit\", rpm:\"libfreetype6-debuginfo-32bit~2.4.7~6.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreetype6-debuginfo-x86\", rpm:\"libfreetype6-debuginfo-x86~2.4.7~6.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreetype6-x86\", rpm:\"libfreetype6-x86~2.4.7~6.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-03T10:58:40", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1140", "CVE-2012-1131", "CVE-2012-1136", "CVE-2012-1138", "CVE-2012-1127", "CVE-2012-1126", "CVE-2012-1141", "CVE-2012-1130", "CVE-2012-1135", "CVE-2012-1144", "CVE-2012-1133", "CVE-2012-1134", "CVE-2012-1139", "CVE-2012-1132", "CVE-2012-1142", "CVE-2012-1128", "CVE-2012-1129", "CVE-2012-1143", "CVE-2012-1137"], "description": "Check for the Version of freetype2", "modified": "2018-01-03T00:00:00", "published": "2012-12-13T00:00:00", "id": "OPENVAS:850176", "href": "http://plugins.openvas.org/nasl.php?oid=850176", "type": "openvas", "title": "SuSE Update for freetype2 openSUSE-SU-2012:0489-1 (freetype2)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2012_0489_1.nasl 8273 2018-01-03 06:29:19Z teissa $\n#\n# SuSE Update for freetype2 openSUSE-SU-2012:0489-1 (freetype2)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"freetype2 on openSUSE 12.1, openSUSE 11.4\";\ntag_insight = \"Specially crafted font files could cause buffer overflows\n in freetype\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_id(850176);\n script_version(\"$Revision: 8273 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-03 07:29:19 +0100 (Wed, 03 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-12-13 17:01:30 +0530 (Thu, 13 Dec 2012)\");\n script_cve_id(\"CVE-2012-1126\", \"CVE-2012-1127\", \"CVE-2012-1128\", \"CVE-2012-1129\",\n \"CVE-2012-1130\", \"CVE-2012-1131\", \"CVE-2012-1132\", \"CVE-2012-1133\",\n \"CVE-2012-1134\", \"CVE-2012-1135\", \"CVE-2012-1136\", \"CVE-2012-1137\",\n \"CVE-2012-1138\", \"CVE-2012-1139\", \"CVE-2012-1140\", \"CVE-2012-1141\",\n \"CVE-2012-1142\", \"CVE-2012-1143\", \"CVE-2012-1144\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"openSUSE-SU\", value: \"2012:0489_1\");\n script_name(\"SuSE Update for freetype2 openSUSE-SU-2012:0489-1 (freetype2)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of freetype2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE11.4\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype2-debugsource\", rpm:\"freetype2-debugsource~2.4.4~7.24.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype2-devel\", rpm:\"freetype2-devel~2.4.4~7.24.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6\", rpm:\"libfreetype6~2.4.4~7.24.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-debuginfo\", rpm:\"libfreetype6-debuginfo~2.4.4~7.24.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype2-devel-32bit\", rpm:\"freetype2-devel-32bit~2.4.4~7.24.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-32bit\", rpm:\"libfreetype6-32bit~2.4.4~7.24.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-debuginfo-32bit\", rpm:\"libfreetype6-debuginfo-32bit~2.4.4~7.24.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-debuginfo-x86\", rpm:\"libfreetype6-debuginfo-x86~2.4.4~7.24.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-x86\", rpm:\"libfreetype6-x86~2.4.4~7.24.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"openSUSE12.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype2-debugsource\", rpm:\"freetype2-debugsource~2.4.7~6.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype2-devel\", rpm:\"freetype2-devel~2.4.7~6.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6\", rpm:\"libfreetype6~2.4.7~6.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-debuginfo\", rpm:\"libfreetype6-debuginfo~2.4.7~6.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype2-devel-32bit\", rpm:\"freetype2-devel-32bit~2.4.7~6.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-32bit\", rpm:\"libfreetype6-32bit~2.4.7~6.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-debuginfo-32bit\", rpm:\"libfreetype6-debuginfo-32bit~2.4.7~6.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-debuginfo-x86\", rpm:\"libfreetype6-debuginfo-x86~2.4.7~6.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-x86\", rpm:\"libfreetype6-x86~2.4.7~6.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:10:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1140", "CVE-2012-1131", "CVE-2012-1136", "CVE-2012-1138", "CVE-2012-1127", "CVE-2012-1126", "CVE-2012-1141", "CVE-2012-1130", "CVE-2012-1135", "CVE-2012-1144", "CVE-2012-1133", "CVE-2012-1134", "CVE-2012-1139", "CVE-2012-1132", "CVE-2012-1142", "CVE-2012-1128", "CVE-2012-1129", "CVE-2012-1143", "CVE-2012-1137"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2017-04-10T00:00:00", "published": "2012-04-30T00:00:00", "id": "OPENVAS:71283", "href": "http://plugins.openvas.org/nasl.php?oid=71283", "type": "openvas", "title": "FreeBSD Ports: freetype2", "sourceData": "#\n#VID 462e2d6c-8017-11e1-a571-bcaec565249c\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 462e2d6c-8017-11e1-a571-bcaec565249c\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: freetype2\n\nCVE-2012-1126\nFreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4\nand other products, allows remote attackers to cause a denial of\nservice (invalid heap read operation and memory corruption) or\npossibly execute arbitrary code via crafted property data in a BDF\nfont.\nCVE-2012-1127\nFreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4\nand other products, allows remote attackers to cause a denial of\nservice (invalid heap read operation and memory corruption) or\npossibly execute arbitrary code via crafted glyph or bitmap data in a\nBDF font.\nCVE-2012-1128\nFreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4\nand other products, allows remote attackers to cause a denial of\nservice (NULL pointer dereference and memory corruption) or possibly\nexecute arbitrary code via a crafted TrueType font.\nCVE-2012-1129\nFreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4\nand other products, allows remote attackers to cause a denial of\nservice (invalid heap read operation and memory corruption) or\npossibly execute arbitrary code via a crafted SFNT string in a Type 42\nfont.\nCVE-2012-1130\nFreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4\nand other products, allows remote attackers to cause a denial of\nservice (invalid heap read operation and memory corruption) or\npossibly execute arbitrary code via crafted property data in a PCF\nfont.\nCVE-2012-1131\nFreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4\nand other products, on 64-bit platforms allows remote attackers to\ncause a denial of service (invalid heap read operation and memory\ncorruption) or possibly execute arbitrary code via vectors related to\nthe cell table of a font.\nCVE-2012-1132\nFreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4\nand other products, allows remote attackers to cause a denial of\nservice (invalid heap read operation and memory corruption) or\npossibly execute arbitrary code via crafted dictionary data in a Type\n1 font.\nCVE-2012-1133\nFreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4\nand other products, allows remote attackers to cause a denial of\nservice (invalid heap write operation and memory corruption) or\npossibly execute arbitrary code via crafted glyph or bitmap data in a\nBDF font.\nCVE-2012-1134\nFreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4\nand other products, allows remote attackers to cause a denial of\nservice (invalid heap write operation and memory corruption) or\npossibly execute arbitrary code via crafted private-dictionary data in\na Type 1 font.\nCVE-2012-1135\nFreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4\nand other products, allows remote attackers to cause a denial of\nservice (invalid heap read operation and memory corruption) or\npossibly execute arbitrary code via vectors involving the NPUSHB and\nNPUSHW instructions in a TrueType font.\nCVE-2012-1136\nFreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4\nand other products, allows remote attackers to cause a denial of\nservice (invalid heap write operation and memory corruption) or\npossibly execute arbitrary code via crafted glyph or bitmap data in a\nBDF font that lacks an ENCODING field.\nCVE-2012-1137\nFreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4\nand other products, allows remote attackers to cause a denial of\nservice (invalid heap read operation and memory corruption) or\npossibly execute arbitrary code via a crafted header in a BDF font.\nCVE-2012-1138\nFreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4\nand other products, allows remote attackers to cause a denial of\nservice (invalid heap read operation and memory corruption) or\npossibly execute arbitrary code via vectors involving the MIRP\ninstruction in a TrueType font.\nCVE-2012-1139\nArray index error in FreeType before 2.4.9, as used in Mozilla Firefox\nMobile before 10.0.4 and other products, allows remote attackers to\ncause a denial of service (invalid stack read operation and memory\ncorruption) or possibly execute arbitrary code via crafted glyph data\nin a BDF font.\nCVE-2012-1140\nFreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4\nand other products, allows remote attackers to cause a denial of\nservice (invalid heap read operation and memory corruption) or\npossibly execute arbitrary code via a crafted PostScript font object.\nCVE-2012-1141\nFreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4\nand other products, allows remote attackers to cause a denial of\nservice (invalid heap read operation and memory corruption) or\npossibly execute arbitrary code via a crafted ASCII string in a BDF\nfont.\nCVE-2012-1142\nFreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4\nand other products, allows remote attackers to cause a denial of\nservice (invalid heap write operation and memory corruption) or\npossibly execute arbitrary code via crafted glyph-outline data in a\nfont.\nCVE-2012-1143\nFreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4\nand other products, allows remote attackers to cause a denial of\nservice (divide-by-zero error) via a crafted font.\nCVE-2012-1144\nFreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4\nand other products, allows remote attackers to cause a denial of\nservice (invalid heap write operation and memory corruption) or\npossibly execute arbitrary code via a crafted TrueType font.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttps://sourceforge.net/projects/freetype/files/freetype2/2.4.9/README/view\nhttps://bugzilla.redhat.com/show_bug.cgi?id=806270\nhttp://www.vuxml.org/freebsd/462e2d6c-8017-11e1-a571-bcaec565249c.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(71283);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2012-1126\", \"CVE-2012-1127\", \"CVE-2012-1128\", \"CVE-2012-1129\", \"CVE-2012-1130\", \"CVE-2012-1131\", \"CVE-2012-1132\", \"CVE-2012-1133\", \"CVE-2012-1134\", \"CVE-2012-1135\", \"CVE-2012-1136\", \"CVE-2012-1137\", \"CVE-2012-1138\", \"CVE-2012-1139\", \"CVE-2012-1140\", \"CVE-2012-1141\", \"CVE-2012-1142\", \"CVE-2012-1143\", \"CVE-2012-1144\");\n script_version(\"$Revision: 5912 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-10 11:01:51 +0200 (Mon, 10 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 07:59:26 -0400 (Mon, 30 Apr 2012)\");\n script_name(\"FreeBSD Ports: freetype2\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\nvuln = 0;\ntxt = \"\";\nbver = portver(pkg:\"freetype2\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.4.9\")<0) {\n txt += \"Package freetype2 version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt ));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1140", "CVE-2012-1131", "CVE-2012-1136", "CVE-2012-1138", "CVE-2012-1127", "CVE-2012-1126", "CVE-2012-1141", "CVE-2012-1130", "CVE-2012-1135", "CVE-2012-1144", "CVE-2012-1133", "CVE-2012-1134", "CVE-2012-1139", "CVE-2012-1132", "CVE-2012-1142", "CVE-2012-1128", "CVE-2012-1129", "CVE-2012-1143", "CVE-2012-1137"], "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2012-08-03T00:00:00", "id": "OPENVAS:1361412562310831659", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831659", "type": "openvas", "title": "Mandriva Update for freetype2 MDVSA-2012:057 (freetype2)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for freetype2 MDVSA-2012:057 (freetype2)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:057\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831659\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-03 09:59:00 +0530 (Fri, 03 Aug 2012)\");\n script_cve_id(\"CVE-2012-1126\", \"CVE-2012-1127\", \"CVE-2012-1128\", \"CVE-2012-1129\",\n \"CVE-2012-1130\", \"CVE-2012-1131\", \"CVE-2012-1132\", \"CVE-2012-1133\",\n \"CVE-2012-1134\", \"CVE-2012-1135\", \"CVE-2012-1136\", \"CVE-2012-1137\",\n \"CVE-2012-1138\", \"CVE-2012-1139\", \"CVE-2012-1140\", \"CVE-2012-1141\",\n \"CVE-2012-1142\", \"CVE-2012-1143\", \"CVE-2012-1144\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"MDVSA\", value:\"2012:057\");\n script_name(\"Mandriva Update for freetype2 MDVSA-2012:057 (freetype2)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'freetype2'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_(2011\\.0|mes5\\.2|2010\\.1)\");\n script_tag(name:\"affected\", value:\"freetype2 on Mandriva Linux 2011.0,\n Mandriva Enterprise Server 5.2,\n Mandriva Linux 2010.1\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Multiple flaws were found in FreeType. Specially crafted files\n could cause application crashes or potentially execute arbitrary\n code (CVE-2012-1126, CVE-2012-1127, CVE-2012-1128, CVE-2012-1129,\n CVE-2012-1130, CVE-2012-1131, CVE-2012-1132, CVE-2012-1133,\n CVE-2012-1134, CVE-2012-1135, CVE-2012-1136, CVE-2012-1137,\n CVE-2012-1138, CVE-2012-1139, CVE-2012-1140, CVE-2012-1141,\n CVE-2012-1142, CVE-2012-1143, CVE-2012-1144).\n\n The updated packages have been patched to correct this issue.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype2-demos\", rpm:\"freetype2-demos~2.4.5~2.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6\", rpm:\"libfreetype6~2.4.5~2.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-devel\", rpm:\"libfreetype6-devel~2.4.5~2.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-static-devel\", rpm:\"libfreetype6-static-devel~2.4.5~2.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6\", rpm:\"lib64freetype6~2.4.5~2.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6-devel\", rpm:\"lib64freetype6-devel~2.4.5~2.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6-static-devel\", rpm:\"lib64freetype6-static-devel~2.4.5~2.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_mes5.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype2-demos\", rpm:\"freetype2-demos~2.3.7~1.10mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6\", rpm:\"libfreetype6~2.3.7~1.10mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-devel\", rpm:\"libfreetype6-devel~2.3.7~1.10mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-static-devel\", rpm:\"libfreetype6-static-devel~2.3.7~1.10mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6\", rpm:\"lib64freetype6~2.3.7~1.10mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6-devel\", rpm:\"lib64freetype6-devel~2.3.7~1.10mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6-static-devel\", rpm:\"lib64freetype6-static-devel~2.3.7~1.10mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype2-demos\", rpm:\"freetype2-demos~2.3.12~1.9mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6\", rpm:\"libfreetype6~2.3.12~1.9mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-devel\", rpm:\"libfreetype6-devel~2.3.12~1.9mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-static-devel\", rpm:\"libfreetype6-static-devel~2.3.12~1.9mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6\", rpm:\"lib64freetype6~2.3.12~1.9mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6-devel\", rpm:\"lib64freetype6-devel~2.3.12~1.9mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6-static-devel\", rpm:\"lib64freetype6-static-devel~2.3.12~1.9mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:50:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1140", "CVE-2012-1131", "CVE-2012-1136", "CVE-2012-1138", "CVE-2012-1127", "CVE-2012-1126", "CVE-2012-1141", "CVE-2012-1130", "CVE-2012-1135", "CVE-2012-1144", "CVE-2012-1133", "CVE-2012-1134", "CVE-2012-1139", "CVE-2012-1132", "CVE-2012-1142", "CVE-2012-1128", "CVE-2012-1129", "CVE-2012-1143", "CVE-2012-1137"], "description": "The remote host is missing updates announced in\nadvisory GLSA 201204-04.", "modified": "2017-07-07T00:00:00", "published": "2012-04-30T00:00:00", "id": "OPENVAS:71314", "href": "http://plugins.openvas.org/nasl.php?oid=71314", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201204-04 (FreeType)", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities have been found in FreeType, allowing\n remote attackers to possibly execute arbitrary code or cause Denial of\n Service.\";\ntag_solution = \"All FreeType users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/freetype-2.4.9'\n \n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20201204-04\nhttp://bugs.gentoo.org/show_bug.cgi?id=407257\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 201204-04.\";\n\n \n \nif(description)\n{\n script_id(71314);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2012-1126\", \"CVE-2012-1127\", \"CVE-2012-1128\", \"CVE-2012-1129\", \"CVE-2012-1130\", \"CVE-2012-1131\", \"CVE-2012-1132\", \"CVE-2012-1133\", \"CVE-2012-1134\", \"CVE-2012-1135\", \"CVE-2012-1136\", \"CVE-2012-1137\", \"CVE-2012-1138\", \"CVE-2012-1139\", \"CVE-2012-1140\", \"CVE-2012-1141\", \"CVE-2012-1142\", \"CVE-2012-1143\", \"CVE-2012-1144\");\n script_version(\"$Revision: 6589 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 10:27:50 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 07:59:57 -0400 (Mon, 30 Apr 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201204-04 (FreeType)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"media-libs/freetype\", unaffected: make_list(\"ge 2.4.9\"), vulnerable: make_list(\"lt 2.4.9\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:20:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1140", "CVE-2012-1131", "CVE-2012-1136", "CVE-2012-1138", "CVE-2012-1127", "CVE-2012-1126", "CVE-2012-1141", "CVE-2012-1130", "CVE-2012-1135", "CVE-2012-1144", "CVE-2012-1133", "CVE-2012-1134", "CVE-2012-1139", "CVE-2012-1132", "CVE-2012-1142", "CVE-2012-1128", "CVE-2012-1129", "CVE-2012-1143", "CVE-2012-1137"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1403-1", "modified": "2017-12-01T00:00:00", "published": "2012-03-26T00:00:00", "id": "OPENVAS:840959", "href": "http://plugins.openvas.org/nasl.php?oid=840959", "type": "openvas", "title": "Ubuntu Update for freetype USN-1403-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1403_1.nasl 7960 2017-12-01 06:58:16Z santu $\n#\n# Ubuntu Update for freetype USN-1403-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mateusz Jurczyk discovered that FreeType did not correctly handle certain\n malformed BDF font files. If a user were tricked into using a specially crafted\n font file, a remote attacker could cause FreeType to crash. (CVE-2012-1126)\n\n Mateusz Jurczyk discovered that FreeType did not correctly handle certain\n malformed BDF font files. If a user were tricked into using a specially crafted\n font file, a remote attacker could cause FreeType to crash. (CVE-2012-1127)\n \n Mateusz Jurczyk discovered that FreeType did not correctly handle certain\n malformed TrueType font files. If a user were tricked into using a specially\n crafted font file, a remote attacker could cause FreeType to crash.\n (CVE-2012-1128)\n \n Mateusz Jurczyk discovered that FreeType did not correctly handle certain\n malformed Type42 font files. If a user were tricked into using a specially\n crafted font file, a remote attacker could cause FreeType to crash.\n (CVE-2012-1129)\n \n Mateusz Jurczyk discovered that FreeType did not correctly handle certain\n malformed PCF font files. If a user were tricked into using a specially crafted\n font file, a remote attacker could cause FreeType to crash. (CVE-2012-1130)\n \n Mateusz Jurczyk discovered that FreeType did not correctly handle certain\n malformed TrueType font files. If a user were tricked into using a specially\n crafted font file, a remote attacker could cause FreeType to crash.\n (CVE-2012-1131)\n \n Mateusz Jurczyk discovered that FreeType did not correctly handle certain\n malformed Type1 font files. If a user were tricked into using a specially\n crafted font file, a remote attacker could cause FreeType to crash.\n (CVE-2012-1132)\n \n Mateusz Jurczyk discovered that FreeType did not correctly handle certain\n malformed BDF font files. If a user were tricked into using a specially crafted\n font file, a remote attacker could cause FreeType to crash or possibly execute\n arbitrary code with user privileges. (CVE-2012-1133)\n \n Mateusz Jurczyk discovered that FreeType did not correctly handle certain\n malformed Type1 font files. If a user were tricked into using a specially\n crafted font file, a remote attacker could cause FreeType to crash or possibly\n execute arbitrary code with user privileges. (CVE-2012-1134)\n \n Mateusz Jurczyk discovered that FreeType did not correctly handle certain\n malformed TrueType font files. If a user were tricked into using a specially\n crafted font file, a remote attacker could cause FreeType to crash.\n (CVE-2012-1135)\n \n Mateusz Jurczyk discovere ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1403-1\";\ntag_affected = \"freetype on Ubuntu 11.10 ,\n Ubuntu 11.04 ,\n Ubuntu 10.10 ,\n Ubuntu 10.04 LTS ,\n Ubuntu 8.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1403-1/\");\n script_id(840959);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 7960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-26 14:17:20 +0530 (Mon, 26 Mar 2012)\");\n script_cve_id(\"CVE-2012-1126\", \"CVE-2012-1127\", \"CVE-2012-1128\", \"CVE-2012-1129\", \"CVE-2012-1130\", \"CVE-2012-1131\", \"CVE-2012-1132\", \"CVE-2012-1133\", \"CVE-2012-1134\", \"CVE-2012-1135\", \"CVE-2012-1136\", \"CVE-2012-1137\", \"CVE-2012-1138\", \"CVE-2012-1139\", \"CVE-2012-1140\", \"CVE-2012-1141\", \"CVE-2012-1142\", \"CVE-2012-1143\", \"CVE-2012-1144\");\n script_xref(name: \"USN\", value: \"1403-1\");\n script_name(\"Ubuntu Update for freetype USN-1403-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.4.2-2ubuntu0.4\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.3.11-1ubuntu2.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.4.4-2ubuntu1.2\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.4.4-1ubuntu2.3\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.3.5-1ubuntu4.8.04.9\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-06T13:07:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1140", "CVE-2012-1131", "CVE-2012-1136", "CVE-2012-1138", "CVE-2012-1127", "CVE-2012-1126", "CVE-2012-1141", "CVE-2012-1130", "CVE-2012-1135", "CVE-2012-1144", "CVE-2012-1133", "CVE-2012-1134", "CVE-2012-1139", "CVE-2012-1132", "CVE-2012-1142", "CVE-2012-1128", "CVE-2012-1129", "CVE-2012-1143", "CVE-2012-1137"], "description": "Check for the Version of freetype2", "modified": "2018-01-04T00:00:00", "published": "2012-08-03T00:00:00", "id": "OPENVAS:831659", "href": "http://plugins.openvas.org/nasl.php?oid=831659", "type": "openvas", "title": "Mandriva Update for freetype2 MDVSA-2012:057 (freetype2)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for freetype2 MDVSA-2012:057 (freetype2)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple flaws were found in FreeType. Specially crafted files\n could cause application crashes or potentially execute arbitrary\n code (CVE-2012-1126, CVE-2012-1127, CVE-2012-1128, CVE-2012-1129,\n CVE-2012-1130, CVE-2012-1131, CVE-2012-1132, CVE-2012-1133,\n CVE-2012-1134, CVE-2012-1135, CVE-2012-1136, CVE-2012-1137,\n CVE-2012-1138, CVE-2012-1139, CVE-2012-1140, CVE-2012-1141,\n CVE-2012-1142, CVE-2012-1143, CVE-2012-1144).\n\n The updated packages have been patched to correct this issue.\";\n\ntag_affected = \"freetype2 on Mandriva Linux 2011.0,\n Mandriva Enterprise Server 5.2,\n Mandriva Linux 2010.1\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:057\");\n script_id(831659);\n script_version(\"$Revision: 8285 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-04 07:29:16 +0100 (Thu, 04 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-03 09:59:00 +0530 (Fri, 03 Aug 2012)\");\n script_cve_id(\"CVE-2012-1126\", \"CVE-2012-1127\", \"CVE-2012-1128\", \"CVE-2012-1129\",\n \"CVE-2012-1130\", \"CVE-2012-1131\", \"CVE-2012-1132\", \"CVE-2012-1133\",\n \"CVE-2012-1134\", \"CVE-2012-1135\", \"CVE-2012-1136\", \"CVE-2012-1137\",\n \"CVE-2012-1138\", \"CVE-2012-1139\", \"CVE-2012-1140\", \"CVE-2012-1141\",\n \"CVE-2012-1142\", \"CVE-2012-1143\", \"CVE-2012-1144\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2012:057\");\n script_name(\"Mandriva Update for freetype2 MDVSA-2012:057 (freetype2)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of freetype2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype2-demos\", rpm:\"freetype2-demos~2.4.5~2.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6\", rpm:\"libfreetype6~2.4.5~2.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-devel\", rpm:\"libfreetype6-devel~2.4.5~2.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-static-devel\", rpm:\"libfreetype6-static-devel~2.4.5~2.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6\", rpm:\"lib64freetype6~2.4.5~2.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6-devel\", rpm:\"lib64freetype6-devel~2.4.5~2.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6-static-devel\", rpm:\"lib64freetype6-static-devel~2.4.5~2.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_mes5.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype2-demos\", rpm:\"freetype2-demos~2.3.7~1.10mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6\", rpm:\"libfreetype6~2.3.7~1.10mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-devel\", rpm:\"libfreetype6-devel~2.3.7~1.10mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-static-devel\", rpm:\"libfreetype6-static-devel~2.3.7~1.10mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6\", rpm:\"lib64freetype6~2.3.7~1.10mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6-devel\", rpm:\"lib64freetype6-devel~2.3.7~1.10mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6-static-devel\", rpm:\"lib64freetype6-static-devel~2.3.7~1.10mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype2-demos\", rpm:\"freetype2-demos~2.3.12~1.9mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6\", rpm:\"libfreetype6~2.3.12~1.9mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-devel\", rpm:\"libfreetype6-devel~2.3.12~1.9mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-static-devel\", rpm:\"libfreetype6-static-devel~2.3.12~1.9mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6\", rpm:\"lib64freetype6~2.3.12~1.9mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6-devel\", rpm:\"lib64freetype6-devel~2.3.12~1.9mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6-static-devel\", rpm:\"lib64freetype6-static-devel~2.3.12~1.9mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1140", "CVE-2012-1131", "CVE-2012-1136", "CVE-2012-1138", "CVE-2012-1127", "CVE-2012-1126", "CVE-2012-1141", "CVE-2012-1130", "CVE-2012-1135", "CVE-2012-1144", "CVE-2012-1133", "CVE-2012-1134", "CVE-2012-1139", "CVE-2012-1132", "CVE-2012-1142", "CVE-2012-1128", "CVE-2012-1129", "CVE-2012-1143", "CVE-2012-1137"], "description": "The remote host is missing updates announced in\nadvisory GLSA 201204-04.", "modified": "2018-10-12T00:00:00", "published": "2012-04-30T00:00:00", "id": "OPENVAS:136141256231071314", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071314", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201204-04 (FreeType)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa_201204_04.nasl 11859 2018-10-12 08:53:01Z cfischer $\n#\n# Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71314\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2012-1126\", \"CVE-2012-1127\", \"CVE-2012-1128\", \"CVE-2012-1129\", \"CVE-2012-1130\", \"CVE-2012-1131\", \"CVE-2012-1132\", \"CVE-2012-1133\", \"CVE-2012-1134\", \"CVE-2012-1135\", \"CVE-2012-1136\", \"CVE-2012-1137\", \"CVE-2012-1138\", \"CVE-2012-1139\", \"CVE-2012-1140\", \"CVE-2012-1141\", \"CVE-2012-1142\", \"CVE-2012-1143\", \"CVE-2012-1144\");\n script_version(\"$Revision: 11859 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:53:01 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 07:59:57 -0400 (Mon, 30 Apr 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201204-04 (FreeType)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been found in FreeType, allowing\n remote attackers to possibly execute arbitrary code or cause Denial of\n Service.\");\n script_tag(name:\"solution\", value:\"All FreeType users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/freetype-2.4.9'\");\n\n script_xref(name:\"URL\", value:\"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201204-04\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=407257\");\n script_tag(name:\"summary\", value:\"The remote host is missing updates announced in\nadvisory GLSA 201204-04.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-gentoo.inc\");\ninclude(\"revisions-lib.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"media-libs/freetype\", unaffected: make_list(\"ge 2.4.9\"), vulnerable: make_list(\"lt 2.4.9\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:47", "bulletinFamily": "software", "cvelist": ["CVE-2012-0478", "CVE-2012-1140", "CVE-2012-1131", "CVE-2012-1136", "CVE-2012-0479", "CVE-2012-1138", "CVE-2012-1127", "CVE-2012-0470", "CVE-2012-1126", "CVE-2012-1141", "CVE-2012-1130", "CVE-2012-1135", "CVE-2012-1144", "CVE-2012-1133", "CVE-2012-0472", "CVE-2012-1134", "CVE-2012-0469", "CVE-2012-1139", "CVE-2012-0475", "CVE-2012-0474", "CVE-2012-1132", "CVE-2012-1142", "CVE-2011-1187", "CVE-2012-0468", "CVE-2012-1128", "CVE-2012-1129", "CVE-2011-3062", "CVE-2012-0477", "CVE-2012-0473", "CVE-2012-1143", "CVE-2012-0467", "CVE-2012-0471", "CVE-2012-1137"], "description": "Multiple memory corruptions in main code and different libraries, crossite scripting, information leakage.", "edition": 1, "modified": "2012-05-09T00:00:00", "published": "2012-05-09T00:00:00", "id": "SECURITYVULNS:VULN:12355", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12355", "title": "Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-01-07T10:41:19", "description": "The Mozilla Project reports :\n\nMFSA 2012-20 Miscellaneous memory safety hazards (rv:12.0/ rv:10.0.4)\n\nMFSA 2012-21 Multiple security flaws fixed in FreeType v2.4.9\n\nMFSA 2012-22 use-after-free in IDBKeyRange\n\nMFSA 2012-23 Invalid frees causes heap corruption in gfxImageSurface\n\nMFSA 2012-24 Potential XSS via multibyte content processing errors\n\nMFSA 2012-25 Potential memory corruption during font rendering using\ncairo-dwrite\n\nMFSA 2012-26 WebGL.drawElements may read illegal video memory due to\nFindMaxUshortElement error\n\nMFSA 2012-27 Page load short-circuit can lead to XSS\n\nMFSA 2012-28 Ambiguous IPv6 in Origin headers may bypass webserver\naccess restrictions\n\nMFSA 2012-29 Potential XSS through ISO-2022-KR/ISO-2022-CN decoding\nissues\n\nMFSA 2012-30 Crash with WebGL content using textImage2D\n\nMFSA 2012-31 Off-by-one error in OpenType Sanitizer\n\nMFSA 2012-32 HTTP Redirections and remote content can be read by\nJavaScript errors\n\nMFSA 2012-33 Potential site identity spoofing when loading RSS and\nAtom feeds", "edition": 23, "published": "2012-04-25T00:00:00", "title": "FreeBSD : mozilla -- multiple vulnerabilities (380e8c56-8e32-11e1-9580-4061862b8c22)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0478", "CVE-2012-1140", "CVE-2012-1131", "CVE-2012-1136", "CVE-2012-0479", "CVE-2012-1138", "CVE-2012-1127", "CVE-2012-0470", "CVE-2012-1126", "CVE-2012-1141", "CVE-2012-1130", "CVE-2012-1135", "CVE-2012-1144", "CVE-2012-1133", "CVE-2012-0472", "CVE-2012-1134", "CVE-2012-0469", "CVE-2012-1139", "CVE-2012-0475", "CVE-2012-0474", "CVE-2012-1132", "CVE-2012-1142", "CVE-2011-1187", "CVE-2012-0468", "CVE-2012-1128", "CVE-2012-1129", "CVE-2011-3062", "CVE-2012-0477", "CVE-2012-0473", "CVE-2012-1143", "CVE-2012-0467", "CVE-2012-0471", "CVE-2012-1137"], "modified": "2012-04-25T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:linux-thunderbird", "p-cpe:/a:freebsd:freebsd:linux-firefox", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:libxul", "p-cpe:/a:freebsd:freebsd:seamonkey", "p-cpe:/a:freebsd:freebsd:linux-seamonkey", "p-cpe:/a:freebsd:freebsd:firefox", "p-cpe:/a:freebsd:freebsd:thunderbird"], "id": "FREEBSD_PKG_380E8C568E3211E195804061862B8C22.NASL", "href": "https://www.tenable.com/plugins/nessus/58864", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2019 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58864);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-1187\", \"CVE-2011-3062\", \"CVE-2012-0467\", \"CVE-2012-0468\", \"CVE-2012-0469\", \"CVE-2012-0470\", \"CVE-2012-0471\", \"CVE-2012-0472\", \"CVE-2012-0473\", \"CVE-2012-0474\", \"CVE-2012-0475\", \"CVE-2012-0477\", \"CVE-2012-0478\", \"CVE-2012-0479\", \"CVE-2012-1126\", \"CVE-2012-1127\", \"CVE-2012-1128\", \"CVE-2012-1129\", \"CVE-2012-1130\", \"CVE-2012-1131\", \"CVE-2012-1132\", \"CVE-2012-1133\", \"CVE-2012-1134\", \"CVE-2012-1135\", \"CVE-2012-1136\", \"CVE-2012-1137\", \"CVE-2012-1138\", \"CVE-2012-1139\", \"CVE-2012-1140\", \"CVE-2012-1141\", \"CVE-2012-1142\", \"CVE-2012-1143\", \"CVE-2012-1144\");\n\n script_name(english:\"FreeBSD : mozilla -- multiple vulnerabilities (380e8c56-8e32-11e1-9580-4061862b8c22)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Mozilla Project reports :\n\nMFSA 2012-20 Miscellaneous memory safety hazards (rv:12.0/ rv:10.0.4)\n\nMFSA 2012-21 Multiple security flaws fixed in FreeType v2.4.9\n\nMFSA 2012-22 use-after-free in IDBKeyRange\n\nMFSA 2012-23 Invalid frees causes heap corruption in gfxImageSurface\n\nMFSA 2012-24 Potential XSS via multibyte content processing errors\n\nMFSA 2012-25 Potential memory corruption during font rendering using\ncairo-dwrite\n\nMFSA 2012-26 WebGL.drawElements may read illegal video memory due to\nFindMaxUshortElement error\n\nMFSA 2012-27 Page load short-circuit can lead to XSS\n\nMFSA 2012-28 Ambiguous IPv6 in Origin headers may bypass webserver\naccess restrictions\n\nMFSA 2012-29 Potential XSS through ISO-2022-KR/ISO-2022-CN decoding\nissues\n\nMFSA 2012-30 Crash with WebGL content using textImage2D\n\nMFSA 2012-31 Off-by-one error in OpenType Sanitizer\n\nMFSA 2012-32 HTTP Redirections and remote content can be read by\nJavaScript errors\n\nMFSA 2012-33 Potential site identity spoofing when loading RSS and\nAtom feeds\"\n );\n # http://www.mozilla.org/security/announce/2012/mfsa2012-20.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-20/\"\n );\n # http://www.mozilla.org/security/announce/2012/mfsa2012-21.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-21/\"\n );\n # http://www.mozilla.org/security/announce/2012/mfsa2012-22.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-22/\"\n );\n # http://www.mozilla.org/security/announce/2012/mfsa2012-23.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-23/\"\n );\n # http://www.mozilla.org/security/announce/2012/mfsa2012-24.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-24/\"\n );\n # http://www.mozilla.org/security/announce/2012/mfsa2012-25.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-25/\"\n );\n # http://www.mozilla.org/security/announce/2012/mfsa2012-26.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-26/\"\n );\n # http://www.mozilla.org/security/announce/2012/mfsa2012-27.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-27/\"\n );\n # http://www.mozilla.org/security/announce/2012/mfsa2012-28.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-28/\"\n );\n # http://www.mozilla.org/security/announce/2012/mfsa2012-29.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-29/\"\n );\n # http://www.mozilla.org/security/announce/2012/mfsa2012-30.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-30/\"\n );\n # http://www.mozilla.org/security/announce/2012/mfsa2012-31.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-31/\"\n );\n # http://www.mozilla.org/security/announce/2012/mfsa2012-32.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-32/\"\n );\n # http://www.mozilla.org/security/announce/2012/mfsa2012-33.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-33/\"\n );\n # https://vuxml.freebsd.org/freebsd/380e8c56-8e32-11e1-9580-4061862b8c22.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?09c4f784\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:libxul\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/04/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"firefox>11.0,1<12.0,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"firefox<10.0.4,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-firefox<10.0.4,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-seamonkey<2.9\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-thunderbird<10.0.4\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"seamonkey<2.9\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"thunderbird>11.0<12.0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"thunderbird<10.0.4\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"libxul>1.9.2.*<10.0.4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-05T12:29:00", "description": "Specially crafted font files could have caused buffer overflows in\nfreetype. This has been fixed.", "edition": 16, "published": "2012-04-12T00:00:00", "title": "SuSE 11.1 Security Update : freetype2 (SAT Patch Number 6052)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1140", "CVE-2012-1131", "CVE-2012-1136", "CVE-2012-1138", "CVE-2012-1127", "CVE-2012-1126", "CVE-2012-1141", "CVE-2012-1130", "CVE-2012-1135", "CVE-2012-1144", "CVE-2012-1133", "CVE-2012-1134", "CVE-2012-1139", "CVE-2012-1132", "CVE-2012-1142", "CVE-2012-1128", "CVE-2012-1129", "CVE-2012-1143", "CVE-2012-1137"], "modified": "2012-04-12T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:freetype2", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:freetype2-devel", "p-cpe:/a:novell:suse_linux:11:freetype2-32bit", "p-cpe:/a:novell:suse_linux:11:ft2demos"], "id": "SUSE_11_FREETYPE2-120328.NASL", "href": "https://www.tenable.com/plugins/nessus/58720", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58720);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2012-1126\", \"CVE-2012-1127\", \"CVE-2012-1128\", \"CVE-2012-1129\", \"CVE-2012-1130\", \"CVE-2012-1131\", \"CVE-2012-1132\", \"CVE-2012-1133\", \"CVE-2012-1134\", \"CVE-2012-1135\", \"CVE-2012-1136\", \"CVE-2012-1137\", \"CVE-2012-1138\", \"CVE-2012-1139\", \"CVE-2012-1140\", \"CVE-2012-1141\", \"CVE-2012-1142\", \"CVE-2012-1143\", \"CVE-2012-1144\");\n\n script_name(english:\"SuSE 11.1 Security Update : freetype2 (SAT Patch Number 6052)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted font files could have caused buffer overflows in\nfreetype. This has been fixed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=750937\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=750938\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=750939\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=750940\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=750941\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=750942\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=750943\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=750944\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=750945\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=750946\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=750947\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=750948\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=750949\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=750950\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=750951\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=750952\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=750953\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=750954\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=750955\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1126.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1127.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1128.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1129.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1130.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1131.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1132.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1133.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1134.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1135.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1136.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1137.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1138.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1139.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1140.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1141.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1142.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1143.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1144.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 6052.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:freetype2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:freetype2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:freetype2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:ft2demos\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2020 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"freetype2-2.3.7-25.30.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"freetype2-devel-2.3.7-25.30.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"ft2demos-2.3.7-25.30.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"freetype2-2.3.7-25.30.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"freetype2-32bit-2.3.7-25.30.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"freetype2-devel-2.3.7-25.30.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"ft2demos-2.3.7-25.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"freetype2-2.3.7-25.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"ft2demos-2.3.7-25.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"freetype2-32bit-2.3.7-25.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"freetype2-32bit-2.3.7-25.30.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T06:37:41", "description": "Mateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed BDF font files. If a user were tricked into using a\nspecially crafted font file, a remote attacker could cause FreeType to\ncrash. (CVE-2012-1126)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed BDF font files. If a user were tricked into using a\nspecially crafted font file, a remote attacker could cause FreeType to\ncrash. (CVE-2012-1127)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed TrueType font files. If a user were tricked into\nusing a specially crafted font file, a remote attacker could cause\nFreeType to crash. (CVE-2012-1128)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed Type42 font files. If a user were tricked into using\na specially crafted font file, a remote attacker could cause FreeType\nto crash. (CVE-2012-1129)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed PCF font files. If a user were tricked into using a\nspecially crafted font file, a remote attacker could cause FreeType to\ncrash. (CVE-2012-1130)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed TrueType font files. If a user were tricked into\nusing a specially crafted font file, a remote attacker could cause\nFreeType to crash. (CVE-2012-1131)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed Type1 font files. If a user were tricked into using\na specially crafted font file, a remote attacker could cause FreeType\nto crash. (CVE-2012-1132)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed BDF font files. If a user were tricked into using a\nspecially crafted font file, a remote attacker could cause FreeType to\ncrash or possibly execute arbitrary code with user privileges.\n(CVE-2012-1133)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed Type1 font files. If a user were tricked into using\na specially crafted font file, a remote attacker could cause FreeType\nto crash or possibly execute arbitrary code with user privileges.\n(CVE-2012-1134)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed TrueType font files. If a user were tricked into\nusing a specially crafted font file, a remote attacker could cause\nFreeType to crash. (CVE-2012-1135)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed BDF font files. If a user were tricked into using a\nspecially crafted font file, a remote attacker could cause FreeType to\ncrash or possibly execute arbitrary code with user privileges.\n(CVE-2012-1136)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed BDF font files. If a user were tricked into using a\nspecially crafted font file, a remote attacker could cause FreeType to\ncrash. (CVE-2012-1137)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed TrueType font files. If a user were tricked into\nusing a specially crafted font file, a remote attacker could cause\nFreeType to crash. (CVE-2012-1138)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed BDF font files. If a user were tricked into using a\nspecially crafted font file, a remote attacker could cause FreeType to\ncrash. (CVE-2012-1139)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed PostScript font files. If a user were tricked into\nusing a specially crafted font file, a remote attacker could cause\nFreeType to crash. (CVE-2012-1140)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed BDF font files. If a user were tricked into using a\nspecially crafted font file, a remote attacker could cause FreeType to\ncrash. (CVE-2012-1141)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed Windows FNT/FON font files. If a user were tricked\ninto using a specially crafted font file, a remote attacker could\ncause FreeType to crash. (CVE-2012-1142)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed font files. If a user were tricked into using a\nspecially crafted font file, a remote attacker could cause FreeType to\ncrash. (CVE-2012-1143)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed TrueType font files. If a user were tricked into\nusing a specially crafted font file, a remote attacker could cause\nFreeType to crash or possibly execute arbitrary code with user\nprivileges. (CVE-2012-1144).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2012-03-23T00:00:00", "title": "Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : freetype vulnerabilities (USN-1403-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1140", "CVE-2012-1131", "CVE-2012-1136", "CVE-2012-1138", "CVE-2012-1127", "CVE-2012-1126", "CVE-2012-1141", "CVE-2012-1130", "CVE-2012-1135", "CVE-2012-1144", "CVE-2012-1133", "CVE-2012-1134", "CVE-2012-1139", "CVE-2012-1132", "CVE-2012-1142", "CVE-2012-1128", "CVE-2012-1129", "CVE-2012-1143", "CVE-2012-1137"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:11.10", "p-cpe:/a:canonical:ubuntu_linux:libfreetype6", "cpe:/o:canonical:ubuntu_linux:11.04", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "cpe:/o:canonical:ubuntu_linux:10.10"], "id": "UBUNTU_USN-1403-1.NASL", "href": "https://www.tenable.com/plugins/nessus/58444", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1403-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58444);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2012-1126\", \"CVE-2012-1127\", \"CVE-2012-1128\", \"CVE-2012-1129\", \"CVE-2012-1130\", \"CVE-2012-1131\", \"CVE-2012-1132\", \"CVE-2012-1133\", \"CVE-2012-1134\", \"CVE-2012-1135\", \"CVE-2012-1136\", \"CVE-2012-1137\", \"CVE-2012-1138\", \"CVE-2012-1139\", \"CVE-2012-1140\", \"CVE-2012-1141\", \"CVE-2012-1142\", \"CVE-2012-1143\", \"CVE-2012-1144\");\n script_bugtraq_id(52318);\n script_xref(name:\"USN\", value:\"1403-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : freetype vulnerabilities (USN-1403-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed BDF font files. If a user were tricked into using a\nspecially crafted font file, a remote attacker could cause FreeType to\ncrash. (CVE-2012-1126)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed BDF font files. If a user were tricked into using a\nspecially crafted font file, a remote attacker could cause FreeType to\ncrash. (CVE-2012-1127)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed TrueType font files. If a user were tricked into\nusing a specially crafted font file, a remote attacker could cause\nFreeType to crash. (CVE-2012-1128)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed Type42 font files. If a user were tricked into using\na specially crafted font file, a remote attacker could cause FreeType\nto crash. (CVE-2012-1129)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed PCF font files. If a user were tricked into using a\nspecially crafted font file, a remote attacker could cause FreeType to\ncrash. (CVE-2012-1130)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed TrueType font files. If a user were tricked into\nusing a specially crafted font file, a remote attacker could cause\nFreeType to crash. (CVE-2012-1131)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed Type1 font files. If a user were tricked into using\na specially crafted font file, a remote attacker could cause FreeType\nto crash. (CVE-2012-1132)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed BDF font files. If a user were tricked into using a\nspecially crafted font file, a remote attacker could cause FreeType to\ncrash or possibly execute arbitrary code with user privileges.\n(CVE-2012-1133)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed Type1 font files. If a user were tricked into using\na specially crafted font file, a remote attacker could cause FreeType\nto crash or possibly execute arbitrary code with user privileges.\n(CVE-2012-1134)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed TrueType font files. If a user were tricked into\nusing a specially crafted font file, a remote attacker could cause\nFreeType to crash. (CVE-2012-1135)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed BDF font files. If a user were tricked into using a\nspecially crafted font file, a remote attacker could cause FreeType to\ncrash or possibly execute arbitrary code with user privileges.\n(CVE-2012-1136)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed BDF font files. If a user were tricked into using a\nspecially crafted font file, a remote attacker could cause FreeType to\ncrash. (CVE-2012-1137)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed TrueType font files. If a user were tricked into\nusing a specially crafted font file, a remote attacker could cause\nFreeType to crash. (CVE-2012-1138)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed BDF font files. If a user were tricked into using a\nspecially crafted font file, a remote attacker could cause FreeType to\ncrash. (CVE-2012-1139)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed PostScript font files. If a user were tricked into\nusing a specially crafted font file, a remote attacker could cause\nFreeType to crash. (CVE-2012-1140)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed BDF font files. If a user were tricked into using a\nspecially crafted font file, a remote attacker could cause FreeType to\ncrash. (CVE-2012-1141)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed Windows FNT/FON font files. If a user were tricked\ninto using a specially crafted font file, a remote attacker could\ncause FreeType to crash. (CVE-2012-1142)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed font files. If a user were tricked into using a\nspecially crafted font file, a remote attacker could cause FreeType to\ncrash. (CVE-2012-1143)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed TrueType font files. If a user were tricked into\nusing a specially crafted font file, a remote attacker could cause\nFreeType to crash or possibly execute arbitrary code with user\nprivileges. (CVE-2012-1144).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1403-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libfreetype6 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libfreetype6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/04/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(8\\.04|10\\.04|10\\.10|11\\.04|11\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 10.04 / 10.10 / 11.04 / 11.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libfreetype6\", pkgver:\"2.3.5-1ubuntu4.8.04.9\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libfreetype6\", pkgver:\"2.3.11-1ubuntu2.6\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libfreetype6\", pkgver:\"2.4.2-2ubuntu0.4\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"libfreetype6\", pkgver:\"2.4.4-1ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"libfreetype6\", pkgver:\"2.4.4-2ubuntu1.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libfreetype6\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:42:31", "description": "The Freetype project reports :\n\nMultiple vulnerabilities exist in freetype that can result in\napplication crashes and remote code execution. Please review the\ndetails in each of the CVEs for additional information.", "edition": 21, "published": "2012-04-09T00:00:00", "title": "FreeBSD : freetype -- multiple vulnerabilities (462e2d6c-8017-11e1-a571-bcaec565249c)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1140", "CVE-2012-1131", "CVE-2012-1136", "CVE-2012-1138", "CVE-2012-1127", "CVE-2012-1126", "CVE-2012-1141", "CVE-2012-1130", "CVE-2012-1135", "CVE-2012-1144", "CVE-2012-1133", "CVE-2012-1134", "CVE-2012-1139", "CVE-2012-1132", "CVE-2012-1142", "CVE-2012-1128", "CVE-2012-1129", "CVE-2012-1143", "CVE-2012-1137"], "modified": "2012-04-09T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:freetype2"], "id": "FREEBSD_PKG_462E2D6C801711E1A571BCAEC565249C.NASL", "href": "https://www.tenable.com/plugins/nessus/58641", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2019 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58641);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-1126\", \"CVE-2012-1127\", \"CVE-2012-1128\", \"CVE-2012-1129\", \"CVE-2012-1130\", \"CVE-2012-1131\", \"CVE-2012-1132\", \"CVE-2012-1133\", \"CVE-2012-1134\", \"CVE-2012-1135\", \"CVE-2012-1136\", \"CVE-2012-1137\", \"CVE-2012-1138\", \"CVE-2012-1139\", \"CVE-2012-1140\", \"CVE-2012-1141\", \"CVE-2012-1142\", \"CVE-2012-1143\", \"CVE-2012-1144\");\n\n script_name(english:\"FreeBSD : freetype -- multiple vulnerabilities (462e2d6c-8017-11e1-a571-bcaec565249c)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Freetype project reports :\n\nMultiple vulnerabilities exist in freetype that can result in\napplication crashes and remote code execution. Please review the\ndetails in each of the CVEs for additional information.\"\n );\n # https://sourceforge.net/projects/freetype/files/freetype2/2.4.9/README/view\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?131c7cfe\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=806270\"\n );\n # https://vuxml.freebsd.org/freebsd/462e2d6c-8017-11e1-a571-bcaec565249c.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?58b009d3\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:freetype2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"freetype2<2.4.9\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T11:53:38", "description": "Multiple flaws were found in FreeType. Specially crafted files could\ncause application crashes or potentially execute arbitrary code\n(CVE-2012-1126, CVE-2012-1127, CVE-2012-1128, CVE-2012-1129,\nCVE-2012-1130, CVE-2012-1131, CVE-2012-1132, CVE-2012-1133,\nCVE-2012-1134, CVE-2012-1135, CVE-2012-1136, CVE-2012-1137,\nCVE-2012-1138, CVE-2012-1139, CVE-2012-1140, CVE-2012-1141,\nCVE-2012-1142, CVE-2012-1143, CVE-2012-1144).\n\nThe updated packages have been patched to correct this issue.", "edition": 24, "published": "2012-04-13T00:00:00", "title": "Mandriva Linux Security Advisory : freetype2 (MDVSA-2012:057)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1140", "CVE-2012-1131", "CVE-2012-1136", "CVE-2012-1138", "CVE-2012-1127", "CVE-2012-1126", "CVE-2012-1141", "CVE-2012-1130", "CVE-2012-1135", "CVE-2012-1144", "CVE-2012-1133", "CVE-2012-1134", "CVE-2012-1139", "CVE-2012-1132", "CVE-2012-1142", "CVE-2012-1128", "CVE-2012-1129", "CVE-2012-1143", "CVE-2012-1137"], "modified": "2012-04-13T00:00:00", "cpe": ["cpe:/o:mandriva:linux:2011", "p-cpe:/a:mandriva:linux:lib64freetype6", "p-cpe:/a:mandriva:linux:lib64freetype6-static-devel", "p-cpe:/a:mandriva:linux:freetype2-demos", "p-cpe:/a:mandriva:linux:libfreetype6", "cpe:/o:mandriva:linux:2010.1", "p-cpe:/a:mandriva:linux:libfreetype6-devel", "p-cpe:/a:mandriva:linux:libfreetype6-static-devel", "p-cpe:/a:mandriva:linux:lib64freetype6-devel"], "id": "MANDRIVA_MDVSA-2012-057.NASL", "href": "https://www.tenable.com/plugins/nessus/58734", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2012:057. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58734);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-1126\", \"CVE-2012-1127\", \"CVE-2012-1128\", \"CVE-2012-1129\", \"CVE-2012-1130\", \"CVE-2012-1131\", \"CVE-2012-1132\", \"CVE-2012-1133\", \"CVE-2012-1134\", \"CVE-2012-1135\", \"CVE-2012-1136\", \"CVE-2012-1137\", \"CVE-2012-1138\", \"CVE-2012-1139\", \"CVE-2012-1140\", \"CVE-2012-1141\", \"CVE-2012-1142\", \"CVE-2012-1143\", \"CVE-2012-1144\");\n script_bugtraq_id(52318);\n script_xref(name:\"MDVSA\", value:\"2012:057\");\n\n script_name(english:\"Mandriva Linux Security Advisory : freetype2 (MDVSA-2012:057)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple flaws were found in FreeType. Specially crafted files could\ncause application crashes or potentially execute arbitrary code\n(CVE-2012-1126, CVE-2012-1127, CVE-2012-1128, CVE-2012-1129,\nCVE-2012-1130, CVE-2012-1131, CVE-2012-1132, CVE-2012-1133,\nCVE-2012-1134, CVE-2012-1135, CVE-2012-1136, CVE-2012-1137,\nCVE-2012-1138, CVE-2012-1139, CVE-2012-1140, CVE-2012-1141,\nCVE-2012-1142, CVE-2012-1143, CVE-2012-1144).\n\nThe updated packages have been patched to correct this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:freetype2-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freetype6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freetype6-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freetype6-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libfreetype6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libfreetype6-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libfreetype6-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2011\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2010.1\", reference:\"freetype2-demos-2.3.12-1.9mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64freetype6-2.3.12-1.9mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64freetype6-devel-2.3.12-1.9mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64freetype6-static-devel-2.3.12-1.9mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libfreetype6-2.3.12-1.9mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libfreetype6-devel-2.3.12-1.9mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libfreetype6-static-devel-2.3.12-1.9mdv2010.2\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2011\", reference:\"freetype2-demos-2.4.5-2.3-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64freetype6-2.4.5-2.3-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64freetype6-devel-2.4.5-2.3-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64freetype6-static-devel-2.4.5-2.3-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libfreetype6-2.4.5-2.3-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libfreetype6-devel-2.4.5-2.3-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libfreetype6-static-devel-2.4.5-2.3-mdv2011.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:53:53", "description": "The remote host is affected by the vulnerability described in GLSA-201204-04\n(FreeType: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in FreeType. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted font,\n possibly resulting in execution of arbitrary code with the privileges of\n the user running the application, or a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 21, "published": "2012-06-21T00:00:00", "title": "GLSA-201204-04 : FreeType: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1140", "CVE-2012-1131", "CVE-2012-1136", "CVE-2012-1138", "CVE-2012-1127", "CVE-2012-1126", "CVE-2012-1141", "CVE-2012-1130", "CVE-2012-1135", "CVE-2012-1144", "CVE-2012-1133", "CVE-2012-1134", "CVE-2012-1139", "CVE-2012-1132", "CVE-2012-1142", "CVE-2012-1128", "CVE-2012-1129", "CVE-2012-1143", "CVE-2012-1137"], "modified": "2012-06-21T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:freetype", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201204-04.NASL", "href": "https://www.tenable.com/plugins/nessus/59620", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201204-04.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59620);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-1126\", \"CVE-2012-1127\", \"CVE-2012-1128\", \"CVE-2012-1129\", \"CVE-2012-1130\", \"CVE-2012-1131\", \"CVE-2012-1132\", \"CVE-2012-1133\", \"CVE-2012-1134\", \"CVE-2012-1135\", \"CVE-2012-1136\", \"CVE-2012-1137\", \"CVE-2012-1138\", \"CVE-2012-1139\", \"CVE-2012-1140\", \"CVE-2012-1141\", \"CVE-2012-1142\", \"CVE-2012-1143\", \"CVE-2012-1144\");\n script_bugtraq_id(52318);\n script_xref(name:\"GLSA\", value:\"201204-04\");\n\n script_name(english:\"GLSA-201204-04 : FreeType: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201204-04\n(FreeType: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in FreeType. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted font,\n possibly resulting in execution of arbitrary code with the privileges of\n the user running the application, or a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201204-04\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All FreeType users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/freetype-2.4.9'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-libs/freetype\", unaffected:make_list(\"ge 2.4.9\"), vulnerable:make_list(\"lt 2.4.9\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"FreeType\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-05T11:11:47", "description": "Specially crafted font files could cause buffer overflows in freetype", "edition": 15, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : freetype2 (openSUSE-SU-2012:0489-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1140", "CVE-2012-1131", "CVE-2012-1136", "CVE-2012-1138", "CVE-2012-1127", "CVE-2012-1126", "CVE-2012-1141", "CVE-2012-1130", "CVE-2012-1135", "CVE-2012-1144", "CVE-2012-1133", "CVE-2012-1134", "CVE-2012-1139", "CVE-2012-1132", "CVE-2012-1142", "CVE-2012-1128", "CVE-2012-1129", "CVE-2012-1143", "CVE-2012-1137"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:freetype2-devel-32bit", "p-cpe:/a:novell:opensuse:freetype2-debugsource", "p-cpe:/a:novell:opensuse:libfreetype6-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libfreetype6-debuginfo", "cpe:/o:novell:opensuse:12.1", "p-cpe:/a:novell:opensuse:libfreetype6", "p-cpe:/a:novell:opensuse:freetype2-devel", "p-cpe:/a:novell:opensuse:libfreetype6-32bit"], "id": "OPENSUSE-2012-220.NASL", "href": "https://www.tenable.com/plugins/nessus/74597", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-220.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74597);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2012-1126\", \"CVE-2012-1127\", \"CVE-2012-1128\", \"CVE-2012-1129\", \"CVE-2012-1130\", \"CVE-2012-1131\", \"CVE-2012-1132\", \"CVE-2012-1133\", \"CVE-2012-1134\", \"CVE-2012-1135\", \"CVE-2012-1136\", \"CVE-2012-1137\", \"CVE-2012-1138\", \"CVE-2012-1139\", \"CVE-2012-1140\", \"CVE-2012-1141\", \"CVE-2012-1142\", \"CVE-2012-1143\", \"CVE-2012-1144\");\n\n script_name(english:\"openSUSE Security Update : freetype2 (openSUSE-SU-2012:0489-1)\");\n script_summary(english:\"Check for the openSUSE-2012-220 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\"Specially crafted font files could cause buffer overflows in freetype\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-04/msg00029.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freetype2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freetype2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freetype2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freetype2-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreetype6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreetype6-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreetype6-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreetype6-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/04/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"freetype2-debugsource-2.4.7-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"freetype2-devel-2.4.7-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libfreetype6-2.4.7-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libfreetype6-debuginfo-2.4.7-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"freetype2-devel-32bit-2.4.7-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libfreetype6-32bit-2.4.7-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libfreetype6-debuginfo-32bit-2.4.7-6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype2-debugsource / freetype2-devel / freetype2-devel-32bit / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:00:55", "description": "The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n read operation and memory corruption) or possibly\n execute arbitrary code via crafted property data in a\n BDF font. (CVE-2012-1126)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n read operation and memory corruption) or possibly\n execute arbitrary code via crafted glyph or bitmap data\n in a BDF font. (CVE-2012-1127)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (NULL pointer\n dereference and memory corruption) or possibly execute\n arbitrary code via a crafted TrueType font.\n (CVE-2012-1128)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n read operation and memory corruption) or possibly\n execute arbitrary code via a crafted SFNT string in a\n Type 42 font. (CVE-2012-1129)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n read operation and memory corruption) or possibly\n execute arbitrary code via crafted property data in a\n PCF font. (CVE-2012-1130)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, on 64-bit platforms\n allows remote attackers to cause a denial of service\n (invalid heap read operation and memory corruption) or\n possibly execute arbitrary code via vectors related to\n the cell table of a font. (CVE-2012-1131)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n read operation and memory corruption) or possibly\n execute arbitrary code via crafted dictionary data in a\n Type 1 font. (CVE-2012-1132)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n write operation and memory corruption) or possibly\n execute arbitrary code via crafted glyph or bitmap data\n in a BDF font. (CVE-2012-1133)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n write operation and memory corruption) or possibly\n execute arbitrary code via crafted private-dictionary\n data in a Type 1 font. (CVE-2012-1134)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n read operation and memory corruption) or possibly\n execute arbitrary code via vectors involving the NPUSHB\n and NPUSHW instructions in a TrueType font.\n (CVE-2012-1135)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n write operation and memory corruption) or possibly\n execute arbitrary code via crafted glyph or bitmap data\n in a BDF font that lacks an ENCODING field.\n (CVE-2012-1136)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n read operation and memory corruption) or possibly\n execute arbitrary code via a crafted header in a BDF\n font. (CVE-2012-1137)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n read operation and memory corruption) or possibly\n execute arbitrary code via vectors involving the MIRP\n instruction in a TrueType font. (CVE-2012-1138)\n\n - Array index error in FreeType before 2.4.9, as used in\n Mozilla Firefox Mobile before 10.0.4 and other products,\n allows remote attackers to cause a denial of service\n (invalid stack read operation and memory corruption) or\n possibly execute arbitrary code via crafted glyph data\n in a BDF font. (CVE-2012-1139)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n read operation and memory corruption) or possibly\n execute arbitrary code via a crafted PostScript font\n object. (CVE-2012-1140)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n read operation and memory corruption) or possibly\n execute arbitrary code via a crafted ASCII string in a\n BDF font. (CVE-2012-1141)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n write operation and memory corruption) or possibly\n execute arbitrary code via crafted glyph-outline data in\n a font. (CVE-2012-1142)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (divide-by-zero\n error) via a crafted font. (CVE-2012-1143)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n write operation and memory corruption) or possibly\n execute arbitrary code via a crafted TrueType font.\n (CVE-2012-1144)", "edition": 24, "published": "2015-01-19T00:00:00", "title": "Oracle Solaris Third-Party Patch Update : freetype (multiple_denial_of_service_dos1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1140", "CVE-2012-1131", "CVE-2012-1136", "CVE-2012-1138", "CVE-2012-1127", "CVE-2012-1126", "CVE-2012-1141", "CVE-2012-1130", "CVE-2012-1135", "CVE-2012-1144", "CVE-2012-1133", "CVE-2012-1134", "CVE-2012-1139", "CVE-2012-1132", "CVE-2012-1142", "CVE-2012-1128", "CVE-2012-1129", "CVE-2012-1143", "CVE-2012-1137"], "modified": "2015-01-19T00:00:00", "cpe": ["p-cpe:/a:oracle:solaris:freetype", "cpe:/o:oracle:solaris:11.0"], "id": "SOLARIS11_FREETYPE_20141107_2.NASL", "href": "https://www.tenable.com/plugins/nessus/80616", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle Third Party software advisories.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80616);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-1126\", \"CVE-2012-1127\", \"CVE-2012-1128\", \"CVE-2012-1129\", \"CVE-2012-1130\", \"CVE-2012-1131\", \"CVE-2012-1132\", \"CVE-2012-1133\", \"CVE-2012-1134\", \"CVE-2012-1135\", \"CVE-2012-1136\", \"CVE-2012-1137\", \"CVE-2012-1138\", \"CVE-2012-1139\", \"CVE-2012-1140\", \"CVE-2012-1141\", \"CVE-2012-1142\", \"CVE-2012-1143\", \"CVE-2012-1144\");\n\n script_name(english:\"Oracle Solaris Third-Party Patch Update : freetype (multiple_denial_of_service_dos1)\");\n script_summary(english:\"Check for the 'entire' version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch for third-party\nsoftware.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n read operation and memory corruption) or possibly\n execute arbitrary code via crafted property data in a\n BDF font. (CVE-2012-1126)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n read operation and memory corruption) or possibly\n execute arbitrary code via crafted glyph or bitmap data\n in a BDF font. (CVE-2012-1127)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (NULL pointer\n dereference and memory corruption) or possibly execute\n arbitrary code via a crafted TrueType font.\n (CVE-2012-1128)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n read operation and memory corruption) or possibly\n execute arbitrary code via a crafted SFNT string in a\n Type 42 font. (CVE-2012-1129)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n read operation and memory corruption) or possibly\n execute arbitrary code via crafted property data in a\n PCF font. (CVE-2012-1130)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, on 64-bit platforms\n allows remote attackers to cause a denial of service\n (invalid heap read operation and memory corruption) or\n possibly execute arbitrary code via vectors related to\n the cell table of a font. (CVE-2012-1131)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n read operation and memory corruption) or possibly\n execute arbitrary code via crafted dictionary data in a\n Type 1 font. (CVE-2012-1132)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n write operation and memory corruption) or possibly\n execute arbitrary code via crafted glyph or bitmap data\n in a BDF font. (CVE-2012-1133)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n write operation and memory corruption) or possibly\n execute arbitrary code via crafted private-dictionary\n data in a Type 1 font. (CVE-2012-1134)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n read operation and memory corruption) or possibly\n execute arbitrary code via vectors involving the NPUSHB\n and NPUSHW instructions in a TrueType font.\n (CVE-2012-1135)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n write operation and memory corruption) or possibly\n execute arbitrary code via crafted glyph or bitmap data\n in a BDF font that lacks an ENCODING field.\n (CVE-2012-1136)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n read operation and memory corruption) or possibly\n execute arbitrary code via a crafted header in a BDF\n font. (CVE-2012-1137)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n read operation and memory corruption) or possibly\n execute arbitrary code via vectors involving the MIRP\n instruction in a TrueType font. (CVE-2012-1138)\n\n - Array index error in FreeType before 2.4.9, as used in\n Mozilla Firefox Mobile before 10.0.4 and other products,\n allows remote attackers to cause a denial of service\n (invalid stack read operation and memory corruption) or\n possibly execute arbitrary code via crafted glyph data\n in a BDF font. (CVE-2012-1139)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n read operation and memory corruption) or possibly\n execute arbitrary code via a crafted PostScript font\n object. (CVE-2012-1140)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n read operation and memory corruption) or possibly\n execute arbitrary code via a crafted ASCII string in a\n BDF font. (CVE-2012-1141)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n write operation and memory corruption) or possibly\n execute arbitrary code via crafted glyph-outline data in\n a font. (CVE-2012-1142)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (divide-by-zero\n error) via a crafted font. (CVE-2012-1143)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n write operation and memory corruption) or possibly\n execute arbitrary code via a crafted TrueType font.\n (CVE-2012-1144)\"\n );\n # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a913f44\"\n );\n # https://blogs.oracle.com/sunsecurity/multiple-denial-of-service-dos-vulnerabilities-in-freetype\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2a790f4c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Solaris 11/11 SRU 8.5.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:freetype\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\", \"Host/Solaris11/pkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\npkg_list = solaris_pkg_list_leaves();\nif (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, \"Solaris pkg-list packages\");\n\nif (empty_or_null(egrep(string:pkg_list, pattern:\"^freetype-\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype\");\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.0.8.0.5.0\", sru:\"SRU 8.5\") > 0) flag++;\n\nif (flag)\n{\n error_extra = 'Affected package : freetype\\n' + solaris_get_report2();\n error_extra = ereg_replace(pattern:\"version\", replace:\"OS version\", string:error_extra);\n if (report_verbosity > 0) security_hole(port:0, extra:error_extra);\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"freetype\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-05T12:52:56", "description": "Specially crafted font files could have caused buffer overflows in\nfreetype. This has been fixed.", "edition": 14, "published": "2012-04-12T00:00:00", "title": "SuSE 10 Security Update : freetype2 (ZYPP Patch Number 8039)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1131", "CVE-2012-1136", "CVE-2012-1138", "CVE-2012-1127", "CVE-2012-1126", "CVE-2012-1141", "CVE-2012-1130", "CVE-2012-1135", "CVE-2012-1133", "CVE-2012-1134", "CVE-2012-1139", "CVE-2012-1132", "CVE-2012-1142", "CVE-2012-1129", "CVE-2012-1143", "CVE-2012-1137"], "modified": "2012-04-12T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_FREETYPE2-8039.NASL", "href": "https://www.tenable.com/plugins/nessus/58722", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58722);\n script_version (\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2012-1126\", \"CVE-2012-1127\", \"CVE-2012-1129\", \"CVE-2012-1130\", \"CVE-2012-1131\", \"CVE-2012-1132\", \"CVE-2012-1133\", \"CVE-2012-1134\", \"CVE-2012-1135\", \"CVE-2012-1136\", \"CVE-2012-1137\", \"CVE-2012-1138\", \"CVE-2012-1139\", \"CVE-2012-1141\", \"CVE-2012-1142\", \"CVE-2012-1143\");\n\n script_name(english:\"SuSE 10 Security Update : freetype2 (ZYPP Patch Number 8039)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted font files could have caused buffer overflows in\nfreetype. This has been fixed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1126.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1127.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1129.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1130.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1131.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1132.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1133.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1134.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1135.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1136.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1137.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1138.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1139.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1141.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1142.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1143.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 8039.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/04/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"freetype2-2.1.10-18.29.6\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"freetype2-devel-2.1.10-18.29.6\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"ft2demos-2.1.10-19.29.2\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"freetype2-32bit-2.1.10-18.29.6\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"freetype2-devel-32bit-2.1.10-18.29.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"freetype2-2.1.10-18.29.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"freetype2-devel-2.1.10-18.29.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"ft2demos-2.1.10-19.29.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"freetype2-32bit-2.1.10-18.29.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"freetype2-devel-32bit-2.1.10-18.29.6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:27:39", "description": "Updated freetype packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open\nand manage font files. It also loads, hints, and renders individual\nglyphs efficiently.\n\nMultiple flaws were found in the way FreeType handled TrueType Font\n(TTF), Glyph Bitmap Distribution Format (BDF), Windows .fnt and .fon,\nand PostScript Type 1 fonts. If a specially crafted font file was\nloaded by an application linked against FreeType, it could cause the\napplication to crash or, potentially, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2012-1134,\nCVE-2012-1136, CVE-2012-1142, CVE-2012-1144)\n\nMultiple flaws were found in the way FreeType handled fonts in various\nformats. If a specially crafted font file was loaded by an application\nlinked against FreeType, it could cause the application to crash.\n(CVE-2012-1126, CVE-2012-1127, CVE-2012-1130, CVE-2012-1131,\nCVE-2012-1132, CVE-2012-1137, CVE-2012-1139, CVE-2012-1140,\nCVE-2012-1141, CVE-2012-1143)\n\nRed Hat would like to thank Mateusz Jurczyk of the Google Security\nTeam for reporting these issues.\n\nUsers are advised to upgrade to these updated packages, which contain\na backported patch to correct these issues. The X server must be\nrestarted (log out, then log back in) for this update to take effect.", "edition": 24, "published": "2012-04-11T00:00:00", "title": "CentOS 5 / 6 : freetype (CESA-2012:0467)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1140", "CVE-2012-1131", "CVE-2012-1136", "CVE-2012-1127", "CVE-2012-1126", "CVE-2012-1141", "CVE-2012-1130", "CVE-2012-1144", "CVE-2012-1134", "CVE-2012-1139", "CVE-2012-1132", "CVE-2012-1142", "CVE-2012-1143", "CVE-2012-1137"], "modified": "2012-04-11T00:00:00", "cpe": ["cpe:/o:centos:centos:6", "p-cpe:/a:centos:centos:freetype", "p-cpe:/a:centos:centos:freetype-demos", "cpe:/o:centos:centos:5", "p-cpe:/a:centos:centos:freetype-devel"], "id": "CENTOS_RHSA-2012-0467.NASL", "href": "https://www.tenable.com/plugins/nessus/58665", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0467 and \n# CentOS Errata and Security Advisory 2012:0467 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58665);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2012-1126\", \"CVE-2012-1127\", \"CVE-2012-1130\", \"CVE-2012-1131\", \"CVE-2012-1132\", \"CVE-2012-1134\", \"CVE-2012-1136\", \"CVE-2012-1137\", \"CVE-2012-1139\", \"CVE-2012-1140\", \"CVE-2012-1141\", \"CVE-2012-1142\", \"CVE-2012-1143\", \"CVE-2012-1144\");\n script_bugtraq_id(52318);\n script_xref(name:\"RHSA\", value:\"2012:0467\");\n\n script_name(english:\"CentOS 5 / 6 : freetype (CESA-2012:0467)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated freetype packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open\nand manage font files. It also loads, hints, and renders individual\nglyphs efficiently.\n\nMultiple flaws were found in the way FreeType handled TrueType Font\n(TTF), Glyph Bitmap Distribution Format (BDF), Windows .fnt and .fon,\nand PostScript Type 1 fonts. If a specially crafted font file was\nloaded by an application linked against FreeType, it could cause the\napplication to crash or, potentially, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2012-1134,\nCVE-2012-1136, CVE-2012-1142, CVE-2012-1144)\n\nMultiple flaws were found in the way FreeType handled fonts in various\nformats. If a specially crafted font file was loaded by an application\nlinked against FreeType, it could cause the application to crash.\n(CVE-2012-1126, CVE-2012-1127, CVE-2012-1130, CVE-2012-1131,\nCVE-2012-1132, CVE-2012-1137, CVE-2012-1139, CVE-2012-1140,\nCVE-2012-1141, CVE-2012-1143)\n\nRed Hat would like to thank Mateusz Jurczyk of the Google Security\nTeam for reporting these issues.\n\nUsers are advised to upgrade to these updated packages, which contain\na backported patch to correct these issues. The X server must be\nrestarted (log out, then log back in) for this update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-April/018559.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f53620ad\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-April/018563.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9ab660d9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freetype packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-1126\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freetype-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freetype-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/04/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x / 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"freetype-2.2.1-31.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"freetype-demos-2.2.1-31.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"freetype-devel-2.2.1-31.el5_8.1\")) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"freetype-2.3.11-6.el6_2.9\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"freetype-demos-2.3.11-6.el6_2.9\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"freetype-devel-2.3.11-6.el6_2.9\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype / freetype-demos / freetype-devel\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:50", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0478", "CVE-2012-1140", "CVE-2012-1131", "CVE-2012-1136", "CVE-2012-0479", "CVE-2012-1138", "CVE-2012-1127", "CVE-2012-0470", "CVE-2012-1126", "CVE-2012-1141", "CVE-2012-1130", "CVE-2012-1135", "CVE-2012-1144", "CVE-2012-1133", "CVE-2012-0472", "CVE-2012-1134", "CVE-2012-0469", "CVE-2012-1139", "CVE-2012-0475", "CVE-2012-0474", "CVE-2012-1132", "CVE-2012-1142", "CVE-2011-1187", "CVE-2012-0468", "CVE-2012-1128", "CVE-2012-1129", "CVE-2011-3062", "CVE-2012-0477", "CVE-2012-0473", "CVE-2012-1143", "CVE-2012-0467", "CVE-2012-0471", "CVE-2012-1137"], "description": "\nThe Mozilla Project reports:\n\nMFSA 2012-20 Miscellaneous memory safety hazards (rv:12.0/ rv:10.0.4)\nMFSA 2012-21 Multiple security flaws fixed in FreeType v2.4.9\nMFSA 2012-22 use-after-free in IDBKeyRange\nMFSA 2012-23 Invalid frees causes heap corruption in gfxImageSurface\nMFSA 2012-24 Potential XSS via multibyte content processing errors\nMFSA 2012-25 Potential memory corruption during font rendering using cairo-dwrite\nMFSA 2012-26 WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error\nMFSA 2012-27 Page load short-circuit can lead to XSS\nMFSA 2012-28 Ambiguous IPv6 in Origin headers may bypass webserver access restrictions\nMFSA 2012-29 Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues\nMFSA 2012-30 Crash with WebGL content using textImage2D\nMFSA 2012-31 Off-by-one error in OpenType Sanitizer\nMFSA 2012-32 HTTP Redirections and remote content can be read by javascript errors\nMFSA 2012-33 Potential site identity spoofing when loading RSS and Atom feeds\n\n", "edition": 4, "modified": "2012-04-24T00:00:00", "published": "2012-04-24T00:00:00", "id": "380E8C56-8E32-11E1-9580-4061862B8C22", "href": "https://vuxml.freebsd.org/freebsd/380e8c56-8e32-11e1-9580-4061862b8c22.html", "title": "mozilla -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1140", "CVE-2012-1131", "CVE-2012-1136", "CVE-2012-1138", "CVE-2012-1127", "CVE-2012-1126", "CVE-2012-1141", "CVE-2012-1130", "CVE-2012-1135", "CVE-2012-1144", "CVE-2012-1133", "CVE-2012-1134", "CVE-2012-1139", "CVE-2012-1132", "CVE-2012-1142", "CVE-2012-1128", "CVE-2012-1129", "CVE-2012-1143", "CVE-2012-1137"], "description": "\nThe Freetype project reports:\n\nMultiple vulnerabilities exist in freetype that can result in\n\t application crashes and remote code execution. Please review\n\t the details in each of the CVEs for additional information.\n\n", "edition": 4, "modified": "2012-03-08T00:00:00", "published": "2012-03-08T00:00:00", "id": "462E2D6C-8017-11E1-A571-BCAEC565249C", "href": "https://vuxml.freebsd.org/freebsd/462e2d6c-8017-11e1-a571-bcaec565249c.html", "title": "freetype -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-09T00:23:46", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1140", "CVE-2012-1131", "CVE-2012-1136", "CVE-2012-1138", "CVE-2012-1127", "CVE-2012-1126", "CVE-2012-1141", "CVE-2012-1130", "CVE-2012-1135", "CVE-2012-1144", "CVE-2012-1133", "CVE-2012-1134", "CVE-2012-1139", "CVE-2012-1132", "CVE-2012-1142", "CVE-2012-1128", "CVE-2012-1129", "CVE-2012-1143", "CVE-2012-1137"], "description": "Mateusz Jurczyk discovered that FreeType did not correctly handle certain \nmalformed BDF font files. If a user were tricked into using a specially crafted \nfont file, a remote attacker could cause FreeType to crash. (CVE-2012-1126)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle certain \nmalformed BDF font files. If a user were tricked into using a specially crafted \nfont file, a remote attacker could cause FreeType to crash. (CVE-2012-1127)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle certain \nmalformed TrueType font files. If a user were tricked into using a specially \ncrafted font file, a remote attacker could cause FreeType to crash. \n(CVE-2012-1128)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle certain \nmalformed Type42 font files. If a user were tricked into using a specially \ncrafted font file, a remote attacker could cause FreeType to crash. \n(CVE-2012-1129)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle certain \nmalformed PCF font files. If a user were tricked into using a specially crafted \nfont file, a remote attacker could cause FreeType to crash. (CVE-2012-1130)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle certain \nmalformed TrueType font files. If a user were tricked into using a specially \ncrafted font file, a remote attacker could cause FreeType to crash. \n(CVE-2012-1131)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle certain \nmalformed Type1 font files. If a user were tricked into using a specially \ncrafted font file, a remote attacker could cause FreeType to crash. \n(CVE-2012-1132)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle certain \nmalformed BDF font files. If a user were tricked into using a specially crafted \nfont file, a remote attacker could cause FreeType to crash or possibly execute \narbitrary code with user privileges. (CVE-2012-1133)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle certain \nmalformed Type1 font files. If a user were tricked into using a specially \ncrafted font file, a remote attacker could cause FreeType to crash or possibly \nexecute arbitrary code with user privileges. (CVE-2012-1134)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle certain \nmalformed TrueType font files. If a user were tricked into using a specially \ncrafted font file, a remote attacker could cause FreeType to crash. \n(CVE-2012-1135)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle certain \nmalformed BDF font files. If a user were tricked into using a specially crafted \nfont file, a remote attacker could cause FreeType to crash or possibly execute \narbitrary code with user privileges. (CVE-2012-1136)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle certain \nmalformed BDF font files. If a user were tricked into using a specially crafted \nfont file, a remote attacker could cause FreeType to crash. (CVE-2012-1137)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle certain \nmalformed TrueType font files. If a user were tricked into using a specially \ncrafted font file, a remote attacker could cause FreeType to crash. \n(CVE-2012-1138)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle certain \nmalformed BDF font files. If a user were tricked into using a specially crafted \nfont file, a remote attacker could cause FreeType to crash. (CVE-2012-1139)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle certain \nmalformed PostScript font files. If a user were tricked into using a specially \ncrafted font file, a remote attacker could cause FreeType to crash. \n(CVE-2012-1140)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle certain \nmalformed BDF font files. If a user were tricked into using a specially crafted \nfont file, a remote attacker could cause FreeType to crash. (CVE-2012-1141)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle certain \nmalformed Windows FNT/FON font files. If a user were tricked into using a \nspecially crafted font file, a remote attacker could cause FreeType to crash. \n(CVE-2012-1142)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle certain \nmalformed font files. If a user were tricked into using a specially crafted \nfont file, a remote attacker could cause FreeType to crash. (CVE-2012-1143)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle certain \nmalformed TrueType font files. If a user were tricked into using a specially \ncrafted font file, a remote attacker could cause FreeType to crash or possibly \nexecute arbitrary code with user privileges. (CVE-2012-1144)", "edition": 5, "modified": "2012-03-23T00:00:00", "published": "2012-03-23T00:00:00", "id": "USN-1403-1", "href": "https://ubuntu.com/security/notices/USN-1403-1", "title": "FreeType vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:42:39", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0478", "CVE-2012-0479", "CVE-2012-0470", "CVE-2012-0469", "CVE-2012-0475", "CVE-2012-0474", "CVE-2011-1187", "CVE-2012-0468", "CVE-2011-3062", "CVE-2012-0477", "CVE-2012-0473", "CVE-2012-0467", "CVE-2012-0471"], "description": "USN-1430-1 fixed vulnerabilities in Firefox. This update provides the \ncorresponding fixes for Thunderbird.\n\nOriginal advisory details:\n\nBob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong, \nHilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward, and Olli Pettay \ndiscovered memory safety issues affecting Firefox. If the user were tricked \ninto opening a specially crafted page, an attacker could exploit these to \ncause a denial of service via application crash, or potentially execute \ncode with the privileges of the user invoking Firefox. (CVE-2012-0467, \nCVE-2012-0468)\n\nAki Helin discovered a use-after-free vulnerability in XPConnect. An \nattacker could potentially exploit this to execute arbitrary code with the \nprivileges of the user invoking Firefox. (CVE-2012-0469)\n\nAtte Kettunen discovered that invalid frees cause heap corruption in \ngfxImageSurface. If a user were tricked into opening a malicious Scalable \nVector Graphics (SVG) image file, an attacker could exploit these to cause \na denial of service via application crash, or potentially execute code with \nthe privileges of the user invoking Firefox. (CVE-2012-0470)\n\nAnne van Kesteren discovered a potential cross-site scripting (XSS) \nvulnerability via multibyte content processing errors. With cross-site \nscripting vulnerabilities, if a user were tricked into viewing a specially \ncrafted page, a remote attacker could exploit this to modify the contents, \nor steal confidential data, within the same domain. (CVE-2012-0471)\n\nMatias Juntunen discovered a vulnerability in Firefox's WebGL \nimplementation that potentially allows the reading of illegal video memory. \nAn attacker could possibly exploit this to cause a denial of service via \napplication crash. (CVE-2012-0473)\n\nJordi Chancel, Eddy Bordi, and Chris McGowen discovered that Firefox \nallowed the address bar to display a different website than the one the \nuser was visiting. This could potentially leave the user vulnerable to \ncross-site scripting (XSS) attacks. With cross-site scripting \nvulnerabilities, if a user were tricked into viewing a specially crafted \npage, a remote attacker could exploit this to modify the contents, or steal \nconfidential data, within the same domain. (CVE-2012-0474)\n\nSimone Fabiano discovered that Firefox did not always send correct origin \nheaders when connecting to an IPv6 websites. An attacker could potentially \nuse this to bypass intended access controls. (CVE-2012-0475)\n\nMasato Kinugawa discovered that cross-site scripting (XSS) injection is \npossible during the decoding of ISO-2022-KR and ISO-2022-CN character sets. \nWith cross-site scripting vulnerabilities, if a user were tricked into \nviewing a specially crafted page, a remote attacker could exploit this to \nmodify the contents, or steal confidential data, within the same domain. \n(CVE-2012-0477)\n\nIt was discovered that certain images rendered using WebGL could cause \nFirefox to crash. If the user were tricked into opening a specially crafted \npage, an attacker could exploit this to cause a denial of service via \napplication crash, or potentially execute code with the privileges of the \nuser invoking Firefox. (CVE-2012-0478)\n\nMateusz Jurczyk discovered an off-by-one error in the OpenType Sanitizer. \nIf the user were tricked into opening a specially crafted page, an attacker \ncould exploit this to cause a denial of service via application crash, or \npotentially execute code with the privileges of the user invoking Firefox. \n(CVE-2011-3062)\n\nDaniel Divricean discovered a defect in the error handling of JavaScript \nerrors can potentially leak the file names and location of JavaScript files \non a server. This could potentially lead to inadvertent information \ndisclosure and a vector for further attacks. (CVE-2011-1187)\n\nJeroen van der Gun discovered a vulnerability in the way Firefox handled \nRSS and Atom feeds. Invalid RSS or ATOM content loaded over HTTPS caused \nthe location bar to be updated with the address of this content, while the \nmain window still displays the previously loaded content. An attacker could \npotentially exploit this vulnerability to conduct phishing attacks. \n(CVE-2012-0479)", "edition": 5, "modified": "2012-05-04T00:00:00", "published": "2012-05-04T00:00:00", "id": "USN-1430-3", "href": "https://ubuntu.com/security/notices/USN-1430-3", "title": "Thunderbird vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:35:18", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0478", "CVE-2012-0479", "CVE-2012-0470", "CVE-2012-0469", "CVE-2012-0475", "CVE-2012-0474", "CVE-2011-1187", "CVE-2012-0468", "CVE-2011-3062", "CVE-2012-0477", "CVE-2012-0473", "CVE-2012-0467", "CVE-2012-0471"], "description": "Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong, \nHilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward, and Olli Pettay \ndiscovered memory safety issues affecting Firefox. If the user were tricked \ninto opening a specially crafted page, an attacker could exploit these to \ncause a denial of service via application crash, or potentially execute \ncode with the privileges of the user invoking Firefox. (CVE-2012-0467, \nCVE-2012-0468)\n\nAki Helin discovered a use-after-free vulnerability in XPConnect. An \nattacker could potentially exploit this to execute arbitrary code with the \nprivileges of the user invoking Firefox. (CVE-2012-0469)\n\nAtte Kettunen discovered that invalid frees cause heap corruption in \ngfxImageSurface. If a user were tricked into opening a malicious Scalable \nVector Graphics (SVG) image file, an attacker could exploit these to cause \na denial of service via application crash, or potentially execute code with \nthe privileges of the user invoking Firefox. (CVE-2012-0470)\n\nAnne van Kesteren discovered a potential cross-site scripting (XSS) \nvulnerability via multibyte content processing errors. With cross-site \nscripting vulnerabilities, if a user were tricked into viewing a specially \ncrafted page, a remote attacker could exploit this to modify the contents, \nor steal confidential data, within the same domain. (CVE-2012-0471)\n\nMatias Juntunen discovered a vulnerability in Firefox's WebGL \nimplementation that potentially allows the reading of illegal video memory. \nAn attacker could possibly exploit this to cause a denial of service via \napplication crash. (CVE-2012-0473)\n\nJordi Chancel, Eddy Bordi, and Chris McGowen discovered that Firefox \nallowed the address bar to display a different website than the one the \nuser was visiting. This could potentially leave the user vulnerable to \ncross-site scripting (XSS) attacks. With cross-site scripting \nvulnerabilities, if a user were tricked into viewing a specially crafted \npage, a remote attacker could exploit this to modify the contents, or steal \nconfidential data, within the same domain. (CVE-2012-0474)\n\nSimone Fabiano discovered that Firefox did not always send correct origin \nheaders when connecting to an IPv6 websites. An attacker could potentially \nuse this to bypass intended access controls. (CVE-2012-0475)\n\nMasato Kinugawa discovered that cross-site scripting (XSS) injection is \npossible during the decoding of ISO-2022-KR and ISO-2022-CN character sets. \nWith cross-site scripting vulnerabilities, if a user were tricked into \nviewing a specially crafted page, a remote attacker could exploit this to \nmodify the contents, or steal confidential data, within the same domain. \n(CVE-2012-0477)\n\nIt was discovered that certain images rendered using WebGL could cause \nFirefox to crash. If the user were tricked into opening a specially crafted \npage, an attacker could exploit this to cause a denial of service via \napplication crash, or potentially execute code with the privileges of the \nuser invoking Firefox. (CVE-2012-0478)\n\nMateusz Jurczyk discovered an off-by-one error in the OpenType Sanitizer. \nIf the user were tricked into opening a specially crafted page, an attacker \ncould exploit this to cause a denial of service via application crash, or \npotentially execute code with the privileges of the user invoking Firefox. \n(CVE-2011-3062)\n\nDaniel Divricean discovered a defect in the error handling of JavaScript \nerrors can potentially leak the file names and location of JavaScript files \non a server. This could potentially lead to inadvertent information \ndisclosure and a vector for further attacks. (CVE-2011-1187)\n\nJeroen van der Gun discovered a vulnerability in the way Firefox handled \nRSS and Atom feeds. Invalid RSS or ATOM content loaded over HTTPS caused \nthe location bar to be updated with the address of this content, while the \nmain window still displays the previously loaded content. An attacker could \npotentially exploit this vulnerability to conduct phishing attacks. \n(CVE-2012-0479)", "edition": 5, "modified": "2012-04-27T00:00:00", "published": "2012-04-27T00:00:00", "id": "USN-1430-1", "href": "https://ubuntu.com/security/notices/USN-1430-1", "title": "Firefox vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-09T01:41:55", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0478", "CVE-2012-0479", "CVE-2012-0470", "CVE-2012-0469", "CVE-2012-0475", "CVE-2012-0474", "CVE-2011-1187", "CVE-2012-0468", "CVE-2011-3062", "CVE-2012-0477", "CVE-2012-0473", "CVE-2012-0467", "CVE-2012-0471"], "description": "USN-1430-1 fixed vulnerabilities in Firefox. This update provides an \nupdated ubufox package for use with the latest Firefox.\n\nOriginal advisory details:\n\nBob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong, \nHilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward, and Olli Pettay \ndiscovered memory safety issues affecting Firefox. If the user were tricked \ninto opening a specially crafted page, an attacker could exploit these to \ncause a denial of service via application crash, or potentially execute \ncode with the privileges of the user invoking Firefox. (CVE-2012-0467, \nCVE-2012-0468)\n\nAki Helin discovered a use-after-free vulnerability in XPConnect. An \nattacker could potentially exploit this to execute arbitrary code with the \nprivileges of the user invoking Firefox. (CVE-2012-0469)\n\nAtte Kettunen discovered that invalid frees cause heap corruption in \ngfxImageSurface. If a user were tricked into opening a malicious Scalable \nVector Graphics (SVG) image file, an attacker could exploit these to cause \na denial of service via application crash, or potentially execute code with \nthe privileges of the user invoking Firefox. (CVE-2012-0470)\n\nAnne van Kesteren discovered a potential cross-site scripting (XSS) \nvulnerability via multibyte content processing errors. With cross-site \nscripting vulnerabilities, if a user were tricked into viewing a specially \ncrafted page, a remote attacker could exploit this to modify the contents, \nor steal confidential data, within the same domain. (CVE-2012-0471)\n\nMatias Juntunen discovered a vulnerability in Firefox's WebGL \nimplementation that potentially allows the reading of illegal video memory. \nAn attacker could possibly exploit this to cause a denial of service via \napplication crash. (CVE-2012-0473)\n\nJordi Chancel, Eddy Bordi, and Chris McGowen discovered that Firefox \nallowed the address bar to display a different website than the one the \nuser was visiting. This could potentially leave the user vulnerable to \ncross-site scripting (XSS) attacks. With cross-site scripting \nvulnerabilities, if a user were tricked into viewing a specially crafted \npage, a remote attacker could exploit this to modify the contents, or steal \nconfidential data, within the same domain. (CVE-2012-0474)\n\nSimone Fabiano discovered that Firefox did not always send correct origin \nheaders when connecting to an IPv6 websites. An attacker could potentially \nuse this to bypass intended access controls. (CVE-2012-0475)\n\nMasato Kinugawa discovered that cross-site scripting (XSS) injection is \npossible during the decoding of ISO-2022-KR and ISO-2022-CN character sets. \nWith cross-site scripting vulnerabilities, if a user were tricked into \nviewing a specially crafted page, a remote attacker could exploit this to \nmodify the contents, or steal confidential data, within the same domain. \n(CVE-2012-0477)\n\nIt was discovered that certain images rendered using WebGL could cause \nFirefox to crash. If the user were tricked into opening a specially crafted \npage, an attacker could exploit this to cause a denial of service via \napplication crash, or potentially execute code with the privileges of the \nuser invoking Firefox. (CVE-2012-0478)\n\nMateusz Jurczyk discovered an off-by-one error in the OpenType Sanitizer. \nIf the user were tricked into opening a specially crafted page, an attacker \ncould exploit this to cause a denial of service via application crash, or \npotentially execute code with the privileges of the user invoking Firefox. \n(CVE-2011-3062)\n\nDaniel Divricean discovered a defect in the error handling of JavaScript \nerrors can potentially leak the file names and location of JavaScript files \non a server. This could potentially lead to inadvertent information \ndisclosure and a vector for further attacks. (CVE-2011-1187)\n\nJeroen van der Gun discovered a vulnerability in the way Firefox handled \nRSS and Atom feeds. Invalid RSS or ATOM content loaded over HTTPS caused \nthe location bar to be updated with the address of this content, while the \nmain window still displays the previously loaded content. An attacker could \npotentially exploit this vulnerability to conduct phishing attacks. \n(CVE-2012-0479)", "edition": 5, "modified": "2012-04-27T00:00:00", "published": "2012-04-27T00:00:00", "id": "USN-1430-2", "href": "https://ubuntu.com/security/notices/USN-1430-2", "title": "ubufox update", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:58", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1140", "CVE-2012-1131", "CVE-2012-1136", "CVE-2012-1138", "CVE-2012-1127", "CVE-2012-1126", "CVE-2012-1141", "CVE-2012-1130", "CVE-2012-1135", "CVE-2012-1144", "CVE-2012-1133", "CVE-2012-1134", "CVE-2012-1139", "CVE-2012-1132", "CVE-2012-1142", "CVE-2012-1128", "CVE-2012-1129", "CVE-2012-1143", "CVE-2012-1137"], "description": "### Background\n\nFreeType is a high-quality and portable font engine.\n\n### Description\n\nMultiple vulnerabilities have been discovered in FreeType. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted font, possibly resulting in execution of arbitrary code with the privileges of the user running the application, or a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll FreeType users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/freetype-2.4.9\"", "edition": 1, "modified": "2012-04-17T00:00:00", "published": "2012-04-17T00:00:00", "id": "GLSA-201204-04", "href": "https://security.gentoo.org/glsa/201204-04", "type": "gentoo", "title": "FreeType: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T11:50:17", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1140", "CVE-2012-1131", "CVE-2012-1136", "CVE-2012-1138", "CVE-2012-1127", "CVE-2012-1126", "CVE-2012-1141", "CVE-2012-1130", "CVE-2012-1135", "CVE-2012-1144", "CVE-2012-1133", "CVE-2012-1134", "CVE-2012-1139", "CVE-2012-1132", "CVE-2012-1142", "CVE-2012-1128", "CVE-2012-1129", "CVE-2012-1143", "CVE-2012-1137"], "description": "Specially crafted font files could cause buffer overflows\n in freetype\n\n", "edition": 1, "modified": "2012-04-12T10:09:06", "published": "2012-04-12T10:09:06", "id": "OPENSUSE-SU-2012:0489-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00004.html", "type": "suse", "title": "freetype2 update (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:37:36", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1140", "CVE-2012-1131", "CVE-2012-1136", "CVE-2012-1138", "CVE-2012-1127", "CVE-2012-1126", "CVE-2012-1141", "CVE-2012-1130", "CVE-2012-1135", "CVE-2012-1144", "CVE-2012-1133", "CVE-2012-1134", "CVE-2012-1139", "CVE-2012-1132", "CVE-2012-1142", "CVE-2012-1128", "CVE-2012-1129", "CVE-2012-1143", "CVE-2012-1137"], "description": "Specially crafted font files could have caused buffer\n overflows in freetype. This has been fixed.\n", "edition": 1, "modified": "2012-04-11T21:08:19", "published": "2012-04-11T21:08:19", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00003.html", "id": "SUSE-SU-2012:0484-1", "title": "Security update for freetype2 (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:37:04", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1131", "CVE-2012-1136", "CVE-2012-1138", "CVE-2012-1127", "CVE-2012-1126", "CVE-2012-1141", "CVE-2012-1130", "CVE-2012-1135", "CVE-2012-1133", "CVE-2012-1134", "CVE-2012-1139", "CVE-2012-1132", "CVE-2012-1142", "CVE-2012-1129", "CVE-2012-1143"], "description": "Specially crafted font files could have caused buffer\n overflows in freetype. This has been fixed.\n", "edition": 1, "modified": "2012-04-18T18:08:39", "published": "2012-04-18T18:08:39", "id": "SUSE-SU-2012:0521-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00015.html", "type": "suse", "title": "Security update for freetype2 (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:13:42", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1131", "CVE-2012-1136", "CVE-2012-1138", "CVE-2012-1127", "CVE-2012-1126", "CVE-2012-1141", "CVE-2012-1130", "CVE-2012-1135", "CVE-2012-1133", "CVE-2012-1134", "CVE-2012-1139", "CVE-2012-1132", "CVE-2012-1142", "CVE-2012-1129", "CVE-2012-1143", "CVE-2012-1137"], "description": "Specially crafted font files could have caused buffer\n overflows in freetype. This has been fixed.\n", "edition": 1, "modified": "2012-04-11T20:08:18", "published": "2012-04-11T20:08:18", "id": "SUSE-SU-2012:0483-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00002.html", "type": "suse", "title": "Security update for freetype2 (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:05:07", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1131", "CVE-2012-1136", "CVE-2012-1138", "CVE-2012-1127", "CVE-2012-1126", "CVE-2012-1141", "CVE-2012-1130", "CVE-2012-1135", "CVE-2012-1133", "CVE-2012-1134", "CVE-2012-1139", "CVE-2012-1132", "CVE-2012-1142", "CVE-2012-1129", "CVE-2012-1143", "CVE-2012-1137"], "description": "Specially crafted font files could have caused buffer\n overflows in freetype, which could be exploited for remote\n code execution.\n", "edition": 1, "modified": "2012-04-23T15:08:12", "published": "2012-04-23T15:08:12", "id": "SUSE-SU-2012:0483-2", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00018.html", "title": "Security update for freetype2 (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:07:45", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0478", "CVE-2012-0479", "CVE-2012-0470", "CVE-2012-0472", "CVE-2012-0469", "CVE-2012-0475", "CVE-2012-0474", "CVE-2011-1187", "CVE-2012-0468", "CVE-2011-3062", "CVE-2012-0477", "CVE-2012-0473", "CVE-2012-0467", "CVE-2012-0471"], "description": "MozillaFirefox was updated to the 10.0.4 ESR release to fix\n various bugs and security issues.\n\n *\n\n MFSA 2012-20: Mozilla developers identified and fixed\n several memory safety bugs in the browser engine used in\n Firefox and other Mozilla-based products. Some of these\n bugs showed evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code.\n\n In general these flaws cannot be exploited through\n email in the Thunderbird and SeaMonkey products because\n scripting is disabled, but are potentially a risk in\n browser or browser-like contexts in those products.\n\n Christian Holler a reported memory safety and\n security problem affecting Firefox 11. (CVE-2012-0468)\n\n Bob Clary, Christian Holler, Brian Hackett, Bobby\n Holley, Gary Kwong, Hilary Hall, Honza Bambas, Jesse\n Ruderman, Julian Seward, and Olli Pettay reported memory\n safety problems and crashes that affect Firefox ESR and\n Firefox 11. (CVE-2012-0467)\n\n *\n\n MFSA 2012-22 / CVE-2012-0469: Using the Address\n Sanitizer tool, security researcher Aki Helin from OUSPG\n found that IDBKeyRange of indexedDB remains in the\n XPConnect hashtable instead of being unlinked before being\n destroyed. When it is destroyed, this causes a\n use-after-free, which is potentially exploitable.\n\n *\n\n MFSA 2012-23 / CVE-2012-0470: Using the Address\n Sanitizer tool, security researcher Atte Kettunen from\n OUSPG found a heap corruption in gfxImageSurface which\n allows for invalid frees and possible remote code\n execution. This happens due to float error, resulting from\n graphics values being passed through different number\n systems.\n\n *\n\n MFSA 2012-24 / CVE-2012-0471: Anne van Kesteren of\n Opera Software found a multi-octet encoding issue where\n certain octets will destroy the following octets in the\n processing of some multibyte character sets. This can leave\n users vulnerable to cross-site scripting (XSS) attacks on\n maliciously crafted web pages.\n\n *\n\n MFSA 2012-25 / CVE-2012-0472: Security research firm\n iDefense reported that researcher wushi of team509\n discovered a memory corruption on Windows Vista and Windows\n 7 systems with hardware acceleration disabled or using\n incompatible video drivers. This is created by using\n cairo-dwrite to attempt to render fonts on an unsupported\n code path. This corruption causes a potentially exploitable\n crash on affected systems.\n\n *\n\n MFSA 2012-26 / CVE-2012-0473: Mozilla community\n member Matias Juntunen discovered an error in WebGLBuffer\n where FindMaxElementInSubArray receives wrong template\n arguments from FindMaxUshortElement. This bug causes\n maximum index to be computed incorrectly within\n WebGL.drawElements, allowing the reading of illegal video\n memory.\n\n *\n\n MFSA 2012-27 / CVE-2012-0474: Security researchers\n Jordi Chancel and Eddy Bordi reported that they could\n short-circuit page loads to show the address of a different\n site than what is loaded in the window in the addressbar.\n Security researcher Chris McGowen independently reported\n the same flaw, and further demonstrated that this could\n lead to loading scripts from the attacker's site, leaving\n users vulnerable to cross-site scripting (XSS) attacks.\n\n *\n\n MFSA 2012-28 / CVE-2012-0475: Security researcher\n Simone Fabiano reported that if a cross-site XHR or\n WebSocket is opened on a web server on a non-standard port\n for web traffic while using an IPv6 address, the browser\n will send an ambiguous origin headers if the IPv6 address\n contains at least 2 consecutive 16-bit fields of zeroes. If\n there is an origin access control list that uses IPv6\n literals, this issue could be used to bypass these access\n controls on the server.\n\n *\n\n MFSA 2012-29 / CVE-2012-0477: Security researcher\n Masato Kinugawa found that during the decoding of\n ISO-2022-KR and ISO-2022-CN character sets, characters near\n 1024 bytes are treated incorrectly, either doubling or\n deleting bytes. On certain pages it might be possible for\n an attacker to pad the output of the page such that these\n errors fall in the right place to affect the structure of\n the page, allowing for cross-site script (XSS) injection.\n\n *\n\n MFSA 2012-30 / CVE-2012-0478: Mozilla community\n member Ms2ger found an image rendering issue with WebGL\n when texImage2D uses use JSVAL_TO_OBJECT on arbitrary\n objects. This can lead to a crash on a maliciously crafted\n web page. While there is no evidence that this is directly\n exploitable, there is a possibility of remote code\n execution.\n\n *\n\n MFSA 2012-31 / CVE-2011-3062: Mateusz Jurczyk of the\n Google Security Team discovered an off-by-one error in the\n OpenType Sanitizer using the Address Sanitizer tool. This\n can lead to an out-of-bounds read and execution of an\n uninitialized function pointer during parsing and possible\n remote code execution.\n\n *\n\n MFSA 2012-32 / CVE-2011-1187: Security researcher\n Daniel Divricean reported that a defect in the error\n handling of javascript errors can leak the file names and\n location of javascript files on a server, leading to\n inadvertent information disclosure and a vector for further\n attacks.\n\n *\n\n MFSA 2012-33 / CVE-2012-0479: Security researcher\n Jeroen van der Gun reported that if RSS or Atom XML invalid\n content is loaded over HTTPS, the addressbar updates to\n display the new location of the loaded resource, including\n SSL indicators, while the main window still displays the\n previously loaded content. This allows for phishing attacks\n where a malicious page can spoof the identify of another\n seemingly secure site.\n", "edition": 1, "modified": "2012-05-02T19:08:16", "published": "2012-05-02T19:08:16", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00000.html", "id": "SUSE-SU-2012:0580-1", "title": "Security update for Mozilla Firefox (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:37:19", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0478", "CVE-2012-0479", "CVE-2012-0470", "CVE-2012-0472", "CVE-2012-0469", "CVE-2012-0475", "CVE-2012-0474", "CVE-2011-1187", "CVE-2012-0468", "CVE-2011-3062", "CVE-2012-0477", "CVE-2012-0473", "CVE-2012-0467", "CVE-2012-0471"], "description": "MozillaFirefox was updated to the 10.0.4 ESR release to fix\n various bugs and security issues.\n\n *\n\n Mozilla developers identified and fixed several\n memory safety bugs in the browser engine used in Firefox\n and other Mozilla-based products. Some of these bugs showed\n evidence of memory corruption under certain circumstances,\n and we presume that with enough effort at least some of\n these could be exploited to run arbitrary code. (MFSA\n 2012-20)\n\n In general these flaws cannot be exploited through\n email in the Thunderbird and SeaMonkey products because\n scripting is disabled, but are potentially a risk in\n browser or browser-like contexts in those products.\n\n o\n\n Christian Holler a reported memory safety and\n security problem affecting Firefox 11. (CVE-2012-0468)\n\n o\n\n Bob Clary, Christian Holler, Brian Hackett,\n Bobby Holley, Gary Kwong, Hilary Hall, Honza Bambas, Jesse\n Ruderman, Julian Seward, and Olli Pettay reported memory\n safety problems and crashes that affect Firefox ESR and\n Firefox 11. (CVE-2012-0467)\n\n *\n\n Using the Address Sanitizer tool, security researcher\n Aki Helin from OUSPG found that IDBKeyRange of indexedDB\n remains in the XPConnect hashtable instead of being\n unlinked before being destroyed. When it is destroyed, this\n causes a use-after-free, which is potentially exploitable.\n (MFSA 2012-22 / CVE-2012-0469)\n\n *\n\n Using the Address Sanitizer tool, security researcher\n Atte Kettunen from OUSPG found a heap corruption in\n gfxImageSurface which allows for invalid frees and possible\n remote code execution. This happens due to float error,\n resulting from graphics values being passed through\n different number systems. (MFSA 2012-23 / CVE-2012-0470)\n\n *\n\n Anne van Kesteren of Opera Software found a\n multi-octet encoding issue where certain octets will\n destroy the following octets in the processing of some\n multibyte character sets. This can leave users vulnerable\n to cross-site scripting (XSS) attacks on maliciously\n crafted web pages. (MFSA 2012-24 / CVE-2012-0471)\n\n *\n\n Security research firm iDefense reported that\n researcher wushi of team509 discovered a memory corruption\n on Windows Vista and Windows 7 systems with hardware\n acceleration disabled or using incompatible video drivers.\n This is created by using cairo-dwrite to attempt to render\n fonts on an unsupported code path. This corruption causes a\n potentially exploitable crash on affected systems. (MFSA\n 2012-25 / CVE-2012-0472)\n\n *\n\n Mozilla community member Matias Juntunen discovered\n an error in WebGLBuffer where FindMaxElementInSubArray\n receives wrong template arguments from\n FindMaxUshortElement. This bug causes maximum index to be\n computed incorrectly within WebGL.drawElements, allowing\n the reading of illegal video memory. (MFSA 2012-26 /\n CVE-2012-0473)\n\n *\n\n Security researchers Jordi Chancel and Eddy Bordi\n reported that they could short-circuit page loads to show\n the address of a different site than what is loaded in the\n window in the addressbar. Security researcher Chris McGowen\n independently reported the same flaw, and further\n demonstrated that this could lead to loading scripts from\n the attacker's site, leaving users vulnerable to cross-site\n scripting (XSS) attacks. (MFSA 2012-27 / CVE-2012-0474)\n\n *\n\n Security researcher Simone Fabiano reported that if a\n cross-site XHR or WebSocket is opened on a web server on a\n non-standard port for web traffic while using an IPv6\n address, the browser will send an ambiguous origin headers\n if the IPv6 address contains at least 2 consecutive 16-bit\n fields of zeroes. If there is an origin access control list\n that uses IPv6 literals, this issue could be used to bypass\n these access controls on the server. (MFSA 2012-28 /\n CVE-2012-0475)\n\n *\n\n Security researcher Masato Kinugawa found that during\n the decoding of ISO-2022-KR and ISO-2022-CN character sets,\n characters near 1024 bytes are treated incorrectly, either\n doubling or deleting bytes. On certain pages it might be\n possible for an attacker to pad the output of the page such\n that these errors fall in the right place to affect the\n structure of the page, allowing for cross-site script (XSS)\n injection. (MFSA 2012-29 / CVE-2012-0477)\n\n *\n\n Mozilla community member Ms2ger found an image\n rendering issue with WebGL when texImage2D uses use\n JSVAL_TO_OBJECT on arbitrary objects. This can lead to a\n crash on a maliciously crafted web page. While there is no\n evidence that this is directly exploitable, there is a\n possibility of remote code execution. (MFSA 2012-30 /\n CVE-2012-0478)\n\n *\n\n Mateusz Jurczyk of the Google Security Team\n discovered an off-by-one error in the OpenType Sanitizer\n using the Address Sanitizer tool. This can lead to an\n out-of-bounds read and execution of an uninitialized\n function pointer during parsing and possible remote code\n execution. (MFSA 2012-31 / CVE-2011-3062)\n\n *\n\n Security researcher Daniel Divricean reported that a\n defect in the error handling of javascript errors can leak\n the file names and location of javascript files on a\n server, leading to inadvertent information disclosure and a\n vector for further attacks. (MFSA 2012-32 / CVE-2011-1187)\n\n *\n\n Security researcher Jeroen van der Gun reported that\n if RSS or Atom XML invalid content is loaded over HTTPS,\n the addressbar updates to display the new location of the\n loaded resource, including SSL indicators, while the main\n window still displays the previously loaded content. This\n allows for phishing attacks where a malicious page can\n spoof the identify of another seemingly secure site. (MFSA\n 2012-33 / CVE-2012-0479)\n\n\n", "edition": 1, "modified": "2012-06-02T02:08:30", "published": "2012-06-02T02:08:30", "id": "SUSE-SU-2012:0688-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00000.html", "title": "Security update for MozillaFirefox (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "mozilla": [{"lastseen": "2016-09-05T13:37:45", "bulletinFamily": "software", "cvelist": ["CVE-2012-1140", "CVE-2012-1131", "CVE-2012-1136", "CVE-2012-1138", "CVE-2012-1127", "CVE-2012-1126", "CVE-2012-1141", "CVE-2012-1130", "CVE-2012-1135", "CVE-2012-1144", "CVE-2012-1133", "CVE-2012-1134", "CVE-2012-1139", "CVE-2012-1132", "CVE-2012-1142", "CVE-2012-1128", "CVE-2012-1129", "CVE-2012-1143", "CVE-2012-1137"], "edition": 1, "description": "Mateusz Jurczyk of the Google Security Team used the Address\nSanitizer tool to discover a series of memory safety bugs in the FreeType\nlibrary, some of which could cause memory corruption and exploitable crashes\nwith certain fonts and font parsing. Firefox Mobile has been upgraded to\nFreeType version 2.4.9 which addresses these issues. Desktop Firefox does not\nuse Freetype for fonts and was not affected.\n\nOn Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.", "modified": "2012-04-24T00:00:00", "published": "2012-04-24T00:00:00", "id": "MFSA2012-21", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2012-21/", "type": "mozilla", "title": "Multiple security flaws fixed in FreeType v2.4.9", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2019-12-20T18:26:26", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1140", "CVE-2012-1131", "CVE-2012-1136", "CVE-2012-1127", "CVE-2012-1126", "CVE-2012-1141", "CVE-2012-1130", "CVE-2012-1144", "CVE-2012-1134", "CVE-2012-1139", "CVE-2012-1132", "CVE-2012-1142", "CVE-2012-1143", "CVE-2012-1137"], "description": "**CentOS Errata and Security Advisory** CESA-2012:0467\n\n\nFreeType is a free, high-quality, portable font engine that can open and\nmanage font files. It also loads, hints, and renders individual glyphs\nefficiently.\n\nMultiple flaws were found in the way FreeType handled TrueType Font (TTF),\nGlyph Bitmap Distribution Format (BDF), Windows .fnt and .fon, and\nPostScript Type 1 fonts. If a specially-crafted font file was loaded by an\napplication linked against FreeType, it could cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of the\nuser running the application. (CVE-2012-1134, CVE-2012-1136, CVE-2012-1142,\nCVE-2012-1144)\n\nMultiple flaws were found in the way FreeType handled fonts in various\nformats. If a specially-crafted font file was loaded by an application\nlinked against FreeType, it could cause the application to crash.\n(CVE-2012-1126, CVE-2012-1127, CVE-2012-1130, CVE-2012-1131, CVE-2012-1132,\nCVE-2012-1137, CVE-2012-1139, CVE-2012-1140, CVE-2012-1141, CVE-2012-1143)\n\nRed Hat would like to thank Mateusz Jurczyk of the Google Security Team for\nreporting these issues.\n\nUsers are advised to upgrade to these updated packages, which contain a\nbackported patch to correct these issues. The X server must be restarted\n(log out, then log back in) for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-April/030597.html\nhttp://lists.centos.org/pipermail/centos-announce/2012-April/030601.html\n\n**Affected packages:**\nfreetype\nfreetype-demos\nfreetype-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-0467.html", "edition": 3, "modified": "2012-04-10T23:57:59", "published": "2012-04-10T21:09:43", "href": "http://lists.centos.org/pipermail/centos-announce/2012-April/030597.html", "id": "CESA-2012:0467", "title": "freetype security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:25:53", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0478", "CVE-2012-0479", "CVE-2012-0470", "CVE-2012-0472", "CVE-2012-0469", "CVE-2012-0474", "CVE-2012-0468", "CVE-2011-3062", "CVE-2012-0477", "CVE-2012-0473", "CVE-2012-0467", "CVE-2012-0471"], "description": "**CentOS Errata and Security Advisory** CESA-2012:0515\n\n\nMozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nA flaw was found in Sanitiser for OpenType (OTS), used by Firefox to help\nprevent potential exploits in malformed OpenType fonts. A web page\ncontaining malicious content could cause Firefox to crash or, under certain\nconditions, possibly execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2011-3062)\n\nA web page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2012-0467, CVE-2012-0468, CVE-2012-0469)\n\nA web page containing a malicious Scalable Vector Graphics (SVG) image file\ncould cause Firefox to crash or, potentially, execute arbitrary code with\nthe privileges of the user running Firefox. (CVE-2012-0470)\n\nA flaw was found in the way Firefox used its embedded Cairo library to\nrender certain fonts. A web page containing malicious content could cause\nFirefox to crash or, under certain conditions, possibly execute arbitrary\ncode with the privileges of the user running Firefox. (CVE-2012-0472)\n\nA flaw was found in the way Firefox rendered certain images using WebGL. A\nweb page containing malicious content could cause Firefox to crash or,\nunder certain conditions, possibly execute arbitrary code with the\nprivileges of the user running Firefox. (CVE-2012-0478)\n\nA cross-site scripting (XSS) flaw was found in the way Firefox handled\ncertain multibyte character sets. A web page containing malicious content\ncould cause Firefox to run JavaScript code with the permissions of a\ndifferent website. (CVE-2012-0471)\n\nA flaw was found in the way Firefox rendered certain graphics using WebGL.\nA web page containing malicious content could cause Firefox to crash.\n(CVE-2012-0473)\n\nA flaw in Firefox allowed the address bar to display a different website\nthan the one the user was visiting. An attacker could use this flaw to\nconceal a malicious URL, possibly tricking a user into believing they are\nviewing a trusted site, or allowing scripts to be loaded from the\nattacker's site, possibly leading to cross-site scripting (XSS) attacks.\n(CVE-2012-0474)\n\nA flaw was found in the way Firefox decoded the ISO-2022-KR and ISO-2022-CN\ncharacter sets. A web page containing malicious content could cause Firefox\nto run JavaScript code with the permissions of a different website.\n(CVE-2012-0477)\n\nA flaw was found in the way Firefox handled RSS and Atom feeds. Invalid\nRSS or Atom content loaded over HTTPS caused Firefox to display the\naddress of said content in the location bar, but not the content in the\nmain window. The previous content continued to be displayed. An attacker\ncould use this flaw to perform phishing attacks, or trick users into\nthinking they are visiting the site reported by the location bar, when the\npage is actually content controlled by an attacker. (CVE-2012-0479)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 10.0.4 ESR. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Mateusz Jurczyk of the Google Security Team as the\noriginal reporter of CVE-2011-3062; Aki Helin from OUSPG as the original\nreporter of CVE-2012-0469; Atte Kettunen from OUSPG as the original\nreporter of CVE-2012-0470; wushi of team509 via iDefense as the original\nreporter of CVE-2012-0472; Ms2ger as the original reporter of\nCVE-2012-0478; Anne van Kesteren of Opera Software as the original reporter\nof CVE-2012-0471; Matias Juntunen as the original reporter of\nCVE-2012-0473; Jordi Chancel and Eddy Bordi, and Chris McGowen as the\noriginal reporters of CVE-2012-0474; Masato Kinugawa as the original\nreporter of CVE-2012-0477; and Jeroen van der Gun as the original reporter\nof CVE-2012-0479.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-April/030631.html\nhttp://lists.centos.org/pipermail/centos-announce/2012-April/030635.html\n\n**Affected packages:**\nfirefox\nxulrunner\nxulrunner-devel\n\n**Upstream details at:**\n\nhttps://rhn.redhat.com/errata/RHSA-2012-0515.html", "edition": 3, "modified": "2012-04-25T03:51:02", "published": "2012-04-25T01:27:20", "href": "http://lists.centos.org/pipermail/centos-announce/2012-April/030631.html", "id": "CESA-2012:0515", "title": "firefox, xulrunner security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-08T03:34:49", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0478", "CVE-2012-0479", "CVE-2012-0470", "CVE-2012-0472", "CVE-2012-0469", "CVE-2012-0474", "CVE-2012-0468", "CVE-2011-3062", "CVE-2012-0477", "CVE-2012-0473", "CVE-2012-0467", "CVE-2012-0471"], "description": "**CentOS Errata and Security Advisory** CESA-2012:0516\n\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nA flaw was found in Sanitiser for OpenType (OTS), used by Thunderbird to\nhelp prevent potential exploits in malformed OpenType fonts. Malicious\ncontent could cause Thunderbird to crash or, under certain conditions,\npossibly execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2011-3062)\n\nMalicious content could cause Thunderbird to crash or, potentially, execute\narbitrary code with the privileges of the user running Thunderbird.\n(CVE-2012-0467, CVE-2012-0468, CVE-2012-0469)\n\nContent containing a malicious Scalable Vector Graphics (SVG) image file\ncould cause Thunderbird to crash or, potentially, execute arbitrary code\nwith the privileges of the user running Thunderbird. (CVE-2012-0470)\n\nA flaw was found in the way Thunderbird used its embedded Cairo library to\nrender certain fonts. Malicious content could cause Thunderbird to crash\nor, under certain conditions, possibly execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2012-0472)\n\nA flaw was found in the way Thunderbird rendered certain images using\nWebGL. Malicious content could cause Thunderbird to crash or, under certain\nconditions, possibly execute arbitrary code with the privileges of the user\nrunning Thunderbird. (CVE-2012-0478)\n\nA cross-site scripting (XSS) flaw was found in the way Thunderbird handled\ncertain multibyte character sets. Malicious content could cause Thunderbird\nto run JavaScript code with the permissions of different content.\n(CVE-2012-0471)\n\nA flaw was found in the way Thunderbird rendered certain graphics using\nWebGL. Malicious content could cause Thunderbird to crash. (CVE-2012-0473)\n\nA flaw in the built-in feed reader in Thunderbird allowed the Website field\nto display the address of different content than the content the user was\nvisiting. An attacker could use this flaw to conceal a malicious URL,\npossibly tricking a user into believing they are viewing a trusted site, or\nallowing scripts to be loaded from the attacker's site, possibly leading to\ncross-site scripting (XSS) attacks. (CVE-2012-0474)\n\nA flaw was found in the way Thunderbird decoded the ISO-2022-KR and\nISO-2022-CN character sets. Malicious content could cause Thunderbird\nto run JavaScript code with the permissions of different content.\n(CVE-2012-0477)\n\nA flaw was found in the way the built-in feed reader in Thunderbird handled\nRSS and Atom feeds. Invalid RSS or Atom content loaded over HTTPS caused\nThunderbird to display the address of said content, but not the content.\nThe previous content continued to be displayed. An attacker could use this\nflaw to perform phishing attacks, or trick users into thinking they are\nvisiting the site reported by the Website field, when the page is actually\ncontent controlled by an attacker. (CVE-2012-0479)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Mateusz Jurczyk of the Google Security Team as the\noriginal reporter of CVE-2011-3062; Aki Helin from OUSPG as the original\nreporter of CVE-2012-0469; Atte Kettunen from OUSPG as the original\nreporter of CVE-2012-0470; wushi of team509 via iDefense as the original\nreporter of CVE-2012-0472; Ms2ger as the original reporter of\nCVE-2012-0478; Anne van Kesteren of Opera Software as the original reporter\nof CVE-2012-0471; Matias Juntunen as the original reporter of\nCVE-2012-0473; Jordi Chancel and Eddy Bordi, and Chris McGowen as the\noriginal reporters of CVE-2012-0474; Masato Kinugawa as the original\nreporter of CVE-2012-0477; and Jeroen van der Gun as the original reporter\nof CVE-2012-0479.\n\nNote: All issues except CVE-2012-0470, CVE-2012-0472, and CVE-2011-3062\ncannot be exploited by a specially-crafted HTML mail message as JavaScript\nis disabled by default for mail messages. It could be exploited another way\nin Thunderbird, for example, when viewing the full remote content of an\nRSS feed.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-April/030632.html\nhttp://lists.centos.org/pipermail/centos-announce/2012-April/030638.html\nhttp://lists.centos.org/pipermail/centos-announce/2012-April/042966.html\n\n**Affected packages:**\nthunderbird\n\n**Upstream details at:**\n\nhttps://rhn.redhat.com/errata/RHSA-2012-0516.html", "edition": 4, "modified": "2012-04-25T03:54:23", "published": "2012-04-25T01:30:17", "href": "http://lists.centos.org/pipermail/centos-announce/2012-April/030632.html", "id": "CESA-2012:0516", "title": "thunderbird security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:38:25", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1140", "CVE-2012-1131", "CVE-2012-1136", "CVE-2012-1127", "CVE-2012-1126", "CVE-2012-1141", "CVE-2012-1130", "CVE-2012-1144", "CVE-2012-1134", "CVE-2012-1139", "CVE-2012-1132", "CVE-2012-1142", "CVE-2012-1143", "CVE-2012-1137"], "description": "[2.3.11-6.el6_2.9]\n- Fix CVE-2012-{1126, 1127, 1130, 1131, 1132, 1134, 1136,\n 1137, 1139, 1140, 1141, 1142, 1143, 1144}\n- Properly initialize array 'result' in\n FT_Outline_Get_Orientation()\n- Check bytes per row for overflow in _bdf_parse_glyphs()\n- Resolves: #806268", "edition": 4, "modified": "2012-04-10T00:00:00", "published": "2012-04-10T00:00:00", "id": "ELSA-2012-0467", "href": "http://linux.oracle.com/errata/ELSA-2012-0467.html", "title": "freetype security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:28", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0478", "CVE-2012-0479", "CVE-2012-0470", "CVE-2012-0472", "CVE-2012-0469", "CVE-2012-0474", "CVE-2012-0468", "CVE-2011-3062", "CVE-2012-0477", "CVE-2012-0473", "CVE-2012-0467", "CVE-2012-0471"], "description": "firefox:\n[10.0.4-1.0.1.el6_2]\n- Replace firefox-redhat-default-prefs.js with firefox-oracle-default-prefs.js\n[10.0.4-1]\n- Update to 10.0.4 ESR\nxulrunner:\n[10.0.4-1.0.1.el6_2]\n- Replace xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js\n[10.0.4-1]\n- Update to 10.0.4 ESR\n[10.0.3-3]\n- Fixed mozbz#746112 - ppc(64) freeze\n[10.0.3-2]\n- Fixed mozbz#681937", "edition": 4, "modified": "2012-04-25T00:00:00", "published": "2012-04-25T00:00:00", "id": "ELSA-2012-0515", "href": "http://linux.oracle.com/errata/ELSA-2012-0515.html", "title": "firefox security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:36", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0478", "CVE-2012-0479", "CVE-2012-0470", "CVE-2012-0472", "CVE-2012-0469", "CVE-2012-0474", "CVE-2012-0468", "CVE-2011-3062", "CVE-2012-0477", "CVE-2012-0473", "CVE-2012-0467", "CVE-2012-0471"], "description": "[10.0.4-1.0.1.el6_2]\n- Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js\n- Replace clean.gif in tarball\n[10.0.4-1]\n- Update to 10.0.4 ESR", "edition": 4, "modified": "2012-04-25T00:00:00", "published": "2012-04-25T00:00:00", "id": "ELSA-2012-0516", "href": "http://linux.oracle.com/errata/ELSA-2012-0516.html", "title": "thunderbird security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:46:00", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1126", "CVE-2012-1127", "CVE-2012-1130", "CVE-2012-1131", "CVE-2012-1132", "CVE-2012-1134", "CVE-2012-1136", "CVE-2012-1137", "CVE-2012-1139", "CVE-2012-1140", "CVE-2012-1141", "CVE-2012-1142", "CVE-2012-1143", "CVE-2012-1144"], "description": "FreeType is a free, high-quality, portable font engine that can open and\nmanage font files. It also loads, hints, and renders individual glyphs\nefficiently.\n\nMultiple flaws were found in the way FreeType handled TrueType Font (TTF),\nGlyph Bitmap Distribution Format (BDF), Windows .fnt and .fon, and\nPostScript Type 1 fonts. If a specially-crafted font file was loaded by an\napplication linked against FreeType, it could cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of the\nuser running the application. (CVE-2012-1134, CVE-2012-1136, CVE-2012-1142,\nCVE-2012-1144)\n\nMultiple flaws were found in the way FreeType handled fonts in various\nformats. If a specially-crafted font file was loaded by an application\nlinked against FreeType, it could cause the application to crash.\n(CVE-2012-1126, CVE-2012-1127, CVE-2012-1130, CVE-2012-1131, CVE-2012-1132,\nCVE-2012-1137, CVE-2012-1139, CVE-2012-1140, CVE-2012-1141, CVE-2012-1143)\n\nRed Hat would like to thank Mateusz Jurczyk of the Google Security Team for\nreporting these issues.\n\nUsers are advised to upgrade to these updated packages, which contain a\nbackported patch to correct these issues. The X server must be restarted\n(log out, then log back in) for this update to take effect.\n", "modified": "2018-06-06T20:24:28", "published": "2012-04-10T04:00:00", "id": "RHSA-2012:0467", "href": "https://access.redhat.com/errata/RHSA-2012:0467", "type": "redhat", "title": "(RHSA-2012:0467) Important: freetype security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:36", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3062", "CVE-2012-0467", "CVE-2012-0468", "CVE-2012-0469", "CVE-2012-0470", "CVE-2012-0471", "CVE-2012-0472", "CVE-2012-0473", "CVE-2012-0474", "CVE-2012-0477", "CVE-2012-0478", "CVE-2012-0479"], "description": "Mozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nA flaw was found in Sanitiser for OpenType (OTS), used by Firefox to help\nprevent potential exploits in malformed OpenType fonts. A web page\ncontaining malicious content could cause Firefox to crash or, under certain\nconditions, possibly execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2011-3062)\n\nA web page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2012-0467, CVE-2012-0468, CVE-2012-0469)\n\nA web page containing a malicious Scalable Vector Graphics (SVG) image file\ncould cause Firefox to crash or, potentially, execute arbitrary code with\nthe privileges of the user running Firefox. (CVE-2012-0470)\n\nA flaw was found in the way Firefox used its embedded Cairo library to\nrender certain fonts. A web page containing malicious content could cause\nFirefox to crash or, under certain conditions, possibly execute arbitrary\ncode with the privileges of the user running Firefox. (CVE-2012-0472)\n\nA flaw was found in the way Firefox rendered certain images using WebGL. A\nweb page containing malicious content could cause Firefox to crash or,\nunder certain conditions, possibly execute arbitrary code with the\nprivileges of the user running Firefox. (CVE-2012-0478)\n\nA cross-site scripting (XSS) flaw was found in the way Firefox handled\ncertain multibyte character sets. A web page containing malicious content\ncould cause Firefox to run JavaScript code with the permissions of a\ndifferent website. (CVE-2012-0471)\n\nA flaw was found in the way Firefox rendered certain graphics using WebGL.\nA web page containing malicious content could cause Firefox to crash.\n(CVE-2012-0473)\n\nA flaw in Firefox allowed the address bar to display a different website\nthan the one the user was visiting. An attacker could use this flaw to\nconceal a malicious URL, possibly tricking a user into believing they are\nviewing a trusted site, or allowing scripts to be loaded from the\nattacker's site, possibly leading to cross-site scripting (XSS) attacks.\n(CVE-2012-0474)\n\nA flaw was found in the way Firefox decoded the ISO-2022-KR and ISO-2022-CN\ncharacter sets. A web page containing malicious content could cause Firefox\nto run JavaScript code with the permissions of a different website.\n(CVE-2012-0477)\n\nA flaw was found in the way Firefox handled RSS and Atom feeds. Invalid\nRSS or Atom content loaded over HTTPS caused Firefox to display the\naddress of said content in the location bar, but not the content in the\nmain window. The previous content continued to be displayed. An attacker\ncould use this flaw to perform phishing attacks, or trick users into\nthinking they are visiting the site reported by the location bar, when the\npage is actually content controlled by an attacker. (CVE-2012-0479)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 10.0.4 ESR. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Mateusz Jurczyk of the Google Security Team as the\noriginal reporter of CVE-2011-3062; Aki Helin from OUSPG as the original\nreporter of CVE-2012-0469; Atte Kettunen from OUSPG as the original\nreporter of CVE-2012-0470; wushi of team509 via iDefense as the original\nreporter of CVE-2012-0472; Ms2ger as the original reporter of\nCVE-2012-0478; Anne van Kesteren of Opera Software as the original reporter\nof CVE-2012-0471; Matias Juntunen as the original reporter of\nCVE-2012-0473; Jordi Chancel and Eddy Bordi, and Chris McGowen as the\noriginal reporters of CVE-2012-0474; Masato Kinugawa as the original\nreporter of CVE-2012-0477; and Jeroen van der Gun as the original reporter\nof CVE-2012-0479.\n", "modified": "2018-06-06T20:24:26", "published": "2012-04-24T04:00:00", "id": "RHSA-2012:0515", "href": "https://access.redhat.com/errata/RHSA-2012:0515", "type": "redhat", "title": "(RHSA-2012:0515) Critical: firefox security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:44:34", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3062", "CVE-2012-0467", "CVE-2012-0468", "CVE-2012-0469", "CVE-2012-0470", "CVE-2012-0471", "CVE-2012-0472", "CVE-2012-0473", "CVE-2012-0474", "CVE-2012-0477", "CVE-2012-0478", "CVE-2012-0479"], "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nA flaw was found in Sanitiser for OpenType (OTS), used by Thunderbird to\nhelp prevent potential exploits in malformed OpenType fonts. Malicious\ncontent could cause Thunderbird to crash or, under certain conditions,\npossibly execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2011-3062)\n\nMalicious content could cause Thunderbird to crash or, potentially, execute\narbitrary code with the privileges of the user running Thunderbird.\n(CVE-2012-0467, CVE-2012-0468, CVE-2012-0469)\n\nContent containing a malicious Scalable Vector Graphics (SVG) image file\ncould cause Thunderbird to crash or, potentially, execute arbitrary code\nwith the privileges of the user running Thunderbird. (CVE-2012-0470)\n\nA flaw was found in the way Thunderbird used its embedded Cairo library to\nrender certain fonts. Malicious content could cause Thunderbird to crash\nor, under certain conditions, possibly execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2012-0472)\n\nA flaw was found in the way Thunderbird rendered certain images using\nWebGL. Malicious content could cause Thunderbird to crash or, under certain\nconditions, possibly execute arbitrary code with the privileges of the user\nrunning Thunderbird. (CVE-2012-0478)\n\nA cross-site scripting (XSS) flaw was found in the way Thunderbird handled\ncertain multibyte character sets. Malicious content could cause Thunderbird\nto run JavaScript code with the permissions of different content.\n(CVE-2012-0471)\n\nA flaw was found in the way Thunderbird rendered certain graphics using\nWebGL. Malicious content could cause Thunderbird to crash. (CVE-2012-0473)\n\nA flaw in the built-in feed reader in Thunderbird allowed the Website field\nto display the address of different content than the content the user was\nvisiting. An attacker could use this flaw to conceal a malicious URL,\npossibly tricking a user into believing they are viewing a trusted site, or\nallowing scripts to be loaded from the attacker's site, possibly leading to\ncross-site scripting (XSS) attacks. (CVE-2012-0474)\n\nA flaw was found in the way Thunderbird decoded the ISO-2022-KR and\nISO-2022-CN character sets. Malicious content could cause Thunderbird\nto run JavaScript code with the permissions of different content.\n(CVE-2012-0477)\n\nA flaw was found in the way the built-in feed reader in Thunderbird handled\nRSS and Atom feeds. Invalid RSS or Atom content loaded over HTTPS caused\nThunderbird to display the address of said content, but not the content.\nThe previous content continued to be displayed. An attacker could use this\nflaw to perform phishing attacks, or trick users into thinking they are\nvisiting the site reported by the Website field, when the page is actually\ncontent controlled by an attacker. (CVE-2012-0479)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Mateusz Jurczyk of the Google Security Team as the\noriginal reporter of CVE-2011-3062; Aki Helin from OUSPG as the original\nreporter of CVE-2012-0469; Atte Kettunen from OUSPG as the original\nreporter of CVE-2012-0470; wushi of team509 via iDefense as the original\nreporter of CVE-2012-0472; Ms2ger as the original reporter of\nCVE-2012-0478; Anne van Kesteren of Opera Software as the original reporter\nof CVE-2012-0471; Matias Juntunen as the original reporter of\nCVE-2012-0473; Jordi Chancel and Eddy Bordi, and Chris McGowen as the\noriginal reporters of CVE-2012-0474; Masato Kinugawa as the original\nreporter of CVE-2012-0477; and Jeroen van der Gun as the original reporter\nof CVE-2012-0479.\n\nNote: All issues except CVE-2012-0470, CVE-2012-0472, and CVE-2011-3062\ncannot be exploited by a specially-crafted HTML mail message as JavaScript\nis disabled by default for mail messages. It could be exploited another way\nin Thunderbird, for example, when viewing the full remote content of an\nRSS feed.\n", "modified": "2018-06-06T20:24:24", "published": "2012-04-24T04:00:00", "id": "RHSA-2012:0516", "href": "https://access.redhat.com/errata/RHSA-2012:0516", "type": "redhat", "title": "(RHSA-2012:0516) Critical: thunderbird security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}