RedHat Update for freetype RHSA-2013:0216-01 includes backported patch for processing certain Glyph Bitmap Distribution Format fonts, requiring X server restart for update to take effect
Reporter | Title | Published | Views | Family All 61 |
---|---|---|---|---|
![]() | CVE-2012-5669 | 24 Jan 201321:55 | – | debiancve |
![]() | [SECURITY] Fedora 18 Update: freetype-2.4.10-3.fc18 | 5 Feb 201302:57 | – | fedora |
![]() | [SECURITY] Fedora 17 Update: freetype-2.4.8-4.fc17 | 12 Feb 201305:14 | – | fedora |
![]() | RHEL 5 / 6 : freetype (RHSA-2013:0216) | 1 Feb 201300:00 | – | nessus |
![]() | Amazon Linux AMI : freetype (ALAS-2013-150) | 4 Sep 201300:00 | – | nessus |
![]() | Oracle Linux 5 / 6 : freetype (ELSA-2013-0216) | 12 Jul 201300:00 | – | nessus |
![]() | CentOS 5 / 6 : freetype (CESA-2013:0216) | 1 Feb 201300:00 | – | nessus |
![]() | F5 Networks BIG-IP : BDF parsing vulnerability (K15095307) | 3 Feb 201600:00 | – | nessus |
![]() | Scientific Linux Security Update : freetype on SL5.x, SL6.x i386/x86_64 (20130131) | 4 Feb 201300:00 | – | nessus |
![]() | Fedora 17 : freetype-2.4.8-4.fc17 (2013-1466) | 13 Feb 201300:00 | – | nessus |
Source | Link |
---|---|
redhat | www.redhat.com/archives/rhsa-announce/2013-January/msg00063.html |
###############################################################################
# OpenVAS Vulnerability Test
#
# RedHat Update for freetype RHSA-2013:0216-01
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
tag_insight = "FreeType is a free, high-quality, portable font engine that can open and
manage font files. It also loads, hints, and renders individual glyphs
efficiently.
A flaw was found in the way the FreeType font rendering engine processed
certain Glyph Bitmap Distribution Format (BDF) fonts. If a user loaded a
specially-crafted font file with an application linked against FreeType, it
could cause the application to crash or, possibly, execute arbitrary code
with the privileges of the user running the application. (CVE-2012-5669)
Users are advised to upgrade to these updated packages, which contain a
backported patch to correct this issue. The X server must be restarted (log
out, then log back in) for this update to take effect.";
tag_affected = "freetype on Red Hat Enterprise Linux (v. 5 server),
Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)";
tag_solution = "Please Install the Updated Packages.";
if(description)
{
script_xref(name : "URL" , value : "https://www.redhat.com/archives/rhsa-announce/2013-January/msg00063.html");
script_id(870901);
script_version("$Revision: 8466 $");
script_tag(name:"last_modification", value:"$Date: 2018-01-19 07:58:30 +0100 (Fri, 19 Jan 2018) $");
script_tag(name:"creation_date", value:"2013-02-04 09:54:23 +0530 (Mon, 04 Feb 2013)");
script_cve_id("CVE-2012-5669");
script_tag(name:"cvss_base", value:"4.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:N/A:P");
script_xref(name: "RHSA", value: "2013:0216-01");
script_name("RedHat Update for freetype RHSA-2013:0216-01");
script_tag(name: "summary" , value: "Check for the Version of freetype");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2013 Greenbone Networks GmbH");
script_family("Red Hat Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/rhel", "ssh/login/rpms");
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "insight" , value : tag_insight);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-rpm.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "RHENT_6")
{
if ((res = isrpmvuln(pkg:"freetype", rpm:"freetype~2.3.11~14.el6_3.1", rls:"RHENT_6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"freetype-debuginfo", rpm:"freetype-debuginfo~2.3.11~14.el6_3.1", rls:"RHENT_6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"freetype-devel", rpm:"freetype-devel~2.3.11~14.el6_3.1", rls:"RHENT_6")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "RHENT_5")
{
if ((res = isrpmvuln(pkg:"freetype", rpm:"freetype~2.2.1~32.el5_9.1", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"freetype-debuginfo", rpm:"freetype-debuginfo~2.2.1~32.el5_9.1", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"freetype-demos", rpm:"freetype-demos~2.2.1~32.el5_9.1", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"freetype-devel", rpm:"freetype-devel~2.2.1~32.el5_9.1", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo