RedHat Update for freetype RHSA-2013:0216-01

RedHat Update for freetype RHSA-2013:0216-01 includes backported patch for processing certain Glyph Bitmap Distribution Format fonts, requiring X server restart for update to take effect

Reporter	Title	Published	Views	Family All 67
Amazon	Important: freetype	3 Feb 201300:00	–	amazon
Tenable Nessus	Amazon Linux AMI : freetype (ALAS-2013-150)	4 Sep 201300:00	–	nessus
Tenable Nessus	CentOS 5 / 6 : freetype (CESA-2013:0216)	1 Feb 201300:00	–	nessus
Tenable Nessus	F5 Networks BIG-IP : BDF parsing vulnerability (K15095307)	3 Feb 201600:00	–	nessus
Tenable Nessus	Fedora 17 : freetype-2.4.8-4.fc17 (2013-1466)	13 Feb 201300:00	–	nessus
Tenable Nessus	Fedora 18 : freetype-2.4.10-3.fc18 (2013-1492)	5 Feb 201300:00	–	nessus
Tenable Nessus	GLSA-201402-16 : FreeType: Multiple vulnerabilities	12 Feb 201400:00	–	nessus
Tenable Nessus	Mandriva Linux Security Advisory : freetype2 (MDVSA-2013:006)	9 Feb 201300:00	–	nessus
Tenable Nessus	Mandriva Linux Security Advisory : freetype2 (MDVSA-2013:039)	20 Apr 201300:00	–	nessus
Tenable Nessus	MiracleLinux 3 : freetype-2.2.1-32.1.0.1.AXS3 (AXSA:2013-108:01)	16 Jan 202600:00	–	nessus

Source	Link
redhat	www.redhat.com/archives/rhsa-announce/2013-January/msg00063.html

###############################################################################
# OpenVAS Vulnerability Test
#
# RedHat Update for freetype RHSA-2013:0216-01
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

include("revisions-lib.inc");
tag_insight = "FreeType is a free, high-quality, portable font engine that can open and
  manage font files. It also loads, hints, and renders individual glyphs
  efficiently.

  A flaw was found in the way the FreeType font rendering engine processed
  certain Glyph Bitmap Distribution Format (BDF) fonts. If a user loaded a
  specially-crafted font file with an application linked against FreeType, it
  could cause the application to crash or, possibly, execute arbitrary code
  with the privileges of the user running the application. (CVE-2012-5669)

  Users are advised to upgrade to these updated packages, which contain a
  backported patch to correct this issue. The X server must be restarted (log
  out, then log back in) for this update to take effect.";


tag_affected = "freetype on Red Hat Enterprise Linux (v. 5 server),
  Red Hat Enterprise Linux Desktop (v. 6),
  Red Hat Enterprise Linux Server (v. 6),
  Red Hat Enterprise Linux Workstation (v. 6)";
tag_solution = "Please Install the Updated Packages.";



if(description)
{
  script_xref(name : "URL" , value : "https://www.redhat.com/archives/rhsa-announce/2013-January/msg00063.html");
  script_id(870901);
  script_version("$Revision: 8466 $");
  script_tag(name:"last_modification", value:"$Date: 2018-01-19 07:58:30 +0100 (Fri, 19 Jan 2018) $");
  script_tag(name:"creation_date", value:"2013-02-04 09:54:23 +0530 (Mon, 04 Feb 2013)");
  script_cve_id("CVE-2012-5669");
  script_tag(name:"cvss_base", value:"4.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:N/A:P");
  script_xref(name: "RHSA", value: "2013:0216-01");
  script_name("RedHat Update for freetype RHSA-2013:0216-01");

  script_tag(name: "summary" , value: "Check for the Version of freetype");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (c) 2013 Greenbone Networks GmbH");
  script_family("Red Hat Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/rhel", "ssh/login/rpms");
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}

include("pkg-lib-rpm.inc");

release = get_kb_item("ssh/login/release");

res = "";
if(release == NULL){
  exit(0);
}

if(release == "RHENT_6")
{

  if ((res = isrpmvuln(pkg:"freetype", rpm:"freetype~2.3.11~14.el6_3.1", rls:"RHENT_6")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"freetype-debuginfo", rpm:"freetype-debuginfo~2.3.11~14.el6_3.1", rls:"RHENT_6")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"freetype-devel", rpm:"freetype-devel~2.3.11~14.el6_3.1", rls:"RHENT_6")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}

if(release == "RHENT_5")
{

  if ((res = isrpmvuln(pkg:"freetype", rpm:"freetype~2.2.1~32.el5_9.1", rls:"RHENT_5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"freetype-debuginfo", rpm:"freetype-debuginfo~2.2.1~32.el5_9.1", rls:"RHENT_5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"freetype-demos", rpm:"freetype-demos~2.2.1~32.el5_9.1", rls:"RHENT_5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"freetype-devel", rpm:"freetype-devel~2.2.1~32.el5_9.1", rls:"RHENT_5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}

19 Jan 2018 00:00Current

EPSS0.01687