ID ELSA-2009-0329 Type oraclelinux Reporter Oracle Modified 2009-05-26T00:00:00
Description
[2.1.9-10.el4.7]
- Improve freetype-1.4pre-CVE-2008-1808.patch
[2.1.9-9.el4.7]
- Add freetype-2009-CVEs.patch (Fixes CVE-2009-0946)
(Doesn't apply to freetype1)
- Add freetype-1.4pre-CVE-2008-1808.patch
(Corresponds to freetype-2.3.5-CVEs.patch)
- Add freetype-pre1.4-ttf-overflow.patch
(Corresponds to freetype-2.1.9-ttf-overflow.patch;
freetype-2.2.1-bdf-overflow.patch doesn't apply to freetype1)
- Add freetype-pre1.4-CVE-2006-1861-null-pointer.patch
(Corresponds to freetype-2.1.9-CVE-2006-1861-null-pointer.patch;
The rest of CVS-2006-1861 doesn't apply to freetype1)
- Resolves: #484443
[2.1.9-8.1.el4]
- Update patches to remove fuzz, such that it builds again
- In preparation to fix:
- Resolves: #484443
{"cve": [{"lastseen": "2018-10-12T11:33:45", "bulletinFamily": "NVD", "description": "Multiple off-by-one errors in FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via (1) a crafted table in a Printer Font Binary (PFB) file or (2) a crafted SHC instruction in a TrueType Font (TTF) file, which triggers a heap-based buffer overflow.", "modified": "2018-10-11T16:37:07", "published": "2008-06-16T15:41:00", "id": "CVE-2008-1808", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1808", "title": "CVE-2008-1808", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-19T11:35:58", "bulletinFamily": "NVD", "description": "Multiple integer overflows in FreeType before 2.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to (1) bdf/bdflib.c, (2) sfnt/ttcmap.c, (3) cff/cffgload.c, and (4) the read_lwfn function and a crafted LWFN file in base/ftmac.c. NOTE: item 4 was originally identified by CVE-2006-2493.", "modified": "2018-10-18T12:36:46", "published": "2006-05-23T06:06:00", "id": "CVE-2006-1861", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-1861", "title": "CVE-2006-1861", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-18T15:06:09", "bulletinFamily": "NVD", "description": "Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier might allow remote attackers to execute arbitrary code via a crafted TTF image with a negative n_points value, which leads to an integer overflow and heap-based buffer overflow.", "modified": "2018-10-16T12:45:17", "published": "2007-05-17T18:30:00", "id": "CVE-2007-2754", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2754", "title": "CVE-2007-2754", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-09-29T14:26:32", "bulletinFamily": "NVD", "description": "Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c.", "modified": "2017-09-28T21:34:06", "published": "2009-04-16T20:30:00", "id": "CVE-2009-0946", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0946", "title": "CVE-2009-0946", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-01-16T20:14:16", "bulletinFamily": "scanner", "description": "Tavis Ormandy of the Google Security Team discovered several integer\noverflow flaws in the FreeType 2 font engine. If a user loaded a\ncarefully-crafted font file with an application linked against\nFreeType 2, it could cause the application to crash or, possibly,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2009-0946)\n\nChris Evans discovered multiple integer overflow flaws in the FreeType\nfont engine. If a user loaded a carefully-crafted font file with an\napplication linked against FreeType, it could cause the application to\ncrash or, possibly, execute arbitrary code with the privileges of the\nuser running the application. (CVE-2006-1861)\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed TrueType® Font (TTF) files. If a user loaded a\ncarefully-crafted font file with an application linked against\nFreeType, it could cause the application to crash or, possibly,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2007-2754)\n\nA flaw was discovered in the FreeType TTF font-file format parser when\nthe TrueType virtual machine Byte Code Interpreter (BCI) is enabled.\nIf a user loaded a carefully-crafted font file with an application\nlinked against FreeType, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2008-1808)\n\nThe X server must be restarted (log out, then log back in) for this\nupdate to take effect.", "modified": "2019-01-02T00:00:00", "published": "2012-08-01T00:00:00", "id": "SL_20090522_FREETYPE_ON_SL3_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=60588", "title": "Scientific Linux Security Update : freetype on SL3.x, SL4.x, SL5.x i386/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60588);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/01/02 10:36:42\");\n\n script_cve_id(\"CVE-2006-1861\", \"CVE-2007-2754\", \"CVE-2008-1808\", \"CVE-2009-0946\");\n\n script_name(english:\"Scientific Linux Security Update : freetype on SL3.x, SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Tavis Ormandy of the Google Security Team discovered several integer\noverflow flaws in the FreeType 2 font engine. If a user loaded a\ncarefully-crafted font file with an application linked against\nFreeType 2, it could cause the application to crash or, possibly,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2009-0946)\n\nChris Evans discovered multiple integer overflow flaws in the FreeType\nfont engine. If a user loaded a carefully-crafted font file with an\napplication linked against FreeType, it could cause the application to\ncrash or, possibly, execute arbitrary code with the privileges of the\nuser running the application. (CVE-2006-1861)\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed TrueType® Font (TTF) files. If a user loaded a\ncarefully-crafted font file with an application linked against\nFreeType, it could cause the application to crash or, possibly,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2007-2754)\n\nA flaw was discovered in the FreeType TTF font-file format parser when\nthe TrueType virtual machine Byte Code Interpreter (BCI) is enabled.\nIf a user loaded a carefully-crafted font file with an application\nlinked against FreeType, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2008-1808)\n\nThe X server must be restarted (log out, then log back in) for this\nupdate to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0905&L=scientific-linux-errata&T=0&P=1789\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a7782c2c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/05/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL3\", reference:\"freetype-2.1.4-12.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"freetype-demos-2.1.4-12.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"freetype-devel-2.1.4-12.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"freetype-utils-2.1.4-12.el3\")) flag++;\n\nif (rpm_check(release:\"SL4\", reference:\"freetype-2.1.9-10.el4.7\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"freetype-demos-2.1.9-10.el4.7\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"freetype-devel-2.1.9-10.el4.7\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"freetype-utils-2.1.9-10.el4.7\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"freetype-2.2.1-21.el5_3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"freetype-demos-2.2.1-21.el5_3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"freetype-devel-2.2.1-21.el5_3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:09:19", "bulletinFamily": "scanner", "description": "Updated freetype packages that fix various security issues are now\navailable for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nFreeType is a free, high-quality, portable font engine that can open\nand manage font files. It also loads, hints, and renders individual\nglyphs efficiently. These packages provide both the FreeType 1 and\nFreeType 2 font engines.\n\nTavis Ormandy of the Google Security Team discovered several integer\noverflow flaws in the FreeType 2 font engine. If a user loaded a\ncarefully-crafted font file with an application linked against\nFreeType 2, it could cause the application to crash or, possibly,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2009-0946)\n\nChris Evans discovered multiple integer overflow flaws in the FreeType\nfont engine. If a user loaded a carefully-crafted font file with an\napplication linked against FreeType, it could cause the application to\ncrash or, possibly, execute arbitrary code with the privileges of the\nuser running the application. (CVE-2006-1861)\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed TrueType(r) Font (TTF) files. If a user loaded a\ncarefully-crafted font file with an application linked against\nFreeType, it could cause the application to crash or, possibly,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2007-2754)\n\nA flaw was discovered in the FreeType TTF font-file format parser when\nthe TrueType virtual machine Byte Code Interpreter (BCI) is enabled.\nIf a user loaded a carefully-crafted font file with an application\nlinked against FreeType, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2008-1808)\n\nThe CVE-2008-1808 flaw did not affect the freetype packages as\ndistributed in Red Hat Enterprise Linux 3 and 4, as they are not\ncompiled with TrueType BCI support. A fix for this flaw has been\nincluded in this update as users may choose to recompile the freetype\npackages in order to enable TrueType BCI support. Red Hat does not,\nhowever, provide support for modified and recompiled packages.\n\nNote: For the FreeType 2 font engine, the CVE-2006-1861,\nCVE-2007-2754, and CVE-2008-1808 flaws were addressed via\nRHSA-2006:0500, RHSA-2007:0403, and RHSA-2008:0556 respectively. This\nupdate provides corresponding updates for the FreeType 1 font engine,\nincluded in the freetype packages distributed in Red Hat Enterprise\nLinux 3 and 4.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be\nrestarted (log out, then log back in) for this update to take effect.", "modified": "2018-12-20T00:00:00", "published": "2009-05-23T00:00:00", "id": "REDHAT-RHSA-2009-0329.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=38870", "title": "RHEL 3 / 4 : freetype (RHSA-2009:0329)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:0329. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(38870);\n script_version (\"1.28\");\n script_cvs_date(\"Date: 2018/12/20 11:08:45\");\n\n script_cve_id(\"CVE-2006-1861\", \"CVE-2007-2754\", \"CVE-2008-1808\", \"CVE-2009-0946\");\n script_bugtraq_id(24074, 29637, 29639, 34550);\n script_xref(name:\"RHSA\", value:\"2009:0329\");\n\n script_name(english:\"RHEL 3 / 4 : freetype (RHSA-2009:0329)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated freetype packages that fix various security issues are now\navailable for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nFreeType is a free, high-quality, portable font engine that can open\nand manage font files. It also loads, hints, and renders individual\nglyphs efficiently. These packages provide both the FreeType 1 and\nFreeType 2 font engines.\n\nTavis Ormandy of the Google Security Team discovered several integer\noverflow flaws in the FreeType 2 font engine. If a user loaded a\ncarefully-crafted font file with an application linked against\nFreeType 2, it could cause the application to crash or, possibly,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2009-0946)\n\nChris Evans discovered multiple integer overflow flaws in the FreeType\nfont engine. If a user loaded a carefully-crafted font file with an\napplication linked against FreeType, it could cause the application to\ncrash or, possibly, execute arbitrary code with the privileges of the\nuser running the application. (CVE-2006-1861)\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed TrueType(r) Font (TTF) files. If a user loaded a\ncarefully-crafted font file with an application linked against\nFreeType, it could cause the application to crash or, possibly,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2007-2754)\n\nA flaw was discovered in the FreeType TTF font-file format parser when\nthe TrueType virtual machine Byte Code Interpreter (BCI) is enabled.\nIf a user loaded a carefully-crafted font file with an application\nlinked against FreeType, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2008-1808)\n\nThe CVE-2008-1808 flaw did not affect the freetype packages as\ndistributed in Red Hat Enterprise Linux 3 and 4, as they are not\ncompiled with TrueType BCI support. A fix for this flaw has been\nincluded in this update as users may choose to recompile the freetype\npackages in order to enable TrueType BCI support. Red Hat does not,\nhowever, provide support for modified and recompiled packages.\n\nNote: For the FreeType 2 font engine, the CVE-2006-1861,\nCVE-2007-2754, and CVE-2008-1808 flaws were addressed via\nRHSA-2006:0500, RHSA-2007:0403, and RHSA-2008:0556 respectively. This\nupdate provides corresponding updates for the FreeType 1 font engine,\nincluded in the freetype packages distributed in Red Hat Enterprise\nLinux 3 and 4.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be\nrestarted (log out, then log back in) for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-1861\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-2754\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-1808\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-0946\"\n );\n # http://www.redhat.com/support/policy/soc/production/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/en/services/support\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:0329\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/05/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/05/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x / 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:0329\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"freetype-2.1.4-12.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"freetype-devel-2.1.4-12.el3\")) flag++;\n\n\n if (rpm_check(release:\"RHEL4\", reference:\"freetype-2.1.9-10.el4.7\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"freetype-demos-2.1.9-10.el4.7\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"freetype-devel-2.1.9-10.el4.7\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"freetype-utils-2.1.9-10.el4.7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype / freetype-demos / freetype-devel / freetype-utils\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:09:19", "bulletinFamily": "scanner", "description": "Updated freetype packages that fix various security issues are now\navailable for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nFreeType is a free, high-quality, portable font engine that can open\nand manage font files. It also loads, hints, and renders individual\nglyphs efficiently. These packages provide both the FreeType 1 and\nFreeType 2 font engines.\n\nTavis Ormandy of the Google Security Team discovered several integer\noverflow flaws in the FreeType 2 font engine. If a user loaded a\ncarefully-crafted font file with an application linked against\nFreeType 2, it could cause the application to crash or, possibly,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2009-0946)\n\nChris Evans discovered multiple integer overflow flaws in the FreeType\nfont engine. If a user loaded a carefully-crafted font file with an\napplication linked against FreeType, it could cause the application to\ncrash or, possibly, execute arbitrary code with the privileges of the\nuser running the application. (CVE-2006-1861)\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed TrueType(r) Font (TTF) files. If a user loaded a\ncarefully-crafted font file with an application linked against\nFreeType, it could cause the application to crash or, possibly,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2007-2754)\n\nA flaw was discovered in the FreeType TTF font-file format parser when\nthe TrueType virtual machine Byte Code Interpreter (BCI) is enabled.\nIf a user loaded a carefully-crafted font file with an application\nlinked against FreeType, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2008-1808)\n\nThe CVE-2008-1808 flaw did not affect the freetype packages as\ndistributed in Red Hat Enterprise Linux 3 and 4, as they are not\ncompiled with TrueType BCI support. A fix for this flaw has been\nincluded in this update as users may choose to recompile the freetype\npackages in order to enable TrueType BCI support. Red Hat does not,\nhowever, provide support for modified and recompiled packages.\n\nNote: For the FreeType 2 font engine, the CVE-2006-1861,\nCVE-2007-2754, and CVE-2008-1808 flaws were addressed via\nRHSA-2006:0500, RHSA-2007:0403, and RHSA-2008:0556 respectively. This\nupdate provides corresponding updates for the FreeType 1 font engine,\nincluded in the freetype packages distributed in Red Hat Enterprise\nLinux 3 and 4.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be\nrestarted (log out, then log back in) for this update to take effect.", "modified": "2018-11-10T00:00:00", "published": "2009-05-23T00:00:00", "id": "CENTOS_RHSA-2009-0329.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=38867", "title": "CentOS 3 / 4 : freetype (CESA-2009:0329)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:0329 and \n# CentOS Errata and Security Advisory 2009:0329 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(38867);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2018/11/10 11:49:28\");\n\n script_cve_id(\"CVE-2006-1861\", \"CVE-2007-2754\", \"CVE-2008-1808\", \"CVE-2009-0946\");\n script_bugtraq_id(24074, 29637, 29639, 34550);\n script_xref(name:\"RHSA\", value:\"2009:0329\");\n\n script_name(english:\"CentOS 3 / 4 : freetype (CESA-2009:0329)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated freetype packages that fix various security issues are now\navailable for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nFreeType is a free, high-quality, portable font engine that can open\nand manage font files. It also loads, hints, and renders individual\nglyphs efficiently. These packages provide both the FreeType 1 and\nFreeType 2 font engines.\n\nTavis Ormandy of the Google Security Team discovered several integer\noverflow flaws in the FreeType 2 font engine. If a user loaded a\ncarefully-crafted font file with an application linked against\nFreeType 2, it could cause the application to crash or, possibly,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2009-0946)\n\nChris Evans discovered multiple integer overflow flaws in the FreeType\nfont engine. If a user loaded a carefully-crafted font file with an\napplication linked against FreeType, it could cause the application to\ncrash or, possibly, execute arbitrary code with the privileges of the\nuser running the application. (CVE-2006-1861)\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed TrueType(r) Font (TTF) files. If a user loaded a\ncarefully-crafted font file with an application linked against\nFreeType, it could cause the application to crash or, possibly,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2007-2754)\n\nA flaw was discovered in the FreeType TTF font-file format parser when\nthe TrueType virtual machine Byte Code Interpreter (BCI) is enabled.\nIf a user loaded a carefully-crafted font file with an application\nlinked against FreeType, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2008-1808)\n\nThe CVE-2008-1808 flaw did not affect the freetype packages as\ndistributed in Red Hat Enterprise Linux 3 and 4, as they are not\ncompiled with TrueType BCI support. A fix for this flaw has been\nincluded in this update as users may choose to recompile the freetype\npackages in order to enable TrueType BCI support. Red Hat does not,\nhowever, provide support for modified and recompiled packages.\n\nNote: For the FreeType 2 font engine, the CVE-2006-1861,\nCVE-2007-2754, and CVE-2008-1808 flaws were addressed via\nRHSA-2006:0500, RHSA-2007:0403, and RHSA-2008:0556 respectively. This\nupdate provides corresponding updates for the FreeType 1 font engine,\nincluded in the freetype packages distributed in Red Hat Enterprise\nLinux 3 and 4.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be\nrestarted (log out, then log back in) for this update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-May/015887.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ffa19826\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-May/015888.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d4b98262\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-May/015932.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?56b1dd2b\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-May/015936.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7732f16f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freetype packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freetype-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freetype-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freetype-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/05/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/05/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", reference:\"freetype-2.1.4-12.el3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"freetype-demos-2.1.4-12.el3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"freetype-devel-2.1.4-12.el3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"freetype-utils-2.1.4-12.el3\")) flag++;\n\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"freetype-2.1.9-10.el4.7\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"freetype-demos-2.1.9-10.el4.7\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"freetype-devel-2.1.9-10.el4.7\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"freetype-utils-2.1.9-10.el4.7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:16:31", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2009:0329 :\n\nUpdated freetype packages that fix various security issues are now\navailable for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nFreeType is a free, high-quality, portable font engine that can open\nand manage font files. It also loads, hints, and renders individual\nglyphs efficiently. These packages provide both the FreeType 1 and\nFreeType 2 font engines.\n\nTavis Ormandy of the Google Security Team discovered several integer\noverflow flaws in the FreeType 2 font engine. If a user loaded a\ncarefully-crafted font file with an application linked against\nFreeType 2, it could cause the application to crash or, possibly,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2009-0946)\n\nChris Evans discovered multiple integer overflow flaws in the FreeType\nfont engine. If a user loaded a carefully-crafted font file with an\napplication linked against FreeType, it could cause the application to\ncrash or, possibly, execute arbitrary code with the privileges of the\nuser running the application. (CVE-2006-1861)\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed TrueType(r) Font (TTF) files. If a user loaded a\ncarefully-crafted font file with an application linked against\nFreeType, it could cause the application to crash or, possibly,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2007-2754)\n\nA flaw was discovered in the FreeType TTF font-file format parser when\nthe TrueType virtual machine Byte Code Interpreter (BCI) is enabled.\nIf a user loaded a carefully-crafted font file with an application\nlinked against FreeType, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2008-1808)\n\nThe CVE-2008-1808 flaw did not affect the freetype packages as\ndistributed in Red Hat Enterprise Linux 3 and 4, as they are not\ncompiled with TrueType BCI support. A fix for this flaw has been\nincluded in this update as users may choose to recompile the freetype\npackages in order to enable TrueType BCI support. Red Hat does not,\nhowever, provide support for modified and recompiled packages.\n\nNote: For the FreeType 2 font engine, the CVE-2006-1861,\nCVE-2007-2754, and CVE-2008-1808 flaws were addressed via\nRHSA-2006:0500, RHSA-2007:0403, and RHSA-2008:0556 respectively. This\nupdate provides corresponding updates for the FreeType 1 font engine,\nincluded in the freetype packages distributed in Red Hat Enterprise\nLinux 3 and 4.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be\nrestarted (log out, then log back in) for this update to take effect.", "modified": "2018-07-18T00:00:00", "published": "2013-07-12T00:00:00", "id": "ORACLELINUX_ELSA-2009-0329.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=67813", "title": "Oracle Linux 3 / 4 : freetype (ELSA-2009-0329)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2009:0329 and \n# Oracle Linux Security Advisory ELSA-2009-0329 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67813);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/07/18 17:43:56\");\n\n script_cve_id(\"CVE-2006-1861\", \"CVE-2007-2754\", \"CVE-2008-1808\", \"CVE-2009-0946\");\n script_bugtraq_id(24074, 29637, 29639, 34550);\n script_xref(name:\"RHSA\", value:\"2009:0329\");\n\n script_name(english:\"Oracle Linux 3 / 4 : freetype (ELSA-2009-0329)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2009:0329 :\n\nUpdated freetype packages that fix various security issues are now\navailable for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nFreeType is a free, high-quality, portable font engine that can open\nand manage font files. It also loads, hints, and renders individual\nglyphs efficiently. These packages provide both the FreeType 1 and\nFreeType 2 font engines.\n\nTavis Ormandy of the Google Security Team discovered several integer\noverflow flaws in the FreeType 2 font engine. If a user loaded a\ncarefully-crafted font file with an application linked against\nFreeType 2, it could cause the application to crash or, possibly,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2009-0946)\n\nChris Evans discovered multiple integer overflow flaws in the FreeType\nfont engine. If a user loaded a carefully-crafted font file with an\napplication linked against FreeType, it could cause the application to\ncrash or, possibly, execute arbitrary code with the privileges of the\nuser running the application. (CVE-2006-1861)\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed TrueType(r) Font (TTF) files. If a user loaded a\ncarefully-crafted font file with an application linked against\nFreeType, it could cause the application to crash or, possibly,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2007-2754)\n\nA flaw was discovered in the FreeType TTF font-file format parser when\nthe TrueType virtual machine Byte Code Interpreter (BCI) is enabled.\nIf a user loaded a carefully-crafted font file with an application\nlinked against FreeType, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2008-1808)\n\nThe CVE-2008-1808 flaw did not affect the freetype packages as\ndistributed in Red Hat Enterprise Linux 3 and 4, as they are not\ncompiled with TrueType BCI support. A fix for this flaw has been\nincluded in this update as users may choose to recompile the freetype\npackages in order to enable TrueType BCI support. Red Hat does not,\nhowever, provide support for modified and recompiled packages.\n\nNote: For the FreeType 2 font engine, the CVE-2006-1861,\nCVE-2007-2754, and CVE-2008-1808 flaws were addressed via\nRHSA-2006:0500, RHSA-2007:0403, and RHSA-2008:0556 respectively. This\nupdate provides corresponding updates for the FreeType 1 font engine,\nincluded in the freetype packages distributed in Red Hat Enterprise\nLinux 3 and 4.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be\nrestarted (log out, then log back in) for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2009-May/001010.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2009-May/001017.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freetype packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:freetype-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:freetype-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:freetype-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/05/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/05/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3 / 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"freetype-2.1.4-12.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"freetype-2.1.4-12.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"freetype-devel-2.1.4-12.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"freetype-devel-2.1.4-12.el3\")) flag++;\n\nif (rpm_check(release:\"EL4\", reference:\"freetype-2.1.9-10.el4.7\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"freetype-demos-2.1.9-10.el4.7\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"freetype-devel-2.1.9-10.el4.7\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"freetype-utils-2.1.9-10.el4.7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype / freetype-demos / freetype-devel / freetype-utils\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:09:19", "bulletinFamily": "scanner", "description": "Updated freetype packages that fix various security issues are now\navailable for Red Hat Enterprise Linux 2.1.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nFreeType is a free, high-quality, portable font engine that can open\nand manage font files. It also loads, hints, and renders individual\nglyphs efficiently. These packages provide both the FreeType 1 and\nFreeType 2 font engines.\n\nTavis Ormandy of the Google Security Team discovered several integer\noverflow flaws in the FreeType 2 font engine. If a user loaded a\ncarefully-crafted font file with an application linked against\nFreeType 2, it could cause the application to crash or, possibly,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2009-0946)\n\nChris Evans discovered multiple integer overflow flaws in the FreeType\nfont engine. If a user loaded a carefully-crafted font file with an\napplication linked against FreeType, it could cause the application to\ncrash or, possibly, execute arbitrary code with the privileges of the\nuser running the application. (CVE-2006-1861)\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed TrueType(r) Font (TTF) files. If a user loaded a\ncarefully-crafted font file with an application linked against\nFreeType, it could cause the application to crash or, possibly,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2007-2754)\n\nNote: For the FreeType 2 font engine, the CVE-2006-1861 and\nCVE-2007-2754 flaws were addressed via RHSA-2006:0500 and\nRHSA-2007:0403 respectively. This update provides corresponding\nupdates for the FreeType 1 font engine, included in the freetype\npackages distributed in Red Hat Enterprise Linux 2.1.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be\nrestarted (log out, then log back in) for this update to take effect.", "modified": "2018-11-27T00:00:00", "published": "2009-05-23T00:00:00", "id": "REDHAT-RHSA-2009-1062.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=38874", "title": "RHEL 2.1 : freetype (RHSA-2009:1062)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1062. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(38874);\n script_version (\"1.26\");\n script_cvs_date(\"Date: 2018/11/27 13:31:32\");\n\n script_cve_id(\"CVE-2006-1861\", \"CVE-2007-2754\", \"CVE-2009-0946\");\n script_bugtraq_id(24074, 34550);\n script_xref(name:\"RHSA\", value:\"2009:1062\");\n\n script_name(english:\"RHEL 2.1 : freetype (RHSA-2009:1062)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated freetype packages that fix various security issues are now\navailable for Red Hat Enterprise Linux 2.1.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nFreeType is a free, high-quality, portable font engine that can open\nand manage font files. It also loads, hints, and renders individual\nglyphs efficiently. These packages provide both the FreeType 1 and\nFreeType 2 font engines.\n\nTavis Ormandy of the Google Security Team discovered several integer\noverflow flaws in the FreeType 2 font engine. If a user loaded a\ncarefully-crafted font file with an application linked against\nFreeType 2, it could cause the application to crash or, possibly,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2009-0946)\n\nChris Evans discovered multiple integer overflow flaws in the FreeType\nfont engine. If a user loaded a carefully-crafted font file with an\napplication linked against FreeType, it could cause the application to\ncrash or, possibly, execute arbitrary code with the privileges of the\nuser running the application. (CVE-2006-1861)\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed TrueType(r) Font (TTF) files. If a user loaded a\ncarefully-crafted font file with an application linked against\nFreeType, it could cause the application to crash or, possibly,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2007-2754)\n\nNote: For the FreeType 2 font engine, the CVE-2006-1861 and\nCVE-2007-2754 flaws were addressed via RHSA-2006:0500 and\nRHSA-2007:0403 respectively. This update provides corresponding\nupdates for the FreeType 1 font engine, included in the freetype\npackages distributed in Red Hat Enterprise Linux 2.1.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be\nrestarted (log out, then log back in) for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-1861\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-2754\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-0946\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:1062\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected freetype, freetype-devel and / or freetype-utils\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/05/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/05/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^2\\.1([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i386\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:1062\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"freetype-2.0.3-17.el21\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"freetype-devel-2.0.3-17.el21\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"freetype-utils-2.0.3-17.el21\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype / freetype-devel / freetype-utils\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:09:20", "bulletinFamily": "scanner", "description": "Port of freetype2 security fixes\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2015-10-21T00:00:00", "published": "2009-05-28T00:00:00", "id": "FEDORA_2009-5644.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=38943", "title": "Fedora 11 : freetype1-1.4-0.8.pre.fc11 (2009-5644)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-5644.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(38943);\n script_version (\"$Revision: 1.10 $\");\n script_cvs_date(\"$Date: 2015/10/21 22:50:38 $\");\n\n script_cve_id(\"CVE-2006-1861\", \"CVE-2007-2754\");\n script_xref(name:\"FEDORA\", value:\"2009-5644\");\n\n script_name(english:\"Fedora 11 : freetype1-1.4-0.8.pre.fc11 (2009-5644)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Port of freetype2 security fixes\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=502565\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-May/024302.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b616ab4c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freetype1 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:freetype1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/05/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/05/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^11([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC11\", reference:\"freetype1-1.4-0.8.pre.fc11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype1\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:09:20", "bulletinFamily": "scanner", "description": "Port of freetype2 security fixes\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2015-10-21T00:00:00", "published": "2009-05-28T00:00:00", "id": "FEDORA_2009-5558.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=38938", "title": "Fedora 10 : freetype1-1.4-0.8.pre.fc10 (2009-5558)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-5558.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(38938);\n script_version (\"$Revision: 1.11 $\");\n script_cvs_date(\"$Date: 2015/10/21 22:50:37 $\");\n\n script_cve_id(\"CVE-2006-1861\", \"CVE-2007-2754\");\n script_bugtraq_id(24074);\n script_xref(name:\"FEDORA\", value:\"2009-5558\");\n\n script_name(english:\"Fedora 10 : freetype1-1.4-0.8.pre.fc10 (2009-5558)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Port of freetype2 security fixes\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=502565\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-May/024217.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2ccf02f2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freetype1 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:freetype1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/05/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/05/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^10([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 10.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC10\", reference:\"freetype1-1.4-0.8.pre.fc10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype1\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:10:39", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-201006-01\n(FreeType 1: User-assisted execution of arbitrary code)\n\n Multiple issues found in FreeType 2 were also discovered in FreeType 1.\n For details on these issues, please review the Gentoo Linux Security\n Advisories and CVE identifiers referenced below.\nImpact :\n\n A remote attacker could entice a user to open a specially crafted TTF\n file, possibly resulting in the execution of arbitrary code with the\n privileges of the user running FreeType.\nWorkaround :\n\n There is no known workaround at this time.", "modified": "2018-11-14T00:00:00", "published": "2010-06-02T00:00:00", "id": "GENTOO_GLSA-201006-01.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=46768", "title": "GLSA-201006-01 : FreeType 1: User-assisted execution of arbitrary code", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201006-01.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(46768);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/11/14 14:36:22\");\n\n script_cve_id(\"CVE-2006-1861\", \"CVE-2007-2754\");\n script_xref(name:\"GLSA\", value:\"201006-01\");\n\n script_name(english:\"GLSA-201006-01 : FreeType 1: User-assisted execution of arbitrary code\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201006-01\n(FreeType 1: User-assisted execution of arbitrary code)\n\n Multiple issues found in FreeType 2 were also discovered in FreeType 1.\n For details on these issues, please review the Gentoo Linux Security\n Advisories and CVE identifiers referenced below.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted TTF\n file, possibly resulting in the execution of arbitrary code with the\n privileges of the user running FreeType.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200607-02\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200705-22\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201006-01\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All FreeType 1 users should upgrade to an unaffected version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/freetype-1.4_pre20080316-r2'\n NOTE: This is a legacy GLSA. Updates for all affected architectures are\n available since May 27, 2009. It is likely that your system is already\n no longer affected by this issue.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/06/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/06/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-libs/freetype\", unaffected:make_list(\"ge 1.4_pre20080316-r2\"), vulnerable:make_list(\"lt 1.4_pre20080316-r2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"FreeType 1\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:20:16", "bulletinFamily": "scanner", "description": "The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\nCVE-2009-0946 Multiple integer overflows in FreeType 2.3.9 and earlier\nallow remote attackers to execute arbitrary code via vectors related\nto large values in certain inputs in (1) smooth/ftsmooth.c, (2)\nsfnt/ttcmap.c, and (3) cff/cffload.c.\n\nCVE-2008-1806 Integer overflow in FreeType2 before 2.3.6 allows\ncontext-dependent attackers to execute arbitrary code via a crafted\nset of 16-bit length values within the Private dictionary table in a\nPrinter Font Binary (PFB) file, which triggers a heap-based buffer\noverflow.\n\nCVE-2008-1807 FreeType2 before 2.3.6 allow context-dependent attackers\nto execute arbitrary code via an invalid 'number of axes' field in a\nPrinter Font Binary (PFB) file, which triggers a free of arbitrary\nmemory locations, leading to memory corruption.\n\nCVE-2008-1808 Multiple off-by-one errors in FreeType2 before 2.3.6\nallow context-dependent attackers to execute arbitrary code via (1) a\ncrafted table in a Printer Font Binary (PFB) file or (2) a crafted SHC\ninstruction in a TrueType Font (TTF) file, which triggers a heap-based\nbuffer overflow.\n\n - Add freetype-2009-CVEs.patch\n\n - Resolves: #496111\n\n - Add freetype-2.3.5-CVEs.patch\n\n - Resolves: #450910", "modified": "2017-02-14T00:00:00", "published": "2014-11-26T00:00:00", "id": "ORACLEVM_OVMSA-2009-0012.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79459", "title": "OracleVM 2.1 : freetype (OVMSA-2009-0012)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2009-0012.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79459);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2017/02/14 17:16:23 $\");\n\n script_cve_id(\"CVE-2008-1806\", \"CVE-2008-1807\", \"CVE-2008-1808\", \"CVE-2009-0946\");\n script_bugtraq_id(29637, 29639, 29640, 29641, 34550);\n\n script_name(english:\"OracleVM 2.1 : freetype (OVMSA-2009-0012)\");\n script_summary(english:\"Checks the RPM output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\nCVE-2009-0946 Multiple integer overflows in FreeType 2.3.9 and earlier\nallow remote attackers to execute arbitrary code via vectors related\nto large values in certain inputs in (1) smooth/ftsmooth.c, (2)\nsfnt/ttcmap.c, and (3) cff/cffload.c.\n\nCVE-2008-1806 Integer overflow in FreeType2 before 2.3.6 allows\ncontext-dependent attackers to execute arbitrary code via a crafted\nset of 16-bit length values within the Private dictionary table in a\nPrinter Font Binary (PFB) file, which triggers a heap-based buffer\noverflow.\n\nCVE-2008-1807 FreeType2 before 2.3.6 allow context-dependent attackers\nto execute arbitrary code via an invalid 'number of axes' field in a\nPrinter Font Binary (PFB) file, which triggers a free of arbitrary\nmemory locations, leading to memory corruption.\n\nCVE-2008-1808 Multiple off-by-one errors in FreeType2 before 2.3.6\nallow context-dependent attackers to execute arbitrary code via (1) a\ncrafted table in a Printer Font Binary (PFB) file or (2) a crafted SHC\ninstruction in a TrueType Font (TTF) file, which triggers a heap-based\nbuffer overflow.\n\n - Add freetype-2009-CVEs.patch\n\n - Resolves: #496111\n\n - Add freetype-2.3.5-CVEs.patch\n\n - Resolves: #450910\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2009-May/000026.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freetype package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:2.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/05/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! ereg(pattern:\"^OVS\" + \"2\\.1\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 2.1\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS2.1\", reference:\"freetype-2.2.1-21.el5_3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:06:43", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-200607-02\n(FreeType: Multiple integer overflows)\n\n Multiple integer overflows exist in a variety of files (bdf/bdflib.c,\n sfnt/ttcmap.c, cff/cffgload.c, base/ftmac.c).\nImpact :\n\n A remote attacker could exploit these buffer overflows by enticing a\n user to load a specially crafted font, which could result in the\n execution of arbitrary code.\nWorkaround :\n\n There is no known workaround at this time.", "modified": "2018-07-11T00:00:00", "published": "2006-07-10T00:00:00", "id": "GENTOO_GLSA-200607-02.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=22009", "title": "GLSA-200607-02 : FreeType: Multiple integer overflows", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200607-02.\n#\n# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(22009);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/07/11 17:09:25\");\n\n script_cve_id(\"CVE-2006-1861\");\n script_xref(name:\"GLSA\", value:\"200607-02\");\n\n script_name(english:\"GLSA-200607-02 : FreeType: Multiple integer overflows\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200607-02\n(FreeType: Multiple integer overflows)\n\n Multiple integer overflows exist in a variety of files (bdf/bdflib.c,\n sfnt/ttcmap.c, cff/cffgload.c, base/ftmac.c).\n \nImpact :\n\n A remote attacker could exploit these buffer overflows by enticing a\n user to load a specially crafted font, which could result in the\n execution of arbitrary code.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200607-02\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All FreeType users should upgrade to the latest stable version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/freetype-2.1.10-r2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/07/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/07/10\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/05/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-libs/freetype\", unaffected:make_list(\"ge 2.1.10-r2\", \"lt 2.0\"), vulnerable:make_list(\"lt 2.1.10-r2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"FreeType\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "centos": [{"lastseen": "2017-10-03T18:24:49", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2009:0329\n\n\nFreeType is a free, high-quality, portable font engine that can open and\nmanage font files. It also loads, hints, and renders individual glyphs\nefficiently. These packages provide both the FreeType 1 and FreeType 2\nfont engines.\n\nTavis Ormandy of the Google Security Team discovered several integer\noverflow flaws in the FreeType 2 font engine. If a user loaded a\ncarefully-crafted font file with an application linked against FreeType 2,\nit could cause the application to crash or, possibly, execute arbitrary\ncode with the privileges of the user running the application.\n(CVE-2009-0946)\n\nChris Evans discovered multiple integer overflow flaws in the FreeType font\nengine. If a user loaded a carefully-crafted font file with an application\nlinked against FreeType, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user running\nthe application. (CVE-2006-1861)\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed TrueType\u00ae Font (TTF) files. If a user loaded a carefully-crafted\nfont file with an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2007-2754)\n\nA flaw was discovered in the FreeType TTF font-file format parser when the\nTrueType virtual machine Byte Code Interpreter (BCI) is enabled. If a user\nloaded a carefully-crafted font file with an application linked against\nFreeType, it could cause the application to crash or, possibly, execute\narbitrary code with the privileges of the user running the application.\n(CVE-2008-1808)\n\nThe CVE-2008-1808 flaw did not affect the freetype packages as distributed\nin Red Hat Enterprise Linux 3 and 4, as they are not compiled with TrueType\nBCI support. A fix for this flaw has been included in this update as users\nmay choose to recompile the freetype packages in order to enable TrueType\nBCI support. Red Hat does not, however, provide support for modified and\nrecompiled packages.\n\nNote: For the FreeType 2 font engine, the CVE-2006-1861, CVE-2007-2754,\nand CVE-2008-1808 flaws were addressed via RHSA-2006:0500, RHSA-2007:0403,\nand RHSA-2008:0556 respectively. This update provides corresponding\nupdates for the FreeType 1 font engine, included in the freetype packages\ndistributed in Red Hat Enterprise Linux 3 and 4.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be restarted\n(log out, then log back in) for this update to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-May/015887.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-May/015888.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-May/015932.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-May/015934.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-May/015936.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-May/015939.html\n\n**Affected packages:**\nfreetype\nfreetype-demos\nfreetype-devel\nfreetype-utils\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2009-0329.html", "modified": "2009-05-25T21:21:29", "published": "2009-05-22T15:02:05", "href": "http://lists.centos.org/pipermail/centos-announce/2009-May/015887.html", "id": "CESA-2009:0329", "title": "freetype security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-03T18:24:56", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2009:1061\n\n\nFreeType is a free, high-quality, portable font engine that can open and\nmanage font files. It also loads, hints, and renders individual glyphs\nefficiently. These packages provide the FreeType 2 font engine.\n\nTavis Ormandy of the Google Security Team discovered several integer\noverflow flaws in the FreeType 2 font engine. If a user loaded a\ncarefully-crafted font file with an application linked against FreeType 2,\nit could cause the application to crash or, possibly, execute arbitrary\ncode with the privileges of the user running the application.\n(CVE-2009-0946)\n\nUsers are advised to upgrade to these updated packages, which contain a\nbackported patch to correct these issues. The X server must be restarted\n(log out, then log back in) for this update to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-May/015893.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-May/015894.html\n\n**Affected packages:**\nfreetype\nfreetype-demos\nfreetype-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2009-1061.html", "modified": "2009-05-22T22:25:29", "published": "2009-05-22T22:25:29", "href": "http://lists.centos.org/pipermail/centos-announce/2009-May/015893.html", "id": "CESA-2009:1061", "title": "freetype security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-03T18:24:50", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2007:0403-01\n\n\nFreeType is a free, high-quality, portable font engine.\r\n\r\nAn integer overflow flaw was found in the way the FreeType font engine\r\nprocessed TTF font files. If a user loaded a carefully crafted font file\r\nwith a program linked against FreeType, it could cause the application to\r\ncrash or execute arbitrary code. While it is uncommon for a user to\r\nexplicitly load a font file, there are several application file formats\r\nwhich contain embedded fonts that are parsed by FreeType. (CVE-2007-2754)\r\n\r\nUsers of FreeType should upgrade to these updated packages, which contain\r\na backported patch to correct this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-June/013901.html\n\n**Affected packages:**\nfreetype\nfreetype-devel\nfreetype-utils\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "modified": "2007-06-12T00:56:26", "published": "2007-06-12T00:56:26", "href": "http://lists.centos.org/pipermail/centos-announce/2007-June/013901.html", "id": "CESA-2007:0403-01", "title": "freetype security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-27T10:56:39", "bulletinFamily": "scanner", "description": "The remote host is missing updates to FreeType announced in\nadvisory RHSA-2009:0329.\n\nTavis Ormandy of the Google Security Team discovered several integer\noverflow flaws in the FreeType 2 font engine. If a user loaded a\ncarefully-crafted font file with an application linked against FreeType 2,\nit could cause the application to crash or, possibly, execute arbitrary\ncode with the privileges of the user running the application.\n(CVE-2009-0946)\n\nChris Evans discovered multiple integer overflow flaws in the FreeType font\nengine. If a user loaded a carefully-crafted font file with an application\nlinked against FreeType, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user running\nthe application. (CVE-2006-1861)\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed TrueType\u00ae Font (TTF) files. If a user loaded a carefully-crafted\nfont file with an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2007-2754)\n\nA flaw was discovered in the FreeType TTF font-file format parser when the\nTrueType virtual machine Byte Code Interpreter (BCI) is enabled. If a user\nloaded a carefully-crafted font file with an application linked against\nFreeType, it could cause the application to crash or, possibly, execute\narbitrary code with the privileges of the user running the application.\n(CVE-2008-1808)\n\nThe CVE-2008-1808 flaw did not affect the freetype packages as distributed\nin Red Hat Enterprise Linux 3 and 4, as they are not compiled with TrueType\nBCI support. A fix for this flaw has been included in this update as users\nmay choose to recompile the freetype packages in order to enable TrueType\nBCI support. Red Hat does not, however, provide support for modified and\nrecompiled packages.\n\nNote: For the FreeType 2 font engine, the CVE-2006-1861, CVE-2007-2754,\nand CVE-2008-1808 flaws were addressed via RHSA-2006:0500, RHSA-2007:0403,\nand RHSA-2008:0556 respectively. This update provides corresponding\nupdates for the FreeType 1 font engine, included in the freetype packages\ndistributed in Red Hat Enterprise Linux 3 and 4.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be restarted\n(log out, then log back in) for this update to take effect.", "modified": "2017-07-12T00:00:00", "published": "2009-05-25T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=64018", "id": "OPENVAS:64018", "title": "RedHat Security Advisory RHSA-2009:0329", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_0329.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:0329 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to FreeType announced in\nadvisory RHSA-2009:0329.\n\nTavis Ormandy of the Google Security Team discovered several integer\noverflow flaws in the FreeType 2 font engine. If a user loaded a\ncarefully-crafted font file with an application linked against FreeType 2,\nit could cause the application to crash or, possibly, execute arbitrary\ncode with the privileges of the user running the application.\n(CVE-2009-0946)\n\nChris Evans discovered multiple integer overflow flaws in the FreeType font\nengine. If a user loaded a carefully-crafted font file with an application\nlinked against FreeType, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user running\nthe application. (CVE-2006-1861)\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed TrueType\u00ae Font (TTF) files. If a user loaded a carefully-crafted\nfont file with an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2007-2754)\n\nA flaw was discovered in the FreeType TTF font-file format parser when the\nTrueType virtual machine Byte Code Interpreter (BCI) is enabled. If a user\nloaded a carefully-crafted font file with an application linked against\nFreeType, it could cause the application to crash or, possibly, execute\narbitrary code with the privileges of the user running the application.\n(CVE-2008-1808)\n\nThe CVE-2008-1808 flaw did not affect the freetype packages as distributed\nin Red Hat Enterprise Linux 3 and 4, as they are not compiled with TrueType\nBCI support. A fix for this flaw has been included in this update as users\nmay choose to recompile the freetype packages in order to enable TrueType\nBCI support. Red Hat does not, however, provide support for modified and\nrecompiled packages.\n\nNote: For the FreeType 2 font engine, the CVE-2006-1861, CVE-2007-2754,\nand CVE-2008-1808 flaws were addressed via RHSA-2006:0500, RHSA-2007:0403,\nand RHSA-2008:0556 respectively. This update provides corresponding\nupdates for the FreeType 1 font engine, included in the freetype packages\ndistributed in Red Hat Enterprise Linux 3 and 4.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be restarted\n(log out, then log back in) for this update to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(64018);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-25 20:59:33 +0200 (Mon, 25 May 2009)\");\n script_cve_id(\"CVE-2006-1861\", \"CVE-2007-2754\", \"CVE-2008-1808\", \"CVE-2009-0946\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:0329\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0329.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#important\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/support/policy/soc/production/\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.1.4~12.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freetype-debuginfo\", rpm:\"freetype-debuginfo~2.1.4~12.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.1.4~12.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.1.9~10.el4.7\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freetype-debuginfo\", rpm:\"freetype-debuginfo~2.1.9~10.el4.7\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.1.9~10.el4.7\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.1.9~10.el4.7\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freetype-utils\", rpm:\"freetype-utils~2.1.9~10.el4.7\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:04:03", "bulletinFamily": "scanner", "description": "Check for the Version of freetype", "modified": "2018-04-06T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:1361412562310880679", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880679", "title": "CentOS Update for freetype CESA-2009:0329 centos3 i386", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for freetype CESA-2009:0329 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"FreeType is a free, high-quality, portable font engine that can open and\n manage font files. It also loads, hints, and renders individual glyphs\n efficiently. These packages provide both the FreeType 1 and FreeType 2\n font engines.\n\n Tavis Ormandy of the Google Security Team discovered several integer\n overflow flaws in the FreeType 2 font engine. If a user loaded a\n carefully-crafted font file with an application linked against FreeType 2,\n it could cause the application to crash or, possibly, execute arbitrary\n code with the privileges of the user running the application.\n (CVE-2009-0946)\n \n Chris Evans discovered multiple integer overflow flaws in the FreeType font\n engine. If a user loaded a carefully-crafted font file with an application\n linked against FreeType, it could cause the application to crash or,\n possibly, execute arbitrary code with the privileges of the user running\n the application. (CVE-2006-1861)\n \n An integer overflow flaw was found in the way the FreeType font engine\n processed TrueType Font (TTF) files. If a user loaded a carefully-crafted\n font file with an application linked against FreeType, it could cause the\n application to crash or, possibly, execute arbitrary code with the\n privileges of the user running the application. (CVE-2007-2754)\n \n A flaw was discovered in the FreeType TTF font-file format parser when the\n TrueType virtual machine Byte Code Interpreter (BCI) is enabled. If a user\n loaded a carefully-crafted font file with an application linked against\n FreeType, it could cause the application to crash or, possibly, execute\n arbitrary code with the privileges of the user running the application.\n (CVE-2008-1808)\n \n The CVE-2008-1808 flaw did not affect the freetype packages as distributed\n in Red Hat Enterprise Linux 3 and 4, as they are not compiled with TrueType\n BCI support. A fix for this flaw has been included in this update as users\n may choose to recompile the freetype packages in order to enable TrueType\n BCI support. Red Hat does not, however, provide support for modified and\n recompiled packages.\n \n Note: For the FreeType 2 font engine, the CVE-2006-1861, CVE-2007-2754,\n and CVE-2008-1808 flaws were addressed via RHSA-2006:0500, RHSA-2007:0403,\n and RHSA-2008:0556 respectively. This update provides corresponding\n updates for the FreeType 1 font engine, included in the freetype packages\n distributed in Red Hat Enterprise Linux 3 and 4.\n \n Users are advised to upgrade to these updated packages, which contain\n backported patches to correct these issues. The X server must be restarted\n (log out, then log back in) for this update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"freetype on CentOS 3\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-May/015887.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880679\");\n script_version(\"$Revision: 9371 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:55:06 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2009:0329\");\n script_cve_id(\"CVE-2006-1861\", \"CVE-2007-2754\", \"CVE-2008-1808\", \"CVE-2009-0946\");\n script_name(\"CentOS Update for freetype CESA-2009:0329 centos3 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of freetype\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.1.4~12.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.1.4~12.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.1.4~12.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-utils\", rpm:\"freetype-utils~2.1.4~12.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:45", "bulletinFamily": "scanner", "description": "The remote host is missing updates to freetype announced in\nadvisory CESA-2009:0329.", "modified": "2018-04-06T00:00:00", "published": "2009-05-25T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064061", "id": "OPENVAS:136141256231064061", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:0329 (freetype)", "sourceData": "#CESA-2009:0329 64061 6\n# $Id: ovcesa2009_0329.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:0329 (freetype)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:0329\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:0329\nhttps://rhn.redhat.com/errata/RHSA-2009-0329.html\";\ntag_summary = \"The remote host is missing updates to freetype announced in\nadvisory CESA-2009:0329.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64061\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-25 20:59:33 +0200 (Mon, 25 May 2009)\");\n script_cve_id(\"CVE-2006-1861\", \"CVE-2007-2754\", \"CVE-2008-1808\", \"CVE-2009-0946\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Security Advisory CESA-2009:0329 (freetype)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.1.4~12.el3\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.1.4~12.el3\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.1.4~12.el3\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freetype-utils\", rpm:\"freetype-utils~2.1.4~12.el3\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:07", "bulletinFamily": "scanner", "description": "The remote host is missing updates to FreeType announced in\nadvisory RHSA-2009:0329.\n\nTavis Ormandy of the Google Security Team discovered several integer\noverflow flaws in the FreeType 2 font engine. If a user loaded a\ncarefully-crafted font file with an application linked against FreeType 2,\nit could cause the application to crash or, possibly, execute arbitrary\ncode with the privileges of the user running the application.\n(CVE-2009-0946)\n\nChris Evans discovered multiple integer overflow flaws in the FreeType font\nengine. If a user loaded a carefully-crafted font file with an application\nlinked against FreeType, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user running\nthe application. (CVE-2006-1861)\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed TrueType\u00ae Font (TTF) files. If a user loaded a carefully-crafted\nfont file with an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2007-2754)\n\nA flaw was discovered in the FreeType TTF font-file format parser when the\nTrueType virtual machine Byte Code Interpreter (BCI) is enabled. If a user\nloaded a carefully-crafted font file with an application linked against\nFreeType, it could cause the application to crash or, possibly, execute\narbitrary code with the privileges of the user running the application.\n(CVE-2008-1808)\n\nThe CVE-2008-1808 flaw did not affect the freetype packages as distributed\nin Red Hat Enterprise Linux 3 and 4, as they are not compiled with TrueType\nBCI support. A fix for this flaw has been included in this update as users\nmay choose to recompile the freetype packages in order to enable TrueType\nBCI support. Red Hat does not, however, provide support for modified and\nrecompiled packages.\n\nNote: For the FreeType 2 font engine, the CVE-2006-1861, CVE-2007-2754,\nand CVE-2008-1808 flaws were addressed via RHSA-2006:0500, RHSA-2007:0403,\nand RHSA-2008:0556 respectively. This update provides corresponding\nupdates for the FreeType 1 font engine, included in the freetype packages\ndistributed in Red Hat Enterprise Linux 3 and 4.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be restarted\n(log out, then log back in) for this update to take effect.", "modified": "2018-04-06T00:00:00", "published": "2009-05-25T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064018", "id": "OPENVAS:136141256231064018", "title": "RedHat Security Advisory RHSA-2009:0329", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_0329.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:0329 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to FreeType announced in\nadvisory RHSA-2009:0329.\n\nTavis Ormandy of the Google Security Team discovered several integer\noverflow flaws in the FreeType 2 font engine. If a user loaded a\ncarefully-crafted font file with an application linked against FreeType 2,\nit could cause the application to crash or, possibly, execute arbitrary\ncode with the privileges of the user running the application.\n(CVE-2009-0946)\n\nChris Evans discovered multiple integer overflow flaws in the FreeType font\nengine. If a user loaded a carefully-crafted font file with an application\nlinked against FreeType, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user running\nthe application. (CVE-2006-1861)\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed TrueType\u00ae Font (TTF) files. If a user loaded a carefully-crafted\nfont file with an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2007-2754)\n\nA flaw was discovered in the FreeType TTF font-file format parser when the\nTrueType virtual machine Byte Code Interpreter (BCI) is enabled. If a user\nloaded a carefully-crafted font file with an application linked against\nFreeType, it could cause the application to crash or, possibly, execute\narbitrary code with the privileges of the user running the application.\n(CVE-2008-1808)\n\nThe CVE-2008-1808 flaw did not affect the freetype packages as distributed\nin Red Hat Enterprise Linux 3 and 4, as they are not compiled with TrueType\nBCI support. A fix for this flaw has been included in this update as users\nmay choose to recompile the freetype packages in order to enable TrueType\nBCI support. Red Hat does not, however, provide support for modified and\nrecompiled packages.\n\nNote: For the FreeType 2 font engine, the CVE-2006-1861, CVE-2007-2754,\nand CVE-2008-1808 flaws were addressed via RHSA-2006:0500, RHSA-2007:0403,\nand RHSA-2008:0556 respectively. This update provides corresponding\nupdates for the FreeType 1 font engine, included in the freetype packages\ndistributed in Red Hat Enterprise Linux 3 and 4.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be restarted\n(log out, then log back in) for this update to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64018\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-25 20:59:33 +0200 (Mon, 25 May 2009)\");\n script_cve_id(\"CVE-2006-1861\", \"CVE-2007-2754\", \"CVE-2008-1808\", \"CVE-2009-0946\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:0329\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0329.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#important\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/support/policy/soc/production/\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.1.4~12.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freetype-debuginfo\", rpm:\"freetype-debuginfo~2.1.4~12.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.1.4~12.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.1.9~10.el4.7\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freetype-debuginfo\", rpm:\"freetype-debuginfo~2.1.9~10.el4.7\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.1.9~10.el4.7\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.1.9~10.el4.7\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freetype-utils\", rpm:\"freetype-utils~2.1.9~10.el4.7\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:57:16", "bulletinFamily": "scanner", "description": "The remote host is missing updates to freetype announced in\nadvisory CESA-2009:0329.", "modified": "2017-07-10T00:00:00", "published": "2009-05-25T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=64061", "id": "OPENVAS:64061", "title": "CentOS Security Advisory CESA-2009:0329 (freetype)", "type": "openvas", "sourceData": "#CESA-2009:0329 64061 6\n# $Id: ovcesa2009_0329.nasl 6650 2017-07-10 11:43:12Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:0329 (freetype)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:0329\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:0329\nhttps://rhn.redhat.com/errata/RHSA-2009-0329.html\";\ntag_summary = \"The remote host is missing updates to freetype announced in\nadvisory CESA-2009:0329.\";\n\n\n\nif(description)\n{\n script_id(64061);\n script_version(\"$Revision: 6650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:43:12 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-25 20:59:33 +0200 (Mon, 25 May 2009)\");\n script_cve_id(\"CVE-2006-1861\", \"CVE-2007-2754\", \"CVE-2008-1808\", \"CVE-2009-0946\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Security Advisory CESA-2009:0329 (freetype)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.1.4~12.el3\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.1.4~12.el3\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.1.4~12.el3\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freetype-utils\", rpm:\"freetype-utils~2.1.4~12.el3\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:55:42", "bulletinFamily": "scanner", "description": "Check for the Version of freetype", "modified": "2017-07-10T00:00:00", "published": "2011-08-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=880679", "id": "OPENVAS:880679", "title": "CentOS Update for freetype CESA-2009:0329 centos3 i386", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for freetype CESA-2009:0329 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"FreeType is a free, high-quality, portable font engine that can open and\n manage font files. It also loads, hints, and renders individual glyphs\n efficiently. These packages provide both the FreeType 1 and FreeType 2\n font engines.\n\n Tavis Ormandy of the Google Security Team discovered several integer\n overflow flaws in the FreeType 2 font engine. If a user loaded a\n carefully-crafted font file with an application linked against FreeType 2,\n it could cause the application to crash or, possibly, execute arbitrary\n code with the privileges of the user running the application.\n (CVE-2009-0946)\n \n Chris Evans discovered multiple integer overflow flaws in the FreeType font\n engine. If a user loaded a carefully-crafted font file with an application\n linked against FreeType, it could cause the application to crash or,\n possibly, execute arbitrary code with the privileges of the user running\n the application. (CVE-2006-1861)\n \n An integer overflow flaw was found in the way the FreeType font engine\n processed TrueType Font (TTF) files. If a user loaded a carefully-crafted\n font file with an application linked against FreeType, it could cause the\n application to crash or, possibly, execute arbitrary code with the\n privileges of the user running the application. (CVE-2007-2754)\n \n A flaw was discovered in the FreeType TTF font-file format parser when the\n TrueType virtual machine Byte Code Interpreter (BCI) is enabled. If a user\n loaded a carefully-crafted font file with an application linked against\n FreeType, it could cause the application to crash or, possibly, execute\n arbitrary code with the privileges of the user running the application.\n (CVE-2008-1808)\n \n The CVE-2008-1808 flaw did not affect the freetype packages as distributed\n in Red Hat Enterprise Linux 3 and 4, as they are not compiled with TrueType\n BCI support. A fix for this flaw has been included in this update as users\n may choose to recompile the freetype packages in order to enable TrueType\n BCI support. Red Hat does not, however, provide support for modified and\n recompiled packages.\n \n Note: For the FreeType 2 font engine, the CVE-2006-1861, CVE-2007-2754,\n and CVE-2008-1808 flaws were addressed via RHSA-2006:0500, RHSA-2007:0403,\n and RHSA-2008:0556 respectively. This update provides corresponding\n updates for the FreeType 1 font engine, included in the freetype packages\n distributed in Red Hat Enterprise Linux 3 and 4.\n \n Users are advised to upgrade to these updated packages, which contain\n backported patches to correct these issues. The X server must be restarted\n (log out, then log back in) for this update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"freetype on CentOS 3\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-May/015887.html\");\n script_id(880679);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2009:0329\");\n script_cve_id(\"CVE-2006-1861\", \"CVE-2007-2754\", \"CVE-2008-1808\", \"CVE-2009-0946\");\n script_name(\"CentOS Update for freetype CESA-2009:0329 centos3 i386\");\n\n script_summary(\"Check for the Version of freetype\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.1.4~12.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.1.4~12.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.1.4~12.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-utils\", rpm:\"freetype-utils~2.1.4~12.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:56:35", "bulletinFamily": "scanner", "description": "The remote host is missing updates to FreeType announced in\nadvisory RHSA-2009:1062.\n\nTavis Ormandy of the Google Security Team discovered several integer\noverflow flaws in the FreeType 2 font engine. If a user loaded a\ncarefully-crafted font file with an application linked against FreeType 2,\nit could cause the application to crash or, possibly, execute arbitrary\ncode with the privileges of the user running the application.\n(CVE-2009-0946)\n\nChris Evans discovered multiple integer overflow flaws in the FreeType font\nengine. If a user loaded a carefully-crafted font file with an application\nlinked against FreeType, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user running\nthe application. (CVE-2006-1861)\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed TrueType\u00ae Font (TTF) files. If a user loaded a carefully-crafted\nfont file with an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2007-2754)\n\nNote: For the FreeType 2 font engine, the CVE-2006-1861 and CVE-2007-2754\nflaws were addressed via RHSA-2006:0500 and RHSA-2007:0403 respectively.\nThis update provides corresponding updates for the FreeType 1 font engine,\nincluded in the freetype packages distributed in Red Hat Enterprise Linux\n2.1.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be restarted\n(log out, then log back in) for this update to take effect.", "modified": "2017-07-12T00:00:00", "published": "2009-05-25T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=64022", "id": "OPENVAS:64022", "title": "RedHat Security Advisory RHSA-2009:1062", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1062.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1062 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to FreeType announced in\nadvisory RHSA-2009:1062.\n\nTavis Ormandy of the Google Security Team discovered several integer\noverflow flaws in the FreeType 2 font engine. If a user loaded a\ncarefully-crafted font file with an application linked against FreeType 2,\nit could cause the application to crash or, possibly, execute arbitrary\ncode with the privileges of the user running the application.\n(CVE-2009-0946)\n\nChris Evans discovered multiple integer overflow flaws in the FreeType font\nengine. If a user loaded a carefully-crafted font file with an application\nlinked against FreeType, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user running\nthe application. (CVE-2006-1861)\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed TrueType\u00ae Font (TTF) files. If a user loaded a carefully-crafted\nfont file with an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2007-2754)\n\nNote: For the FreeType 2 font engine, the CVE-2006-1861 and CVE-2007-2754\nflaws were addressed via RHSA-2006:0500 and RHSA-2007:0403 respectively.\nThis update provides corresponding updates for the FreeType 1 font engine,\nincluded in the freetype packages distributed in Red Hat Enterprise Linux\n2.1.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be restarted\n(log out, then log back in) for this update to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(64022);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-25 20:59:33 +0200 (Mon, 25 May 2009)\");\n script_cve_id(\"CVE-2006-1861\", \"CVE-2007-2754\", \"CVE-2009-0946\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1062\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1062.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#important\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.0.3~17.el21\", rls:\"RHENT_2.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.0.3~17.el21\", rls:\"RHENT_2.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freetype-utils\", rpm:\"freetype-utils~2.0.3~17.el21\", rls:\"RHENT_2.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:56", "bulletinFamily": "scanner", "description": "The remote host is missing updates to FreeType announced in\nadvisory RHSA-2009:1062.\n\nTavis Ormandy of the Google Security Team discovered several integer\noverflow flaws in the FreeType 2 font engine. If a user loaded a\ncarefully-crafted font file with an application linked against FreeType 2,\nit could cause the application to crash or, possibly, execute arbitrary\ncode with the privileges of the user running the application.\n(CVE-2009-0946)\n\nChris Evans discovered multiple integer overflow flaws in the FreeType font\nengine. If a user loaded a carefully-crafted font file with an application\nlinked against FreeType, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user running\nthe application. (CVE-2006-1861)\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed TrueType\u00ae Font (TTF) files. If a user loaded a carefully-crafted\nfont file with an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2007-2754)\n\nNote: For the FreeType 2 font engine, the CVE-2006-1861 and CVE-2007-2754\nflaws were addressed via RHSA-2006:0500 and RHSA-2007:0403 respectively.\nThis update provides corresponding updates for the FreeType 1 font engine,\nincluded in the freetype packages distributed in Red Hat Enterprise Linux\n2.1.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be restarted\n(log out, then log back in) for this update to take effect.", "modified": "2018-04-06T00:00:00", "published": "2009-05-25T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064022", "id": "OPENVAS:136141256231064022", "title": "RedHat Security Advisory RHSA-2009:1062", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1062.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1062 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to FreeType announced in\nadvisory RHSA-2009:1062.\n\nTavis Ormandy of the Google Security Team discovered several integer\noverflow flaws in the FreeType 2 font engine. If a user loaded a\ncarefully-crafted font file with an application linked against FreeType 2,\nit could cause the application to crash or, possibly, execute arbitrary\ncode with the privileges of the user running the application.\n(CVE-2009-0946)\n\nChris Evans discovered multiple integer overflow flaws in the FreeType font\nengine. If a user loaded a carefully-crafted font file with an application\nlinked against FreeType, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user running\nthe application. (CVE-2006-1861)\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed TrueType\u00ae Font (TTF) files. If a user loaded a carefully-crafted\nfont file with an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2007-2754)\n\nNote: For the FreeType 2 font engine, the CVE-2006-1861 and CVE-2007-2754\nflaws were addressed via RHSA-2006:0500 and RHSA-2007:0403 respectively.\nThis update provides corresponding updates for the FreeType 1 font engine,\nincluded in the freetype packages distributed in Red Hat Enterprise Linux\n2.1.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be restarted\n(log out, then log back in) for this update to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64022\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-25 20:59:33 +0200 (Mon, 25 May 2009)\");\n script_cve_id(\"CVE-2006-1861\", \"CVE-2007-2754\", \"CVE-2009-0946\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1062\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1062.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#important\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.0.3~17.el21\", rls:\"RHENT_2.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.0.3~17.el21\", rls:\"RHENT_2.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freetype-utils\", rpm:\"freetype-utils~2.0.3~17.el21\", rls:\"RHENT_2.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:37:17", "bulletinFamily": "scanner", "description": "The remote host is missing an update to freetype1\nannounced via advisory FEDORA-2009-5644.", "modified": "2018-04-06T00:00:00", "published": "2009-06-05T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064073", "id": "OPENVAS:136141256231064073", "title": "Fedora Core 11 FEDORA-2009-5644 (freetype1)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_5644.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-5644 (freetype1)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nPort of freetype2 security fixes\n\nChangeLog:\n\n* Tue May 26 2009 Adam Jackson 1.4-0.8.pre\n- cve-2006-1861.patch, cve-2007-2754.patch: Port of freetype2 fixes. (#502565)\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update freetype1' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-5644\";\ntag_summary = \"The remote host is missing an update to freetype1\nannounced via advisory FEDORA-2009-5644.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64073\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-05 18:04:08 +0200 (Fri, 05 Jun 2009)\");\n script_cve_id(\"CVE-2006-1861\", \"CVE-2007-2754\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Core 11 FEDORA-2009-5644 (freetype1)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=502565\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"freetype1\", rpm:\"freetype1~1.4~0.8.pre.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freetype1-devel\", rpm:\"freetype1-devel~1.4~0.8.pre.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freetype1-utils\", rpm:\"freetype1-utils~1.4~0.8.pre.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freetype1-debuginfo\", rpm:\"freetype1-debuginfo~1.4~0.8.pre.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:15", "bulletinFamily": "scanner", "description": "The remote host is missing an update to freetype1\nannounced via advisory FEDORA-2009-5558.", "modified": "2017-07-10T00:00:00", "published": "2009-06-05T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=64081", "id": "OPENVAS:64081", "title": "Fedora Core 10 FEDORA-2009-5558 (freetype1)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_5558.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-5558 (freetype1)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nPort of freetype2 security fixes\n\nChangeLog:\n\n* Tue May 26 2009 Adam Jackson 1.4-0.8.pre\n- cve-2006-1861.patch, cve-2007-2754.patch: Port of freetype2 fixes. (#502565)\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update freetype1' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-5558\";\ntag_summary = \"The remote host is missing an update to freetype1\nannounced via advisory FEDORA-2009-5558.\";\n\n\n\nif(description)\n{\n script_id(64081);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-05 18:04:08 +0200 (Fri, 05 Jun 2009)\");\n script_cve_id(\"CVE-2006-1861\", \"CVE-2007-2754\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Core 10 FEDORA-2009-5558 (freetype1)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=502565\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"freetype1\", rpm:\"freetype1~1.4~0.8.pre.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freetype1-devel\", rpm:\"freetype1-devel~1.4~0.8.pre.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freetype1-utils\", rpm:\"freetype1-utils~1.4~0.8.pre.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freetype1-debuginfo\", rpm:\"freetype1-debuginfo~1.4~0.8.pre.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2018-12-11T17:45:57", "bulletinFamily": "unix", "description": "FreeType is a free, high-quality, portable font engine that can open and\nmanage font files. It also loads, hints, and renders individual glyphs\nefficiently. These packages provide both the FreeType 1 and FreeType 2\nfont engines.\n\nTavis Ormandy of the Google Security Team discovered several integer\noverflow flaws in the FreeType 2 font engine. If a user loaded a\ncarefully-crafted font file with an application linked against FreeType 2,\nit could cause the application to crash or, possibly, execute arbitrary\ncode with the privileges of the user running the application.\n(CVE-2009-0946)\n\nChris Evans discovered multiple integer overflow flaws in the FreeType font\nengine. If a user loaded a carefully-crafted font file with an application\nlinked against FreeType, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user running\nthe application. (CVE-2006-1861)\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed TrueType\u00ae Font (TTF) files. If a user loaded a carefully-crafted\nfont file with an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2007-2754)\n\nA flaw was discovered in the FreeType TTF font-file format parser when the\nTrueType virtual machine Byte Code Interpreter (BCI) is enabled. If a user\nloaded a carefully-crafted font file with an application linked against\nFreeType, it could cause the application to crash or, possibly, execute\narbitrary code with the privileges of the user running the application.\n(CVE-2008-1808)\n\nThe CVE-2008-1808 flaw did not affect the freetype packages as distributed\nin Red Hat Enterprise Linux 3 and 4, as they are not compiled with TrueType\nBCI support. A fix for this flaw has been included in this update as users\nmay choose to recompile the freetype packages in order to enable TrueType\nBCI support. Red Hat does not, however, provide support for modified and\nrecompiled packages.\n\nNote: For the FreeType 2 font engine, the CVE-2006-1861, CVE-2007-2754,\nand CVE-2008-1808 flaws were addressed via RHSA-2006:0500, RHSA-2007:0403,\nand RHSA-2008:0556 respectively. This update provides corresponding\nupdates for the FreeType 1 font engine, included in the freetype packages\ndistributed in Red Hat Enterprise Linux 3 and 4.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be restarted\n(log out, then log back in) for this update to take effect.", "modified": "2018-05-26T04:26:18", "published": "2009-05-22T04:00:00", "id": "RHSA-2009:0329", "href": "https://access.redhat.com/errata/RHSA-2009:0329", "type": "redhat", "title": "(RHSA-2009:0329) Important: freetype security update", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T17:44:05", "bulletinFamily": "unix", "description": "FreeType is a free, high-quality, portable font engine that can open and\nmanage font files. It also loads, hints, and renders individual glyphs\nefficiently. These packages provide both the FreeType 1 and FreeType 2\nfont engines.\n\nTavis Ormandy of the Google Security Team discovered several integer\noverflow flaws in the FreeType 2 font engine. If a user loaded a\ncarefully-crafted font file with an application linked against FreeType 2,\nit could cause the application to crash or, possibly, execute arbitrary\ncode with the privileges of the user running the application.\n(CVE-2009-0946)\n\nChris Evans discovered multiple integer overflow flaws in the FreeType font\nengine. If a user loaded a carefully-crafted font file with an application\nlinked against FreeType, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user running\nthe application. (CVE-2006-1861)\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed TrueType\u00ae Font (TTF) files. If a user loaded a carefully-crafted\nfont file with an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2007-2754)\n\nNote: For the FreeType 2 font engine, the CVE-2006-1861 and CVE-2007-2754\nflaws were addressed via RHSA-2006:0500 and RHSA-2007:0403 respectively.\nThis update provides corresponding updates for the FreeType 1 font engine,\nincluded in the freetype packages distributed in Red Hat Enterprise Linux\n2.1.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be restarted\n(log out, then log back in) for this update to take effect.", "modified": "2018-03-14T19:26:35", "published": "2009-05-22T04:00:00", "id": "RHSA-2009:1062", "href": "https://access.redhat.com/errata/RHSA-2009:1062", "type": "redhat", "title": "(RHSA-2009:1062) Important: freetype security update", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T17:41:54", "bulletinFamily": "unix", "description": "FreeType is a free, high-quality, portable font engine that can open and\nmanage font files. It also loads, hints, and renders individual glyphs\nefficiently. These packages provide the FreeType 2 font engine.\n\nTavis Ormandy of the Google Security Team discovered several integer\noverflow flaws in the FreeType 2 font engine. If a user loaded a\ncarefully-crafted font file with an application linked against FreeType 2,\nit could cause the application to crash or, possibly, execute arbitrary\ncode with the privileges of the user running the application.\n(CVE-2009-0946)\n\nUsers are advised to upgrade to these updated packages, which contain a\nbackported patch to correct these issues. The X server must be restarted\n(log out, then log back in) for this update to take effect.", "modified": "2017-09-08T12:17:05", "published": "2009-05-22T04:00:00", "id": "RHSA-2009:1061", "href": "https://access.redhat.com/errata/RHSA-2009:1061", "type": "redhat", "title": "(RHSA-2009:1061) Important: freetype security update", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:57", "bulletinFamily": "unix", "description": "### Background\n\nFreeType is a True Type Font rendering library. \n\n### Description\n\nMultiple issues found in FreeType 2 were also discovered in FreeType 1. For details on these issues, please review the Gentoo Linux Security Advisories and CVE identifiers referenced below. \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted TTF file, possibly resulting in the execution of arbitrary code with the privileges of the user running FreeType. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll FreeType 1 users should upgrade to an unaffected version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/freetype-1.4_pre20080316-r2\"\n\nNOTE: This is a legacy GLSA. Updates for all affected architectures are available since May 27, 2009. It is likely that your system is already no longer affected by this issue.", "modified": "2010-06-01T00:00:00", "published": "2010-06-01T00:00:00", "id": "GLSA-201006-01", "href": "https://security.gentoo.org/glsa/201006-01", "type": "gentoo", "title": "FreeType 1: User-assisted execution of arbitrary code", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-06T19:46:06", "bulletinFamily": "unix", "description": "### Background\n\nFreeType is a portable font engine. \n\n### Description\n\nMultiple integer overflows exist in a variety of files (bdf/bdflib.c, sfnt/ttcmap.c, cff/cffgload.c, base/ftmac.c). \n\n### Impact\n\nA remote attacker could exploit these buffer overflows by enticing a user to load a specially crafted font, which could result in the execution of arbitrary code. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll FreeType users should upgrade to the latest stable version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/freetype-2.1.10-r2\"", "modified": "2006-09-03T00:00:00", "published": "2006-07-09T00:00:00", "id": "GLSA-200607-02", "href": "https://security.gentoo.org/glsa/200607-02", "type": "gentoo", "title": "FreeType: Multiple integer overflows", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-06T19:46:21", "bulletinFamily": "unix", "description": "### Background\n\nNoMachine's NX establishes remote connections to X11 desktops over small bandwidth links. NX and NX Node are the compression core libraries, whereas NX is used by FreeNX and NX Node by the binary-only NX servers. \n\n### Description\n\nChris Evans reported an integer overflow within the FreeType PCF font file parser (CVE-2006-1861). NX and NX Node are vulnerable to this due to shipping XFree86 4.3.0, which includes the vulnerable FreeType code. \n\n### Impact\n\nA remote attacker could exploit these integer overflows by enticing a user to load a specially crafted PCF font file which might lead to the execution of arbitrary code with the privileges of the user on the machine running the NX server. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll NX users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/nx-3.0.0\"\n\nAll NX Node users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/nxnode-3.0.0-r3\"", "modified": "2007-10-09T00:00:00", "published": "2007-10-09T00:00:00", "id": "GLSA-200710-09", "href": "https://security.gentoo.org/glsa/200710-09", "type": "gentoo", "title": "NX 2.1: User-assisted execution of arbitrary code", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-06T19:46:57", "bulletinFamily": "unix", "description": "### Background\n\nFreeType is a high-quality and portable font engine. \n\n### Description\n\nTavis Ormandy reported multiple integer overflows in the cff_charset_compute_cids() function in cff/cffload.c, sfnt/tccmap.c and the ft_smooth_render_generic() function in smooth/ftsmooth.c, possibly leading to heap or stack-based buffer overflows. \n\n### Impact\n\nA remote attacker could entice a user or automated system to open a specially crafted font file, possibly resulting in the execution of arbitrary code with the privileges of the user running the application, or a Denial of Service. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll FreeType users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/freetype-2.3.9-r1\"", "modified": "2009-05-25T00:00:00", "published": "2009-05-24T00:00:00", "id": "GLSA-200905-05", "href": "https://security.gentoo.org/glsa/200905-05", "type": "gentoo", "title": "FreeType: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T21:39:02", "bulletinFamily": "exploit", "description": "BUGTRAQ ID: 29637,29639\r\nCVE(CAN) ID: CVE-2008-1808\r\n\r\nFreeType\u662f\u4e00\u4e2a\u6d41\u884c\u7684\u5b57\u4f53\u51fd\u6570\u5e93\u3002\r\n\r\nFreeType\u4e2d\u8d1f\u8d23\u89e3\u6790PFB\u548cTTF\u5b57\u4f53\u6587\u4ef6\u7684\u4ee3\u7801\u4e2d\u5b58\u5728\u591a\u4e2a\u5806\u6ea2\u51fa\u6f0f\u6d1e\u3002\r\n\r\nPFB\u6587\u4ef6\u4e2d\u5305\u542b\u6709\u5404\u79cd\u6570\u636e\u7ed3\u6784\uff0c\u5176\u4e2d\u7684\u4e00\u4e9b\u50a8\u5b58\u4e3atabular\u683c\u5f0f\u3002\u5728\u89e3\u6790\u8868\u683c\u65f6\uff0c\u6709\u6f0f\u6d1e\u7684\u4ee3\u7801\u6bb5\u6ca1\u6709\u6b63\u786e\u5730\u9a8c\u8bc1\u7528\u4f5c\u5806\u7f13\u51b2\u533a\u6570\u7ec4\u7d22\u5f15\u7684\u503c\u3002\u8ba1\u7b97\u4e2d\u5b58\u5728\u5355\u5b57\u8282\u9519\u8bef\uff0c\u53ef\u80fd\u5bfc\u81f4\u5806\u6ea2\u51fa\u3002 \r\n\r\nTrueType\u5b57\u4f53\u6587\u4ef6\u4e2d\u5305\u542b\u6709\u5728TrueType\u865a\u62df\u673a\u4e2d\u6267\u884c\u7684\u5b57\u4f53\u7a0b\u5e8f\uff0c\u5176\u4e2d\u7684\u4e00\u6761\u6307\u4ee4\u4e3aSHC\uff0c\u7528\u4e8e\u5c06\u5b57\u4f53\u4e2d\u7684\u8f6e\u5ed3\u5207\u6362\u5230\u6307\u5b9a\u7684\u503c\u3002\u5728\u89e3\u6790\u8fd9\u6761\u6307\u4ee4\u65f6\uff0c\u6709\u6f0f\u6d1e\u4ee3\u7801\u6bb5\u6ca1\u6709\u6b63\u786e\u7684\u9a8c\u8bc1\u6570\u7ec4\u7d22\u5f15\uff0c\u53ef\u80fd\u5bfc\u81f4\u5355\u5b57\u8282\u5806\u6ea2\u51fa\u3002\r\n\r\n\u5982\u679c\u7528\u6237\u53d7\u9a97\u901a\u8fc7\u4f7f\u7528\u4e86\u8be5\u5e93\u7684\u5e94\u7528\u7a0b\u5e8f\u6253\u5f00\u4e86\u6076\u610f\u7684\u5b57\u4f53\u6587\u4ef6\u7684\u8bdd\uff0c\u5c31\u4f1a\u89e6\u53d1\u8fd9\u4e9b\u6f0f\u6d1e\uff0c\u5bfc\u81f4\u4ee5\u5e94\u7528\u7a0b\u5e8f\u7684\u6743\u9650\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\r\n\n\nFreeType FreeType 2.3.5\n FreeType\r\n--------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=http://download.savannah.gnu.org/releases/freetype/ft236.zip target=_blank>http://download.savannah.gnu.org/releases/freetype/ft236.zip</a>", "modified": "2008-06-14T00:00:00", "published": "2008-06-14T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-3423", "id": "SSV:3423", "type": "seebug", "title": "FreeType2 PFB\u548cTTF\u5b57\u4f53\u89e3\u6790\u5355\u5b57\u8282\u5806\u6ea2\u51fa\u6f0f\u6d1e", "sourceData": "", "sourceHref": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-11-19T21:19:25", "bulletinFamily": "exploit", "description": "BUGTRAQ ID: 34550\r\nCVE(CAN) ID: CVE-2009-0946\r\n\r\nFreeType\u662f\u4e00\u4e2a\u6d41\u884c\u7684\u5b57\u4f53\u51fd\u6570\u5e93\u3002\r\n\r\nFreeType\u5e93\u7684cff/cffload.c\u6587\u4ef6\u4e2d\u7684cff_charset_compute_cids()\u51fd\u6570\u3001smooth /ftsmooth.c\u6587\u4ef6\u4e2d\u7684ft_smooth_render_generic()\u51fd\u6570\u53casfnt/ttcmap.c\u6587\u4ef6\u4e2d\u7684\u591a\u4e2a\u9a8c\u8bc1\u51fd\u6570\u5b58\u5728\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\u3002\u5982\u679c\u7528\u6237\u53d7\u9a97\u6253\u5f00\u4e86\u7578\u5f62\u7684\u5b57\u4f53\u6587\u4ef6\u7684\u8bdd\uff0c\u5c31\u53ef\u80fd\u89e6\u53d1\u8fd9\u4e9b\u6ea2\u51fa\uff0c\u5bfc\u81f4\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\n\nFreeType 2.3.9\n FreeType\r\n--------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=79972af4f0485a11dcb19551356c45245749fc5b target=_blank rel=external nofollow>http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=79972af4f0485a11dcb19551356c45245749fc5b</a>\r\n<a href=http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a18788b14db60ae3673f932249cd02d33a227c4e target=_blank rel=external nofollow>http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a18788b14db60ae3673f932249cd02d33a227c4e</a>\r\n<a href=http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0a05ba257b6ddd87dacf8d54b626e4b360e0a596 target=_blank rel=external nofollow>http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0a05ba257b6ddd87dacf8d54b626e4b360e0a596</a>\r\n<a href=http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0545ec1ca36b27cb928128870a83e5f668980bc5 target=_blank rel=external nofollow>http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0545ec1ca36b27cb928128870a83e5f668980bc5</a>", "modified": "2009-04-28T00:00:00", "published": "2009-04-28T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-5124", "id": "SSV:5124", "title": "FreeType\u591a\u4e2a\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e", "type": "seebug", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": ""}], "slackware": [{"lastseen": "2018-08-31T02:37:04", "bulletinFamily": "unix", "description": "New x11 packages are available for Slackware 10.2 and -current to\nfix security issues. In addition, fontconfig and freetype have been\nsplit out from the x11 packages in -current, so if you run -current\nyou'll also need to install those new packages.\n\nMore details about the issues may be found here:\n\n http://lists.freedesktop.org/archives/xorg-announce/2006-June/000100.html\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1861\n\n\nHere are the details from the Slackware 10.2 ChangeLog:\n\npatches/packages/x11-6.8.2-i486-6_slack10.2.tgz:\n Patched some more possible linux 2.6.x setuid() related bugs:\n http://lists.freedesktop.org/archives/xorg-announce/2006-June/000100.html\n Patched CVE-2006-1861 linux 2.6.x setuid() related bugs in freetype2.\n (* Security fix *)\npatches/packages/x11-devel-6.8.2-i486-6_slack10.2.tgz: Patched as above.\n (* Security fix *)\npatches/packages/x11-xdmx-6.8.2-i486-6_slack10.2.tgz: Rebuilt.\npatches/packages/x11-xnest-6.8.2-i486-6_slack10.2.tgz: Rebuilt.\npatches/packages/x11-xvfb-6.8.2-i486-6_slack10.2.tgz: Rebuilt.\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\nfrom ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated packages for Slackware 10.2:\nftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/x11-6.8.2-i486-6_slack10.2.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/x11-devel-6.8.2-i486-6_slack10.2.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/x11-xdmx-6.8.2-i486-6_slack10.2.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/x11-xnest-6.8.2-i486-6_slack10.2.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/x11-xvfb-6.8.2-i486-6_slack10.2.tgz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/fontconfig-2.2.3-i486-1.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/freetype-2.1.9-i486-1.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/x11-6.9.0-i486-5.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/x11-devel-6.9.0-i486-5.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/x11-xdmx-6.9.0-i486-5.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/x11-xnest-6.9.0-i486-5.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/x11-xvfb-6.9.0-i486-5.tgz\n\n\nMD5 signatures:\n\nSlackware 10.2 packages:\n0cf87318d76c36906dcd5fb5bc718444 x11-6.8.2-i486-6_slack10.2.tgz\nbea4188bde1da241595e91bae2c76c11 x11-devel-6.8.2-i486-6_slack10.2.tgz\n3286ca1e2dd171577927a31c1a327601 x11-xdmx-6.8.2-i486-6_slack10.2.tgz\n27eca3d63e056ac4553c0196161405f4 x11-xnest-6.8.2-i486-6_slack10.2.tgz\ne208de9bbe2a830b6f161e0ae3301d3b x11-xvfb-6.8.2-i486-6_slack10.2.tgz\n\nSlackware -current packages:\n3cfe905c595a7ff72810834cba17fb40 fontconfig-2.2.3-i486-1.tgz\nd796910b7b481086b9569488a07ca257 freetype-2.1.9-i486-1.tgz\nabec810fe0662c05b527e815a164b29d x11-6.9.0-i486-5.tgz\ndd3d53f59bdd24a2df459cd086659887 x11-devel-6.9.0-i486-5.tgz\nd6d7c360b0b6e3d344bbab361db7a71c x11-xdmx-6.9.0-i486-5.tgz\n0de6e761a401623fd571c97601d08645 x11-xnest-6.9.0-i486-5.tgz\n73a12a31308ed5af5eddd22a67904736 x11-xvfb-6.9.0-i486-5.tgz\n\n\nInstallation instructions:\n\nUpgrade the packages as root:\n > upgradepkg x11-6.8.2-i486-6_slack10.2.tgz \\\n x11-devel-6.8.2-i486-6_slack10.2.tgz \\\n x11-xdmx-6.8.2-i486-6_slack10.2.tgz \\\n x11-xnest-6.8.2-i486-6_slack10.2.tgz \\\n x11-xvfb-6.8.2-i486-6_slack10.2.tgz", "modified": "2006-07-26T14:25:09", "published": "2006-07-26T14:25:09", "id": "SSA-2006-207-02", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.549901", "title": "x11", "type": "slackware", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:26", "bulletinFamily": "software", "description": "iDefense Security Advisory 06.10.08\r\nhttp://labs.idefense.com/intelligence/vulnerabilities/\r\nJun 10, 2008\r\n\r\nI. BACKGROUND\r\n\r\nFreeType2 is an open source library for parsing fonts that is used by\r\nmany applications. This includes projects such as X.Org, Second Life,\r\nand the Sun Java JRE. For more information, please see the vendor's\r\nwebsite at the following URL.\r\n\r\nhttp://freetype.sourceforge.net/freetype2/\r\n\r\nII. DESCRIPTION\r\n\r\nRemote exploitation of multiple heap overflow vulnerabilities in the\r\nFreeType2 library, as included in various vendors' operating systems,\r\ncould allow an attacker to execute arbitrary code with the privileges\r\nof the affected application.\r\n\r\nTwo vulnerabilities exist within the code responsible for parsing font\r\nfiles.\r\n\r\nThe first vulnerability occurs when parsing Printer Font Binary (PFB)\r\nformat font files. PFB files contain various data structures, some of\r\nwhich are stored in a tabular format. When parsing tables, the code\r\ndoesn't correctly validate a value used as an array index into a heap\r\nbuffer. The calculation contains an off-by-one error, which can result\r\nin a heap overflow.\r\n\r\nThe second vulnerability occurs when parsing TrueType Font (TTF) font\r\nfiles. TrueType font files contain "font programs" that are executed in\r\na TrueType virtual machine. One of the instructions in the instruction\r\nset is 'SHC', which is used to shift a contour in the font by a\r\nspecified value. When parsing this instruction, the code doesn't\r\ncorrectly validate an array index, which leads to an off-by-one heap\r\noverflow.\r\n\r\nIII. ANALYSIS\r\n\r\nExploitation of these vulnerabilities results in the execution of\r\narbitrary code with the privileges of the application using the\r\nlibrary. Since FreeType2 is a library and not a standalone application,\r\nthe exploitation vector will vary. iDefense Labs verified that local\r\nprivilege escalation was possible via the X.Org Xserver.\r\n\r\nIV. DETECTION\r\n\r\niDefense has confirmed the existence of these vulnerabilities in\r\nFreeType2 version 2.3.5. Previous versions may also be affected.\r\n\r\nV. WORKAROUND\r\n\r\niDefense is currently unaware of any workarounds for these issues.\r\nChanging the permissions on the freetype.so library may not always be\r\neffective since applications that run with root privileges are not\r\nrestricted by file permissions.\r\n\r\nVI. VENDOR RESPONSE\r\n\r\nThe FreeType maintainers addressed these vulnerabilities with the\r\nrelease of version 2.3.6. For more information, refer to the release\r\nnotes at the following URL.\r\n\r\nhttp://sourceforge.net/project/shownotes.php?group_id=3157&release_id=605780\r\n\r\nVII. CVE INFORMATION\r\n\r\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\r\nname CVE-2008-1808 to this issue. This is a candidate for inclusion in\r\nthe CVE list (http://cve.mitre.org/), which standardizes names for\r\nsecurity problems.\r\n\r\nVIII. DISCLOSURE TIMELINE\r\n\r\n06/03/2008 Initial vendor notification\r\n06/04/2008 Initial vendor response\r\n06/10/2008 Coordinated public disclosure\r\n\r\nIX. CREDIT\r\n\r\nThese vulnerabilities were reported to iDefense by regenrecht.\r\n\r\nGet paid for vulnerability research\r\nhttp://labs.idefense.com/methodology/vulnerability/vcp.php\r\n\r\nFree tools, research and upcoming events\r\nhttp://labs.idefense.com/\r\n\r\nX. LEGAL NOTICES\r\n\r\nCopyright \u00a9 2008 iDefense, Inc.\r\n\r\nPermission is granted for the redistribution of this alert\r\nelectronically. It may not be edited in any way without the express\r\nwritten consent of iDefense. If you wish to reprint the whole or any\r\npart of this alert in any other medium other than electronically,\r\nplease e-mail customerservice@idefense.com for permission.\r\n\r\nDisclaimer: The information in the advisory is believed to be accurate\r\nat the time of publishing based on currently available information. Use\r\nof the information constitutes acceptance for use in an AS IS condition.\r\n There are no warranties with regard to this information. Neither the\r\nauthor nor the publisher accepts any liability for any direct,\r\nindirect, or consequential loss or damage arising from use of, or\r\nreliance on, this information.", "modified": "2008-06-10T00:00:00", "published": "2008-06-10T00:00:00", "id": "SECURITYVULNS:DOC:20010", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20010", "title": "iDefense Security Advisory 06.10.08: Multiple Vendor FreeType2 Multiple Heap Overflow Vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:33", "bulletinFamily": "software", "description": "Multiple integer overflows.", "modified": "2009-05-25T00:00:00", "published": "2009-05-25T00:00:00", "id": "SECURITYVULNS:VULN:9934", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9934", "title": "FreeType integer overflows", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:30", "bulletinFamily": "software", "description": "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nGentoo Linux Security Advisory GLSA 200905-05\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n http://security.gentoo.org/\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\n Severity: Normal\r\n Title: FreeType: Multiple vulnerabilities\r\n Date: May 24, 2009\r\n Bugs: #263032\r\n ID: 200905-05\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\nSynopsis\r\n========\r\n\r\nMultiple integer overflows in FreeType might allow for the remote\r\nexecution of arbitrary code or a Denial of Service.\r\n\r\nBackground\r\n==========\r\n\r\nFreeType is a high-quality and portable font engine.\r\n\r\nAffected packages\r\n=================\r\n\r\n -------------------------------------------------------------------\r\n Package / Vulnerable / Unaffected\r\n -------------------------------------------------------------------\r\n 1 media-libs/freetype < 2.3.9-r1 >= 2.3.9-r1\r\n\r\nDescription\r\n===========\r\n\r\nTavis Ormandy reported multiple integer overflows in the\r\ncff_charset_compute_cids() function in cff/cffload.c, sfnt/tccmap.c and\r\nthe ft_smooth_render_generic() function in smooth/ftsmooth.c, possibly\r\nleading to heap or stack-based buffer overflows.\r\n\r\nImpact\r\n======\r\n\r\nA remote attacker could entice a user or automated system to open a\r\nspecially crafted font file, possibly resulting in the execution of\r\narbitrary code with the privileges of the user running the application,\r\nor a Denial of Service.\r\n\r\nWorkaround\r\n==========\r\n\r\nThere is no known workaround at this time.\r\n\r\nResolution\r\n==========\r\n\r\nAll FreeType users should upgrade to the latest version:\r\n\r\n # emerge --sync\r\n # emerge --ask --oneshot --verbose ">=media-libs/freetype-2.3.9-r1"\r\n\r\nReferences\r\n==========\r\n\r\n [ 1 ] CVE-2009-0946\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0946\r\n\r\nAvailability\r\n============\r\n\r\nThis GLSA and any updates to it are available for viewing at\r\nthe Gentoo Security Website:\r\n\r\n http://security.gentoo.org/glsa/glsa-200905-05.xml\r\n\r\nConcerns?\r\n=========\r\n\r\nSecurity is a primary focus of Gentoo Linux and ensuring the\r\nconfidentiality and security of our users machines is of utmost\r\nimportance to us. Any security concerns should be addressed to\r\nsecurity@gentoo.org or alternatively, you may file a bug at\r\nhttp://bugs.gentoo.org.\r\n\r\nLicense\r\n=======\r\n\r\nCopyright 2009 Gentoo Foundation, Inc; referenced text\r\nbelongs to its owner(s).\r\n\r\nThe contents of this document are licensed under the\r\nCreative Commons - Attribution / Share Alike license.\r\n\r\nhttp://creativecommons.org/licenses/by-sa/2.5", "modified": "2009-05-25T00:00:00", "published": "2009-05-25T00:00:00", "id": "SECURITYVULNS:DOC:21883", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21883", "title": "[ GLSA 200905-05 ] FreeType: Multiple vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2018-10-16T22:14:29", "bulletinFamily": "unix", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA-1784-1 security@debian.org\nhttp://www.debian.org/security/ Nico Golde\nApril 30th, 2009 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : freetype\nVulnerability : integer overflows\nProblem type : local (remote)\nDebian-specific: no\nCVE ID : CVE-2009-0946\n\n\nTavis Ormandy discovered several integer overflows in FreeType, a library\nto process and access font files, resulting in heap- or stack-based\nbuffer overflows leading to application crashes or the execution\nof arbitrary code via a crafted font file.\n\n\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 2.2.1-5+etch4.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 2.3.7-2+lenny1.\n\nFor the testing distribution (squeeze), this problem will be fixed soon.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.3.9-4.1.\n\n\nWe recommend that you upgrade your freetype packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nDebian (oldstable)\n- ------------------\n\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/f/freetype/freetype_2.2.1-5+etch4.dsc\n Size/MD5 checksum: 806 64611cbb471628359be5e3add390481b\n http://security.debian.org/pool/updates/main/f/freetype/freetype_2.2.1.orig.tar.gz\n Size/MD5 checksum: 1451392 a584e84d617c6e7919b4aef9b5106cf4\n http://security.debian.org/pool/updates/main/f/freetype/freetype_2.2.1-5+etch4.diff.gz\n Size/MD5 checksum: 35460 355360a6157070ec1beed2a59b566053\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch4_alpha.udeb\n Size/MD5 checksum: 279388 b3d4210547ecf4a04bf88c75494cc111\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch4_alpha.deb\n Size/MD5 checksum: 385174 278d5134975a1dba703d98240ddc6a63\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch4_alpha.deb\n Size/MD5 checksum: 728690 68737b103f329973ee7d7e9fff4e83c8\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch4_alpha.deb\n Size/MD5 checksum: 169114 5133d57b21cc7cf44b5975b6527b4825\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch4_amd64.udeb\n Size/MD5 checksum: 248282 fc8b4e8e3ffe15eeeb7bcfb162e4a9e1\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch4_amd64.deb\n Size/MD5 checksum: 671298 61b8048d1cbc5275322ed0d730bdbea7\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch4_amd64.deb\n Size/MD5 checksum: 355350 abee35456605685cb9c439363f800173\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch4_amd64.deb\n Size/MD5 checksum: 149832 35ca786b9430666664982428ea773053\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch4_arm.deb\n Size/MD5 checksum: 334084 5fc9bbce9a35e23c111858aadbc789fd\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch4_arm.deb\n Size/MD5 checksum: 646784 b3d8b2b22ab3afeb931d2aea821cae40\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch4_arm.udeb\n Size/MD5 checksum: 227438 1752dce98655004ce337b2506da50676\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch4_arm.deb\n Size/MD5 checksum: 134032 8adc7ae3f9469d351afbdfe2a4120d79\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch4_hppa.deb\n Size/MD5 checksum: 367148 867febdc912d70e94522d9ce712149c9\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch4_hppa.deb\n Size/MD5 checksum: 684936 3ba0531b968c737e6d2dd35096b828b6\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch4_hppa.udeb\n Size/MD5 checksum: 260684 592acdba2d42293937b84a33a1b336ba\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch4_hppa.deb\n Size/MD5 checksum: 150362 1a25c1494492e10337c8d21267b464de\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch4_i386.deb\n Size/MD5 checksum: 644162 9eafc8843737666cba8d6108d4a15d7c\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch4_i386.deb\n Size/MD5 checksum: 135884 348459f71c33c0a258a7dcce04f9cc3e\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch4_i386.udeb\n Size/MD5 checksum: 236062 05007d69881d19521ad59dce79e1f23f\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch4_i386.deb\n Size/MD5 checksum: 342212 98511ff4ae4ae5f7fee332093a2e346d\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch4_ia64.deb\n Size/MD5 checksum: 222234 8daeb88920829fbf27819b0e0ce5846a\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch4_ia64.deb\n Size/MD5 checksum: 817176 17ad55179e15ad7e9f2de28ab7653c89\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch4_ia64.deb\n Size/MD5 checksum: 489336 9f2723db4d62a1a5eef3fe3dd4612b58\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch4_ia64.udeb\n Size/MD5 checksum: 383742 bce79315cd3fc65a9030c6fd15ff794a\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch4_mips.deb\n Size/MD5 checksum: 347148 5f214cc776abbd81c889d2f2d7cca8fb\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch4_mips.udeb\n Size/MD5 checksum: 241716 54b1cfa583a1b62346724307e00e56db\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch4_mips.deb\n Size/MD5 checksum: 151494 2cc027ba3b4f90007f3be2762a907b08\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch4_mips.deb\n Size/MD5 checksum: 680756 9277c822eabae2330d1878a7373a9294\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch4_mipsel.deb\n Size/MD5 checksum: 347116 7d93b0b91240c48036eadaacfba42af1\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch4_mipsel.deb\n Size/MD5 checksum: 680756 23fd50f0675447182fbc9aa3237a6ef1\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch4_mipsel.deb\n Size/MD5 checksum: 150984 8eb5046e90be34e131305085221af10f\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch4_mipsel.udeb\n Size/MD5 checksum: 241298 85629612fd8622e694de441736e1a789\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch4_powerpc.deb\n Size/MD5 checksum: 146712 8ea5a32715a80160cb1cc2aa867b102c\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch4_powerpc.udeb\n Size/MD5 checksum: 240750 091354c0ed2e1862deb0d9e6115d2180\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch4_powerpc.deb\n Size/MD5 checksum: 661838 3c91577f699fe66b6071dda7c3a42dcb\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch4_powerpc.deb\n Size/MD5 checksum: 346290 b559e4fb3e00fe5fcd588c40602bd910\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch4_s390.deb\n Size/MD5 checksum: 356076 e48aa00adc24d97c93dd9fc2d5f4fd34\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch4_s390.udeb\n Size/MD5 checksum: 250068 e13c662aa161403a864713023cb018e5\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch4_s390.deb\n Size/MD5 checksum: 657196 295be8c03e50515aabdcfb1788156aeb\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch4_s390.deb\n Size/MD5 checksum: 151346 854a1fe96587a70a6067f4a5affb0121\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch4_sparc.udeb\n Size/MD5 checksum: 219912 7eeccf7c86fe05ca6d298936e6b10ab6\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch4_sparc.deb\n Size/MD5 checksum: 130716 c6a1f315342ae245cbda46a84e90c433\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch4_sparc.deb\n Size/MD5 checksum: 640902 f7ca045b251e70739392ec7ce8ab482e\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch4_sparc.deb\n Size/MD5 checksum: 327038 bb3585c482b61149ce8263f41aae47e1\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nDebian (stable)\n- ---------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny1.dsc\n Size/MD5 checksum: 1218 44b657bd7355ca8852b5f728220521ce\n http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny1.diff.gz\n Size/MD5 checksum: 32714 61c850f28c09fe85dae75d4f1b99face\n http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7.orig.tar.gz\n Size/MD5 checksum: 1567540 c1a9f44fde316470176fd6d66af3a0e8\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny1_alpha.deb\n Size/MD5 checksum: 410964 cb1fe88aabd717639646ac801af81ee2\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny1_alpha.udeb\n Size/MD5 checksum: 296580 9a038e74a937abc9e778983f0c29d34b\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny1_alpha.deb\n Size/MD5 checksum: 773016 8bca0aa54bcf4ebae4fbac5d2187d227\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny1_alpha.deb\n Size/MD5 checksum: 253016 e7d7396812a700bb5ed96267dfb9c688\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny1_amd64.deb\n Size/MD5 checksum: 386078 4e02c0874f0d74024377d5ad0db011c2\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny1_amd64.udeb\n Size/MD5 checksum: 269820 9b45623d31f65844ad61a94cef4ef247\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny1_amd64.deb\n Size/MD5 checksum: 224982 0bf7345babe2902e3dbd7f3faea3e500\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny1_amd64.deb\n Size/MD5 checksum: 716368 db2d36f34779db9ed2f4cc7696c4e63e\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny1_arm.deb\n Size/MD5 checksum: 357008 c75a4aef434efb7350d4fa61c970b49f\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny1_arm.deb\n Size/MD5 checksum: 686206 6e3e297e88ee26914783c6b5ac21ad86\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny1_arm.udeb\n Size/MD5 checksum: 242328 7a9e43536fc66794183900c4fe55f71d\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny1_arm.deb\n Size/MD5 checksum: 205088 29f58b85f53aaaa55dd7ee193b4d54eb\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny1_armel.deb\n Size/MD5 checksum: 352880 86d4884de97fa6d8efd0e69bfcbe639a\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny1_armel.udeb\n Size/MD5 checksum: 236650 a59f0476b2d47b8230ff73807c842c24\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny1_armel.deb\n Size/MD5 checksum: 209746 1866c3d74ec811d6d817d64d12433037\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny1_armel.deb\n Size/MD5 checksum: 682520 942a49f6a3a9f5a59942139b406b5ffc\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny1_hppa.deb\n Size/MD5 checksum: 390162 cf7cd361dfbdb42d2ed322700eb64d9c\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny1_hppa.udeb\n Size/MD5 checksum: 273886 186d424c56d93dbe83e92b7c85c4358c\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny1_hppa.deb\n Size/MD5 checksum: 226784 4664ea025f33f37d3038a90531209d72\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny1_hppa.deb\n Size/MD5 checksum: 724860 b53ea689c65363dd51583064caa53cb9\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny1_i386.udeb\n Size/MD5 checksum: 254386 951df80ccc9bef3d07dedbbe17760d82\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny1_i386.deb\n Size/MD5 checksum: 198880 46f5663ce579a51e18dc934109cc0645\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny1_i386.deb\n Size/MD5 checksum: 685616 76c13ff85e98143d4e5fd52b69968784\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny1_i386.deb\n Size/MD5 checksum: 371606 7e56c724b16e31ea9e2b42c54ec4a251\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny1_ia64.deb\n Size/MD5 checksum: 530754 94cf9762bf27b1b9a4bd3d35ea6758a4\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny1_ia64.deb\n Size/MD5 checksum: 332086 9a5888c8030cd330977a64a477a0a41b\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny1_ia64.deb\n Size/MD5 checksum: 876300 7b32ce2b7ff8373de9f51cd192c023ca\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny1_ia64.udeb\n Size/MD5 checksum: 415562 2b8999a2fc8880c2e4961e2e73841088\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny1_mips.deb\n Size/MD5 checksum: 369352 36448c61e845aa19ad6faa289ea2197c\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny1_mips.deb\n Size/MD5 checksum: 713460 06a964dd69eddcc3ca57d1407f2b5862\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny1_mips.deb\n Size/MD5 checksum: 214692 8b8657d67b7fc506d58d81e6373b3ca4\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny1_mips.udeb\n Size/MD5 checksum: 253888 b50c6cbcf39b19ded0e1eef2a02ce791\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny1_powerpc.deb\n Size/MD5 checksum: 232708 7d465ffc5c11c8905504c46e8a84b4f1\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny1_powerpc.deb\n Size/MD5 checksum: 704558 595985965b7457bad1736f29b824c6ee\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny1_powerpc.udeb\n Size/MD5 checksum: 262760 b6acafdb4fe4027b06ccc2391f9f97a2\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny1_powerpc.deb\n Size/MD5 checksum: 377576 6d0f0b5a2a591bafd311cb1fb9dbee92\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny1_s390.udeb\n Size/MD5 checksum: 268096 5f407b3c65dfd595178dc613a1317723\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny1_s390.deb\n Size/MD5 checksum: 698526 71f0ebec47a0849792b0fcde8cb303f7\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny1_s390.deb\n Size/MD5 checksum: 383702 9a8756caba0dede5c29ddb6679d81c92\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny1_s390.deb\n Size/MD5 checksum: 225100 035b81559e7890c37e1786b5ed5abb18\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny1_sparc.udeb\n Size/MD5 checksum: 235404 bf3d981df44758a15b90cd112af49269\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny1_sparc.deb\n Size/MD5 checksum: 200860 fd28ab28bf37b1b744ae1d355fc424eb\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny1_sparc.deb\n Size/MD5 checksum: 679232 2fc951d4720997ab6c627145c75e942a\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny1_sparc.deb\n Size/MD5 checksum: 351398 9cd398f6ba4b5431385746dc308e828e\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "modified": "2009-04-30T18:16:27", "published": "2009-04-30T18:16:27", "id": "DEBIAN:DSA-1784-1:4969D", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2009/msg00095.html", "title": "[SECURITY] [DSA 1784-1] New freetype packages fix arbitrary code execution", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:09:23", "bulletinFamily": "unix", "description": "Tavis Ormandy discovered that FreeType did not correctly handle certain large values in font files. If a user were tricked into using a specially crafted font file, a remote attacker could execute arbitrary code with user privileges.", "modified": "2009-04-27T00:00:00", "published": "2009-04-27T00:00:00", "id": "USN-767-1", "href": "https://usn.ubuntu.com/767-1/", "title": "FreeType vulnerability", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:41:36", "bulletinFamily": "unix", "description": "[2.2.1-21]\n- Add freetype-2009-CVEs.patch\n- Resolves: #496111 ", "modified": "2009-05-22T00:00:00", "published": "2009-05-22T00:00:00", "id": "ELSA-2009-1061", "href": "http://linux.oracle.com/errata/ELSA-2009-1061.html", "title": "freetype security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2018-08-31T01:15:27", "bulletinFamily": "unix", "description": "\nSecunia reports:\n\nSome vulnerabilities have been reported in FreeType, which can be\n\t exploited by malicious people to potentially compromise an application\n\t using the library.\nAn integer overflow error within the \"cff_charset_compute_cids()\"\n\t function in cff/cffload.c can be exploited to potentially cause a\n\t heap-based buffer overflow via a specially crafted font.\nMultiple integer overflow errors within validation functions in\n\t sfnt/ttcmap.c can be exploited to bypass length validations and\n\t potentially cause buffer overflows via specially crafted fonts.\nAn integer overflow error within the \"ft_smooth_render_generic()\"\n\t function in smooth/ftsmooth.c can be exploited to potentially cause a\n\t heap-based buffer overflow via a specially crafted font.\n\n", "modified": "2009-04-16T00:00:00", "published": "2009-04-16T00:00:00", "id": "20B4F284-2BFC-11DE-BDEB-0030843D3802", "href": "https://vuxml.freebsd.org/freebsd/20b4f284-2bfc-11de-bdeb-0030843d3802.html", "title": "freetype2 -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}