Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.61593
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 1635-1 (freetype)
Summary:NOSUMMARY
Description:Description:
The remote host is missing an update to freetype
announced via advisory DSA 1635-1.

Several local vulnerabilities have been discovered in freetype,
a FreeType 2 font engine, which could allow the execution of arbitrary
code.

The Common Vulnerabilities and Exposures project identifies the
following problems:

CVE-2008-1806
An integer overflow allows context-dependent attackers to execute
arbitrary code via a crafted set of values within the Private
dictionary table in a Printer Font Binary (PFB) file.

CVE-2008-1807
The handling of an invalid number of axes field in the PFB file could
trigger the freeing of aribtrary memory locations, leading to
memory corruption.

CVE-2008-1808
Multiple off-by-one errors allowed the execution of arbitrary code
via malformed tables in PFB files, or invalid SHC instructions in
TTF files.


For the stable distribution (etch), these problems have been fixed in version
2.2.1-5+etch3.

For the unstable distribution (sid), these problems have been fixed in
version 2.3.6-1.

We recommend that you upgrade your freetype package.

Solution:
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201635-1

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-1806
http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html
http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
BugTraq ID: 29640
http://www.securityfocus.com/bid/29640
Bugtraq: 20080814 rPSA-2008-0255-1 freetype (Google Search)
http://www.securityfocus.com/archive/1/495497/100/0/threaded
Bugtraq: 20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues. (Google Search)
http://www.securityfocus.com/archive/1/495869/100/0/threaded
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00717.html
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00721.html
http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html
http://security.gentoo.org/glsa/glsa-200806-10.xml
http://security.gentoo.org/glsa/glsa-201209-25.xml
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=715
http://www.mandriva.com/security/advisories?name=MDVSA-2008:121
http://sourceforge.net/project/shownotes.php?group_id=3157&release_id=605780
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9321
http://www.redhat.com/support/errata/RHSA-2008-0556.html
http://www.redhat.com/support/errata/RHSA-2008-0558.html
http://securitytracker.com/id?1020238
http://secunia.com/advisories/30600
http://secunia.com/advisories/30721
http://secunia.com/advisories/30740
http://secunia.com/advisories/30766
http://secunia.com/advisories/30819
http://secunia.com/advisories/30821
http://secunia.com/advisories/30967
http://secunia.com/advisories/31479
http://secunia.com/advisories/31577
http://secunia.com/advisories/31707
http://secunia.com/advisories/31709
http://secunia.com/advisories/31711
http://secunia.com/advisories/31712
http://secunia.com/advisories/31823
http://secunia.com/advisories/31856
http://secunia.com/advisories/31900
http://secunia.com/advisories/33937
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239006-1
SuSE Security Announcement: SUSE-SR:2008:014 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
http://www.ubuntu.com/usn/usn-643-1
http://www.vupen.com/english/advisories/2008/1794
http://www.vupen.com/english/advisories/2008/1876/references
http://www.vupen.com/english/advisories/2008/2423
http://www.vupen.com/english/advisories/2008/2466
http://www.vupen.com/english/advisories/2008/2525
http://www.vupen.com/english/advisories/2008/2558
Common Vulnerability Exposure (CVE) ID: CVE-2008-1807
BugTraq ID: 29641
http://www.securityfocus.com/bid/29641
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=716
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9767
http://securitytracker.com/id?1020239
Common Vulnerability Exposure (CVE) ID: CVE-2008-1808
BugTraq ID: 29637
http://www.securityfocus.com/bid/29637
BugTraq ID: 29639
http://www.securityfocus.com/bid/29639
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=717
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11188
http://www.redhat.com/support/errata/RHSA-2009-0329.html
http://securitytracker.com/id?1020240
http://secunia.com/advisories/35204
CopyrightCopyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.