Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.64022
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2009:1062
Summary:NOSUMMARY
Description:Description:
The remote host is missing updates to FreeType announced in
advisory RHSA-2009:1062.

Tavis Ormandy of the Google Security Team discovered several integer
overflow flaws in the FreeType 2 font engine. If a user loaded a
carefully-crafted font file with an application linked against FreeType 2,
it could cause the application to crash or, possibly, execute arbitrary
code with the privileges of the user running the application.
(CVE-2009-0946)

Chris Evans discovered multiple integer overflow flaws in the FreeType font
engine. If a user loaded a carefully-crafted font file with an application
linked against FreeType, it could cause the application to crash or,
possibly, execute arbitrary code with the privileges of the user running
the application. (CVE-2006-1861)

An integer overflow flaw was found in the way the FreeType font engine
processed TrueType® Font (TTF) files. If a user loaded a carefully-crafted
font file with an application linked against FreeType, it could cause the
application to crash or, possibly, execute arbitrary code with the
privileges of the user running the application. (CVE-2007-2754)

Note: For the FreeType 2 font engine, the CVE-2006-1861 and CVE-2007-2754
flaws were addressed via RHSA-2006:0500 and RHSA-2007:0403 respectively.
This update provides corresponding updates for the FreeType 1 font engine,
included in the freetype packages distributed in Red Hat Enterprise Linux
2.1.

Users are advised to upgrade to these updated packages, which contain
backported patches to correct these issues. The X server must be restarted
(log out, then log back in) for this update to take effect.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2009-1062.html
http://www.redhat.com/security/updates/classification/#important

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-1861
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
BugTraq ID: 18034
http://www.securityfocus.com/bid/18034
Bugtraq: 20060612 rPSA-2006-0100-1 freetype (Google Search)
http://www.securityfocus.com/archive/1/436836/100/0/threaded
Debian Security Information: DSA-1095 (Google Search)
http://www.debian.org/security/2006/dsa-1095
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01316.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01401.html
http://security.gentoo.org/glsa/glsa-200607-02.xml
http://www.gentoo.org/security/en/glsa/glsa-200710-09.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:099
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9124
http://www.redhat.com/support/errata/RHSA-2006-0500.html
http://www.redhat.com/support/errata/RHSA-2009-0329.html
http://www.redhat.com/support/errata/RHSA-2009-1062.html
http://securitytracker.com/id?1016522
http://secunia.com/advisories/20100
http://secunia.com/advisories/20525
http://secunia.com/advisories/20591
http://secunia.com/advisories/20638
http://secunia.com/advisories/20791
http://secunia.com/advisories/21000
http://secunia.com/advisories/21062
http://secunia.com/advisories/21135
http://secunia.com/advisories/21385
http://secunia.com/advisories/21701
http://secunia.com/advisories/23939
http://secunia.com/advisories/27162
http://secunia.com/advisories/27167
http://secunia.com/advisories/27271
http://secunia.com/advisories/33937
http://secunia.com/advisories/35200
http://secunia.com/advisories/35204
http://secunia.com/advisories/35233
SGI Security Advisory: 20060701-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102705-1
SuSE Security Announcement: SUSE-SA:2006:037 (Google Search)
http://lists.suse.com/archive/suse-security-announce/2006-Jun/0012.html
SuSE Security Announcement: SUSE-SR:2007:021 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html
https://usn.ubuntu.com/291-1/
http://www.vupen.com/english/advisories/2006/1868
http://www.vupen.com/english/advisories/2007/0381
XForce ISS Database: freetype-lwfn-overflow(26553)
https://exchange.xforce.ibmcloud.com/vulnerabilities/26553
Common Vulnerability Exposure (CVE) ID: CVE-2007-2754
http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
BugTraq ID: 24074
http://www.securityfocus.com/bid/24074
Bugtraq: 20070524 FLEA-2007-0020-1: freetype (Google Search)
http://www.securityfocus.com/archive/1/469463/100/200/threaded
Bugtraq: 20070613 FLEA-2007-0025-1: openoffice.org (Google Search)
http://www.securityfocus.com/archive/1/471286/30/6180/threaded
Cert/CC Advisory: TA09-133A
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
Debian Security Information: DSA-1302 (Google Search)
http://www.debian.org/security/2007/dsa-1302
Debian Security Information: DSA-1334 (Google Search)
http://www.debian.org/security/2007/dsa-1334
http://www.gentoo.org/security/en/glsa/glsa-200705-22.xml
http://www.gentoo.org/security/en/glsa/glsa-200707-02.xml
http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:121
http://lists.gnu.org/archive/html/freetype-devel/2007-04/msg00041.html
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.018.html
http://osvdb.org/36509
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11325
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5532
http://www.redhat.com/support/errata/RHSA-2007-0403.html
http://www.securitytracker.com/id?1018088
http://secunia.com/advisories/25350
http://secunia.com/advisories/25353
http://secunia.com/advisories/25386
http://secunia.com/advisories/25463
http://secunia.com/advisories/25483
http://secunia.com/advisories/25609
http://secunia.com/advisories/25612
http://secunia.com/advisories/25654
http://secunia.com/advisories/25705
http://secunia.com/advisories/25808
http://secunia.com/advisories/25894
http://secunia.com/advisories/25905
http://secunia.com/advisories/26129
http://secunia.com/advisories/26305
http://secunia.com/advisories/28298
http://secunia.com/advisories/30161
http://secunia.com/advisories/35074
SGI Security Advisory: 20070602-01-P
ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102967-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103171-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200033-1
SuSE Security Announcement: SUSE-SA:2007:041 (Google Search)
http://www.novell.com/linux/security/advisories/2007_41_freetype2.html
http://www.trustix.org/errata/2007/0019/
http://www.ubuntu.com/usn/usn-466-1
http://www.vupen.com/english/advisories/2007/1894
http://www.vupen.com/english/advisories/2007/2229
http://www.vupen.com/english/advisories/2008/0049
http://www.vupen.com/english/advisories/2009/1297
Common Vulnerability Exposure (CVE) ID: CVE-2009-0946
http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
BugTraq ID: 34550
http://www.securityfocus.com/bid/34550
Debian Security Information: DSA-1784 (Google Search)
http://www.debian.org/security/2009/dsa-1784
http://security.gentoo.org/glsa/glsa-200905-05.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:243
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10149
http://www.redhat.com/support/errata/RHSA-2009-1061.html
http://secunia.com/advisories/34723
http://secunia.com/advisories/34913
http://secunia.com/advisories/34967
http://secunia.com/advisories/35065
http://secunia.com/advisories/35198
http://secunia.com/advisories/35210
http://secunia.com/advisories/35379
http://sunsolve.sun.com/search/document.do?assetkey=1-66-270268-1
SuSE Security Announcement: SUSE-SR:2009:010 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
http://www.ubuntu.com/usn/USN-767-1
http://www.vupen.com/english/advisories/2009/1058
http://www.vupen.com/english/advisories/2009/1522
http://www.vupen.com/english/advisories/2009/1621
CopyrightCopyright (c) 2009 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.