Test ID:	1.3.6.1.4.1.25623.1.0.61131
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2008:0558
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory RHSA-2008:0558. FreeType is a free, high-quality, portable font engine that can open and manage font files, as well as efficiently load, hint and render individual glyphs. Multiple flaws were discovered in FreeType's Printer Font Binary (PFB) and TrueType Font (TTF) font-file format parsers. If a user loaded a carefully crafted font-file with a program linked against FreeType, it could cause the application to crash, or possibly execute arbitrary code. (CVE-2008-1806, CVE-2008-1807, CVE-2008-1808) Note: the flaw in FreeType's TrueType Font (TTF) font-file format parser, covered by CVE-2008-1808, only affected the FreeType 1 library (libttf), shipped in the freetype packages in Red Hat Enterprise Linux 2.1. The FreeType 2 library (libfreetype) is not affected, as it is not compiled with TTF Byte Code Interpreter (BCI) support. Users of freetype should upgrade to these updated packages, which contain backported patches to resolve these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2008-0558.html http://www.redhat.com/security/updates/classification/#important Risk factor : High CVSS Score: 7.5
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-1806 http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html BugTraq ID: 29640 http://www.securityfocus.com/bid/29640 Bugtraq: 20080814 rPSA-2008-0255-1 freetype (Google Search) http://www.securityfocus.com/archive/1/495497/100/0/threaded Bugtraq: 20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues. (Google Search) http://www.securityfocus.com/archive/1/495869/100/0/threaded https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00717.html https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00721.html http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html http://security.gentoo.org/glsa/glsa-200806-10.xml http://security.gentoo.org/glsa/glsa-201209-25.xml http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=715 http://www.mandriva.com/security/advisories?name=MDVSA-2008:121 http://sourceforge.net/project/shownotes.php?group_id=3157&release_id=605780 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9321 http://www.redhat.com/support/errata/RHSA-2008-0556.html http://www.redhat.com/support/errata/RHSA-2008-0558.html http://securitytracker.com/id?1020238 http://secunia.com/advisories/30600 http://secunia.com/advisories/30721 http://secunia.com/advisories/30740 http://secunia.com/advisories/30766 http://secunia.com/advisories/30819 http://secunia.com/advisories/30821 http://secunia.com/advisories/30967 http://secunia.com/advisories/31479 http://secunia.com/advisories/31577 http://secunia.com/advisories/31707 http://secunia.com/advisories/31709 http://secunia.com/advisories/31711 http://secunia.com/advisories/31712 http://secunia.com/advisories/31823 http://secunia.com/advisories/31856 http://secunia.com/advisories/31900 http://secunia.com/advisories/33937 http://sunsolve.sun.com/search/document.do?assetkey=1-26-239006-1 SuSE Security Announcement: SUSE-SR:2008:014 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html http://www.ubuntu.com/usn/usn-643-1 http://www.vupen.com/english/advisories/2008/1794 http://www.vupen.com/english/advisories/2008/1876/references http://www.vupen.com/english/advisories/2008/2423 http://www.vupen.com/english/advisories/2008/2466 http://www.vupen.com/english/advisories/2008/2525 http://www.vupen.com/english/advisories/2008/2558 Common Vulnerability Exposure (CVE) ID: CVE-2008-1807 BugTraq ID: 29641 http://www.securityfocus.com/bid/29641 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=716 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9767 http://securitytracker.com/id?1020239 Common Vulnerability Exposure (CVE) ID: CVE-2008-1808 BugTraq ID: 29637 http://www.securityfocus.com/bid/29637 BugTraq ID: 29639 http://www.securityfocus.com/bid/29639 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=717 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11188 http://www.redhat.com/support/errata/RHSA-2009-0329.html http://securitytracker.com/id?1020240 http://secunia.com/advisories/35204
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.