 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.64021 |
| Category: | Red Hat Local Security Checks |
| Title: | RedHat Security Advisory RHSA-2009:1061 |
| Summary: | The remote host is missing updates to FreeType announced in;advisory RHSA-2009:1061.;;Tavis Ormandy of the Google Security Team discovered several integer;overflow flaws in the FreeType 2 font engine. If a user loaded a;carefully-crafted font file with an application linked against FreeType 2,;it could cause the application to crash or, possibly, execute arbitrary;code with the privileges of the user running the application.;(CVE-2009-0946);;Users are advised to upgrade to these updated packages, which contain a;backported patch to correct these issues. The X server must be restarted;(log out, then log back in) for this update to take effect. |
| Description: | Summary: The remote host is missing updates to FreeType announced in advisory RHSA-2009:1061. Tavis Ormandy of the Google Security Team discovered several integer overflow flaws in the FreeType 2 font engine. If a user loaded a carefully-crafted font file with an application linked against FreeType 2, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2009-0946) Users are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2009-0946 http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html BugTraq ID: 34550 http://www.securityfocus.com/bid/34550 Cert/CC Advisory: TA09-133A http://www.us-cert.gov/cas/techalerts/TA09-133A.html Debian Security Information: DSA-1784 (Google Search) http://www.debian.org/security/2009/dsa-1784 http://security.gentoo.org/glsa/glsa-200905-05.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:243 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10149 http://www.redhat.com/support/errata/RHSA-2009-0329.html http://www.redhat.com/support/errata/RHSA-2009-1061.html http://www.redhat.com/support/errata/RHSA-2009-1062.html http://secunia.com/advisories/34723 http://secunia.com/advisories/34913 http://secunia.com/advisories/34967 http://secunia.com/advisories/35065 http://secunia.com/advisories/35074 http://secunia.com/advisories/35198 http://secunia.com/advisories/35200 http://secunia.com/advisories/35204 http://secunia.com/advisories/35210 http://secunia.com/advisories/35379 http://sunsolve.sun.com/search/document.do?assetkey=1-66-270268-1 SuSE Security Announcement: SUSE-SR:2009:010 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://www.ubuntu.com/usn/USN-767-1 http://www.vupen.com/english/advisories/2009/1058 http://www.vupen.com/english/advisories/2009/1297 http://www.vupen.com/english/advisories/2009/1522 http://www.vupen.com/english/advisories/2009/1621 |
| Copyright | Copyright (C) 2009 E-Soft Inc. |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |