ID de Prueba:	1.3.6.1.4.1.25623.1.0.61219
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: freetype2
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: freetype2 CVE-2008-1806 Integer overflow in FreeType2 before 2.3.6 allows context-dependent attackers to execute arbitrary code via a crafted set of 16-bit length values within the Private dictionary table in a Printer Font Binary (PFB) file, which triggers a heap-based buffer overflow. CVE-2008-1807 FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via an invalid 'number of axes' field in a Printer Font Binary (PFB) file, which triggers a free of arbitrary memory locations, leading to memory corruption. CVE-2008-1808 Multiple off-by-one errors in FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via (1) a crafted table in a Printer Font Binary (PFB) file or (2) a crafted SHC instruction in a TrueType Font (TTF) file, which triggers a heap-based buffer overflow. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-1806 http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html BugTraq ID: 29640 http://www.securityfocus.com/bid/29640 Bugtraq: 20080814 rPSA-2008-0255-1 freetype (Google Search) http://www.securityfocus.com/archive/1/495497/100/0/threaded Bugtraq: 20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues. (Google Search) http://www.securityfocus.com/archive/1/495869/100/0/threaded https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00717.html https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00721.html http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html http://security.gentoo.org/glsa/glsa-200806-10.xml http://security.gentoo.org/glsa/glsa-201209-25.xml http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=715 http://www.mandriva.com/security/advisories?name=MDVSA-2008:121 http://sourceforge.net/project/shownotes.php?group_id=3157&release_id=605780 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9321 http://www.redhat.com/support/errata/RHSA-2008-0556.html http://www.redhat.com/support/errata/RHSA-2008-0558.html http://securitytracker.com/id?1020238 http://secunia.com/advisories/30600 http://secunia.com/advisories/30721 http://secunia.com/advisories/30740 http://secunia.com/advisories/30766 http://secunia.com/advisories/30819 http://secunia.com/advisories/30821 http://secunia.com/advisories/30967 http://secunia.com/advisories/31479 http://secunia.com/advisories/31577 http://secunia.com/advisories/31707 http://secunia.com/advisories/31709 http://secunia.com/advisories/31711 http://secunia.com/advisories/31712 http://secunia.com/advisories/31823 http://secunia.com/advisories/31856 http://secunia.com/advisories/31900 http://secunia.com/advisories/33937 http://sunsolve.sun.com/search/document.do?assetkey=1-26-239006-1 SuSE Security Announcement: SUSE-SR:2008:014 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html http://www.ubuntu.com/usn/usn-643-1 http://www.vupen.com/english/advisories/2008/1794 http://www.vupen.com/english/advisories/2008/1876/references http://www.vupen.com/english/advisories/2008/2423 http://www.vupen.com/english/advisories/2008/2466 http://www.vupen.com/english/advisories/2008/2525 http://www.vupen.com/english/advisories/2008/2558 Common Vulnerability Exposure (CVE) ID: CVE-2008-1807 BugTraq ID: 29641 http://www.securityfocus.com/bid/29641 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=716 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9767 http://securitytracker.com/id?1020239 Common Vulnerability Exposure (CVE) ID: CVE-2008-1808 BugTraq ID: 29637 http://www.securityfocus.com/bid/29637 BugTraq ID: 29639 http://www.securityfocus.com/bid/29639 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=717 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11188 http://www.redhat.com/support/errata/RHSA-2009-0329.html http://securitytracker.com/id?1020240 http://secunia.com/advisories/35204
Copyright	Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.