Red Hat Local Security Checks : RedHat Security Advisory RHSA-2010:0607

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.67746

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2010:0607

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing updates announced in
advisory RHSA-2010:0607.

FreeType is a free, high-quality, portable font engine that can open and
manage font files. It also loads, hints, and renders individual glyphs
efficiently. The freetype packages for Red Hat Enterprise Linux 3 and 4
provide both the FreeType 1 and FreeType 2 font engines. The freetype
packages for Red Hat Enterprise Linux 5 provide only the FreeType 2 font
engine.

Two stack overflow flaws were found in the way the FreeType font engine
processed certain Compact Font Format (CFF) character strings (opcodes). If
a user loaded a specially-crafted font file with an application linked
against FreeType, it could cause the application to crash or, possibly,
execute arbitrary code with the privileges of the user running the
application. (CVE-2010-1797)

Red Hat would like to thank Braden Thomas of the Apple Product Security
team for reporting these issues.

Note: CVE-2010-1797 only affects the FreeType 2 font engine.

Users are advised to upgrade to these updated packages, which contain a
backported patch to correct these issues. The X server must be restarted
(log out, then log back in) for this update to take effect.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2010-0607.html
http://www.redhat.com/security/updates/classification/#important

Risk factor : Critical

CVSS Score:
9.3

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-1797
http://lists.apple.com/archives/security-announce/2010//Aug/msg00000.html
http://lists.apple.com/archives/security-announce/2010//Aug/msg00001.html
BugTraq ID: 42151
http://www.securityfocus.com/bid/42151
http://www.exploit-db.com/exploits/14538
http://www.f-secure.com/weblog/archives/00002002.html
http://osvdb.org/66828
http://secunia.com/advisories/40807
http://secunia.com/advisories/40816
http://secunia.com/advisories/40982
http://secunia.com/advisories/48951
http://www.ubuntu.com/usn/USN-972-1
http://www.vupen.com/english/advisories/2010/2018
http://www.vupen.com/english/advisories/2010/2106
XForce ISS Database: appleios-pdf-code-execution(60856)
https://exchange.xforce.ibmcloud.com/vulnerabilities/60856

Copyright Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.67746
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2010:0607
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2010:0607. FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 3 and 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for Red Hat Enterprise Linux 5 provide only the FreeType 2 font engine. Two stack overflow flaws were found in the way the FreeType font engine processed certain Compact Font Format (CFF) character strings (opcodes). If a user loaded a specially-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-1797) Red Hat would like to thank Braden Thomas of the Apple Product Security team for reporting these issues. Note: CVE-2010-1797 only affects the FreeType 2 font engine. Users are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2010-0607.html http://www.redhat.com/security/updates/classification/#important Risk factor : Critical CVSS Score: 9.3
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-1797 http://lists.apple.com/archives/security-announce/2010//Aug/msg00000.html http://lists.apple.com/archives/security-announce/2010//Aug/msg00001.html BugTraq ID: 42151 http://www.securityfocus.com/bid/42151 http://www.exploit-db.com/exploits/14538 http://www.f-secure.com/weblog/archives/00002002.html http://osvdb.org/66828 http://secunia.com/advisories/40807 http://secunia.com/advisories/40816 http://secunia.com/advisories/40982 http://secunia.com/advisories/48951 http://www.ubuntu.com/usn/USN-972-1 http://www.vupen.com/english/advisories/2010/2018 http://www.vupen.com/english/advisories/2010/2106 XForce ISS Database: appleios-pdf-code-execution(60856) https://exchange.xforce.ibmcloud.com/vulnerabilities/60856
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com