Mandrake Local Security Checks : Mandriva Security Advisory MDVSA-2011:157 (freetype2)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.72060

Categoría: Mandrake Local Security Checks

Título: Mandriva Security Advisory MDVSA-2011:157 (freetype2)

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing an update to freetype2
announced via advisory MDVSA-2011:157.

A vulnerability has been discovered and corrected in freetype2:

FreeType allows remote attackers to execute arbitrary code or
cause a denial of service (memory corruption) via a crafted font
(CVE-2011-3256).

A regression was found in freetype2 in Mandriva Enterprise Server 5
that caused ugly font rendering with firefox (#63892).

Additionally, improvements conserning the LZW handling (as noted in
the freetype-2.4.7 version) was added.

The updated packages have been patched to correct these issues.

Affected: 2010.1, 2011., Enterprise Server 5.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2011:157

Risk factor : High

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-3256
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
BugTraq ID: 50155
http://www.securityfocus.com/bid/50155
Debian Security Information: DSA-2328 (Google Search)
http://www.debian.org/security/2011/dsa-2328
http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069100.html
http://www.mandriva.com/security/advisories?name=MDVSA-2011:157
http://secunia.com/advisories/48951
SuSE Security Announcement: SUSE-SU-2011:1307 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00008.html
SuSE Security Announcement: openSUSE-SU-2012:0015 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00003.html
SuSE Security Announcement: openSUSE-SU-2012:0047 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00012.html
XForce ISS Database: appleios-freetype-code-exec(70552)
https://exchange.xforce.ibmcloud.com/vulnerabilities/70552

Copyright Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.72060
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2011:157 (freetype2)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to freetype2 announced via advisory MDVSA-2011:157. A vulnerability has been discovered and corrected in freetype2: FreeType allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font (CVE-2011-3256). A regression was found in freetype2 in Mandriva Enterprise Server 5 that caused ugly font rendering with firefox (#63892). Additionally, improvements conserning the LZW handling (as noted in the freetype-2.4.7 version) was added. The updated packages have been patched to correct these issues. Affected: 2010.1, 2011., Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2011:157 Risk factor : High
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-3256 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html BugTraq ID: 50155 http://www.securityfocus.com/bid/50155 Debian Security Information: DSA-2328 (Google Search) http://www.debian.org/security/2011/dsa-2328 http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069100.html http://www.mandriva.com/security/advisories?name=MDVSA-2011:157 http://secunia.com/advisories/48951 SuSE Security Announcement: SUSE-SU-2011:1307 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00008.html SuSE Security Announcement: openSUSE-SU-2012:0015 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00003.html SuSE Security Announcement: openSUSE-SU-2012:0047 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00012.html XForce ISS Database: appleios-freetype-code-exec(70552) https://exchange.xforce.ibmcloud.com/vulnerabilities/70552
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com