 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.1.10.2015.0083 |
| Categoría: | Mageia Linux Local Security Checks |
| Título: | Mageia: Security Advisory (MGASA-2015-0083) |
| Resumen: | The remote host is missing an update for the 'freetype2' package(s) announced via the MGASA-2015-0083 advisory. |
| Descripción: | Summary: The remote host is missing an update for the 'freetype2' package(s) announced via the MGASA-2015-0083 advisory. Vulnerability Insight: Updated freetype2 packages fix security vulnerabilities: The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted OpenType font (CVE-2014-9656). The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font (CVE-2014-9657). The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font (CVE-2014-9658). The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted BDF font (CVE-2014-9660). type42/t42parse.c in FreeType before 2.5.4 does not consider that scanning can be incomplete without triggering an error, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted Type42 font (CVE-2014-9661). cff/cf2ft.c in FreeType before 2.5.4 does not validate the return values of point-allocation functions, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted OTF font (CVE-2014-9662). The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is completely calculated, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted cmap SFNT table (CVE-2014-9663). FreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted Type42 font, related to type42/t42parse.c and type1/t1load.c (CVE-2014-9664). The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4 proceeds with a count-to-size association without restricting the count value, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted embedded bitmap (CVE-2014-9666). sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting the values, which allows remote attackers to cause a ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'freetype2' package(s) on Mageia 4. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2014-9656 BugTraq ID: 72986 http://www.securityfocus.com/bid/72986 Debian Security Information: DSA-3188 (Google Search) http://www.debian.org/security/2015/dsa-3188 http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html https://security.gentoo.org/glsa/201503-05 http://www.mandriva.com/security/advisories?name=MDVSA-2015:055 http://code.google.com/p/google-security-research/issues/detail?id=196 SuSE Security Announcement: openSUSE-SU-2015:0627 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html http://www.ubuntu.com/usn/USN-2510-1 http://www.ubuntu.com/usn/USN-2739-1 Common Vulnerability Exposure (CVE) ID: CVE-2014-9657 http://code.google.com/p/google-security-research/issues/detail?id=195 RedHat Security Advisories: RHSA-2015:0696 http://rhn.redhat.com/errata/RHSA-2015-0696.html Common Vulnerability Exposure (CVE) ID: CVE-2014-9658 http://code.google.com/p/google-security-research/issues/detail?id=194 Common Vulnerability Exposure (CVE) ID: CVE-2014-9660 http://code.google.com/p/google-security-research/issues/detail?id=188 Common Vulnerability Exposure (CVE) ID: CVE-2014-9661 http://code.google.com/p/google-security-research/issues/detail?id=187 http://packetstormsecurity.com/files/134396/FreeType-2.5.3-Type42-Parsing-Use-After-Free.html Common Vulnerability Exposure (CVE) ID: CVE-2014-9662 http://code.google.com/p/google-security-research/issues/detail?id=185 Common Vulnerability Exposure (CVE) ID: CVE-2014-9663 http://code.google.com/p/google-security-research/issues/detail?id=184 Common Vulnerability Exposure (CVE) ID: CVE-2014-9664 http://code.google.com/p/google-security-research/issues/detail?id=183 Common Vulnerability Exposure (CVE) ID: CVE-2014-9666 http://code.google.com/p/google-security-research/issues/detail?id=167 Common Vulnerability Exposure (CVE) ID: CVE-2014-9667 http://code.google.com/p/google-security-research/issues/detail?id=166 Common Vulnerability Exposure (CVE) ID: CVE-2014-9669 http://code.google.com/p/google-security-research/issues/detail?id=163 Common Vulnerability Exposure (CVE) ID: CVE-2014-9670 http://code.google.com/p/google-security-research/issues/detail?id=158 Common Vulnerability Exposure (CVE) ID: CVE-2014-9671 http://code.google.com/p/google-security-research/issues/detail?id=157 Common Vulnerability Exposure (CVE) ID: CVE-2014-9672 http://code.google.com/p/google-security-research/issues/detail?id=155 http://packetstormsecurity.com/files/134395/FreeType-2.5.3-Mac-FOND-Resource-Parsing-Out-Of-Bounds-Read-From-Stack.html Common Vulnerability Exposure (CVE) ID: CVE-2014-9673 http://code.google.com/p/google-security-research/issues/detail?id=154 Common Vulnerability Exposure (CVE) ID: CVE-2014-9674 Debian Security Information: DSA-3461 (Google Search) http://www.debian.org/security/2016/dsa-3461 http://code.google.com/p/google-security-research/issues/detail?id=153 Common Vulnerability Exposure (CVE) ID: CVE-2014-9675 http://code.google.com/p/google-security-research/issues/detail?id=151 |
| Copyright | Copyright (C) 2022 Greenbone AG |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |