Test ID:	1.3.6.1.4.1.25623.1.0.122297
Category:	Oracle Linux Local Security Checks
Title:	Oracle: Security Advisory (ELSA-2010-0889)
Summary:	The remote host is missing an update for the 'freetype' package(s) announced via the ELSA-2010-0889 advisory.
Description:	Summary: The remote host is missing an update for the 'freetype' package(s) announced via the ELSA-2010-0889 advisory. Vulnerability Insight: [2.3.11-6.el6_0.2] - Add freetype-2.3.11-CVE-2010-3855.patch (Protect against invalid runcnt values.) - Resolves: #651761 [2.3.11-6.el6_0.1] - Add freetype-2.3.11-CVE-2010-2805.patch (Fix comparison.) - Add freetype-2.3.11-CVE-2010-2806.patch (Protect against negative string_size. Fix comparison.) - Add freetype-2.3.11-CVE-2010-2808.patch (Check the total length of collected POST segments.) - Add freetype-2.3.11-CVE-2010-3311.patch (Don't seek behind end of stream.) - Resolves: #638838 Affected Software/OS: 'freetype' package(s) on Oracle Linux 4, Oracle Linux 5, Oracle Linux 6. Solution: Please install the updated package(s). CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2805 40816 http://secunia.com/advisories/40816 40982 http://secunia.com/advisories/40982 42285 http://www.securityfocus.com/bid/42285 42314 http://secunia.com/advisories/42314 42317 http://secunia.com/advisories/42317 48951 http://secunia.com/advisories/48951 ADV-2010-2018 http://www.vupen.com/english/advisories/2010/2018 ADV-2010-2106 http://www.vupen.com/english/advisories/2010/2106 ADV-2010-3045 http://www.vupen.com/english/advisories/2010/3045 ADV-2010-3046 http://www.vupen.com/english/advisories/2010/3046 APPLE-SA-2010-11-10-1 http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html APPLE-SA-2010-11-22-1 http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html RHSA-2010:0864 http://www.redhat.com/support/errata/RHSA-2010-0864.html USN-972-1 http://www.ubuntu.com/usn/USN-972-1 [oss-security] 20100806 Re: CVE Request -- FreeType -- Memory corruption flaw by processing certain LWFN fonts + three more http://marc.info/?l=oss-security&m=128111955616772&w=2 http://freetype.sourceforge.net/index2.html#release-freetype-2.4.2 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=45a3c76b547511fa9d97aca34b150a0663257375 http://sourceforge.net/projects/freetype/files/freetype2/2.4.2/NEWS/view http://support.apple.com/kb/HT4435 http://support.apple.com/kb/HT4456 http://support.apple.com/kb/HT4457 https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019 https://savannah.nongnu.org/bugs/?30644 Common Vulnerability Exposure (CVE) ID: CVE-2010-2806 RHSA-2010:0736 https://rhn.redhat.com/errata/RHSA-2010-0736.html RHSA-2010:0737 https://rhn.redhat.com/errata/RHSA-2010-0737.html http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=c06da1ad34663da7b6fc39b030dc3ae185b96557 https://bugzilla.redhat.com/show_bug.cgi?id=621980 https://savannah.nongnu.org/bugs/?30656 Common Vulnerability Exposure (CVE) ID: CVE-2010-2808 [oss-security] 20100806 CVE Request -- FreeType -- Memory corruption flaw by processing certain LWFN fonts http://marc.info/?l=oss-security&m=128110167119337&w=2 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=81f3472c0ba7b8f6466e2e214fa8c1c17fade975 https://bugzilla.redhat.com/show_bug.cgi?id=621907 https://savannah.nongnu.org/bugs/?30658 Common Vulnerability Exposure (CVE) ID: CVE-2010-3311 43700 http://www.securityfocus.com/bid/43700 DSA-2116 http://www.debian.org/security/2010/dsa-2116 MDVSA-2010:201 http://www.mandriva.com/security/advisories?name=MDVSA-2010:201 SUSE-SR:2010:019 http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html USN-1013-1 http://www.ubuntu.com/usn/USN-1013-1 https://bugzilla.redhat.com/show_bug.cgi?id=623625 Common Vulnerability Exposure (CVE) ID: CVE-2010-3855 1024745 http://www.securitytracker.com/id?1024745 42289 http://secunia.com/advisories/42289 42295 http://secunia.com/advisories/42295 43138 http://secunia.com/advisories/43138 44214 http://www.securityfocus.com/bid/44214 ADV-2010-3037 http://www.vupen.com/english/advisories/2010/3037 ADV-2011-0246 http://www.vupen.com/english/advisories/2011/0246 APPLE-SA-2011-03-09-1 http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html APPLE-SA-2011-03-09-3 http://lists.apple.com/archives/security-announce/2011//Mar/msg00005.html APPLE-SA-2011-03-21-1 http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html APPLE-SA-2011-07-15-1 http://lists.apple.com/archives/security-announce/2011//Jul/msg00000.html APPLE-SA-2011-07-15-2 http://lists.apple.com/archives/security-announce/2011//Jul/msg00001.html DSA-2155 http://www.debian.org/security/2011/dsa-2155 FEDORA-2010-17728 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051231.html FEDORA-2010-17742 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050965.html FEDORA-2010-17755 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051251.html MDVSA-2010:235 http://www.mandriva.com/security/advisories?name=MDVSA-2010:235 MDVSA-2010:236 http://www.mandriva.com/security/advisories?name=MDVSA-2010:236 RHSA-2010:0889 http://www.redhat.com/support/errata/RHSA-2010-0889.html http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=602221 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=59eb9f8cfe7d1df379a2318316d1f04f80fba54a http://support.apple.com/kb/HT4564 http://support.apple.com/kb/HT4565 http://support.apple.com/kb/HT4581 http://support.apple.com/kb/HT4802 http://support.apple.com/kb/HT4803 http://support.avaya.com/css/P8/documents/100122733 https://savannah.nongnu.org/bugs/?31310
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.