Test ID:	1.3.6.1.4.1.25623.1.0.122314
Category:	Oracle Linux Local Security Checks
Title:	Oracle: Security Advisory (ELSA-2010-0737)
Summary:	The remote host is missing an update for the 'freetype' package(s) announced via the ELSA-2010-0737 advisory.
Description:	Summary: The remote host is missing an update for the 'freetype' package(s) announced via the ELSA-2010-0737 advisory. Vulnerability Insight: [2.2.1-28] - Modify freetype-2.2.1-CVE-2010-3054.patch - Resolves: #638142 [2.2.1-27] - Add freetype-2.2.1-CVE-2010-2806.patch (Protect against negative string_size. Fix comparison.) - Add freetype-2.2.1-CVE-2010-3311.patch (Don't seek behind end of stream.) - Add freetype-2.2.1-CVE-2010-3054.patch (Protect against nested 'seac' calls.) - Add freetype-2.2.1-CVE-2010-2808.patch (Check the total length of collected POST segments.) - Resolves: #638142 Affected Software/OS: 'freetype' package(s) on Oracle Linux 4, Oracle Linux 5. Solution: Please install the updated package(s). CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2806 40816 http://secunia.com/advisories/40816 40982 http://secunia.com/advisories/40982 42285 http://www.securityfocus.com/bid/42285 42314 http://secunia.com/advisories/42314 42317 http://secunia.com/advisories/42317 ADV-2010-2018 http://www.vupen.com/english/advisories/2010/2018 ADV-2010-2106 http://www.vupen.com/english/advisories/2010/2106 ADV-2010-3045 http://www.vupen.com/english/advisories/2010/3045 ADV-2010-3046 http://www.vupen.com/english/advisories/2010/3046 APPLE-SA-2010-11-10-1 http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html APPLE-SA-2010-11-22-1 http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html RHSA-2010:0736 https://rhn.redhat.com/errata/RHSA-2010-0736.html RHSA-2010:0737 https://rhn.redhat.com/errata/RHSA-2010-0737.html RHSA-2010:0864 http://www.redhat.com/support/errata/RHSA-2010-0864.html USN-972-1 http://www.ubuntu.com/usn/USN-972-1 [oss-security] 20100806 Re: CVE Request -- FreeType -- Memory corruption flaw by processing certain LWFN fonts + three more http://marc.info/?l=oss-security&m=128111955616772&w=2 http://freetype.sourceforge.net/index2.html#release-freetype-2.4.2 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=c06da1ad34663da7b6fc39b030dc3ae185b96557 http://sourceforge.net/projects/freetype/files/freetype2/2.4.2/NEWS/view http://support.apple.com/kb/HT4435 http://support.apple.com/kb/HT4456 http://support.apple.com/kb/HT4457 https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019 https://bugzilla.redhat.com/show_bug.cgi?id=621980 https://savannah.nongnu.org/bugs/?30656 Common Vulnerability Exposure (CVE) ID: CVE-2010-2808 [oss-security] 20100806 CVE Request -- FreeType -- Memory corruption flaw by processing certain LWFN fonts http://marc.info/?l=oss-security&m=128110167119337&w=2 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=81f3472c0ba7b8f6466e2e214fa8c1c17fade975 https://bugzilla.redhat.com/show_bug.cgi?id=621907 https://savannah.nongnu.org/bugs/?30658 Common Vulnerability Exposure (CVE) ID: CVE-2010-3054 BugTraq ID: 42621 http://www.securityfocus.com/bid/42621 RedHat Security Advisories: RHSA-2010:0736 RedHat Security Advisories: RHSA-2010:0737 http://secunia.com/advisories/48951 SuSE Security Announcement: SUSE-SR:2010:019 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html Common Vulnerability Exposure (CVE) ID: CVE-2010-3311 43700 http://www.securityfocus.com/bid/43700 48951 DSA-2116 http://www.debian.org/security/2010/dsa-2116 MDVSA-2010:201 http://www.mandriva.com/security/advisories?name=MDVSA-2010:201 SUSE-SR:2010:019 USN-1013-1 http://www.ubuntu.com/usn/USN-1013-1 https://bugzilla.redhat.com/show_bug.cgi?id=623625
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.