Test ID:	1.3.6.1.4.1.25623.1.0.56934
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-1095-1)
Summary:	The remote host is missing an update for the Debian 'freetype' package(s) announced via the DSA-1095-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'freetype' package(s) announced via the DSA-1095-1 advisory. Vulnerability Insight: Several problems have been discovered in the FreeType 2 font engine. The Common vulnerabilities and Exposures project identifies the following problems: CVE-2006-0747 Several integer underflows have been discovered which could allow remote attackers to cause a denial of service. CVE-2006-1861 Chris Evans discovered several integer overflows that lead to a denial of service or could possibly even lead to the execution of arbitrary code. CVE-2006-2493 Several more integer overflows have been discovered which could possibly lead to the execution of arbitrary code. CVE-2006-2661 A null pointer dereference could cause a denial of service. For the old stable distribution (woody) these problems have been fixed in version 2.0.9-1woody1. For the stable distribution (sarge) these problems have been fixed in version 2.1.7-2.5. For the unstable distribution (sid) these problems will be fixed soon We recommend that you upgrade your libfreetype packages. Affected Software/OS: 'freetype' package(s) on Debian 3.0, Debian 3.1. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-0747 1016522 http://securitytracker.com/id?1016522 102705 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102705-1 18326 http://www.securityfocus.com/bid/18326 20060612 rPSA-2006-0100-1 freetype http://www.securityfocus.com/archive/1/436836/100/0/threaded 20060701-01-U ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U 20525 http://secunia.com/advisories/20525 20591 http://secunia.com/advisories/20591 20638 http://secunia.com/advisories/20638 20791 http://secunia.com/advisories/20791 21062 http://secunia.com/advisories/21062 21135 http://secunia.com/advisories/21135 21385 http://secunia.com/advisories/21385 21701 http://secunia.com/advisories/21701 23939 http://secunia.com/advisories/23939 35074 http://secunia.com/advisories/35074 ADV-2007-0381 http://www.vupen.com/english/advisories/2007/0381 ADV-2009-1297 http://www.vupen.com/english/advisories/2009/1297 APPLE-SA-2009-05-12 http://lists.apple.com/archives/security-announce/2009/May/msg00002.html DSA-1095 http://www.debian.org/security/2006/dsa-1095 MDKSA-2006:099 http://www.mandriva.com/security/advisories?name=MDKSA-2006:099 RHSA-2006:0500 http://www.redhat.com/support/errata/RHSA-2006-0500.html SUSE-SA:2006:037 http://lists.suse.com/archive/suse-security-announce/2006-Jun/0012.html TA09-133A http://www.us-cert.gov/cas/techalerts/TA09-133A.html USN-291-1 https://usn.ubuntu.com/291-1/ http://support.apple.com/kb/HT3549 http://support.avaya.com/elmodocs2/security/ASA-2006-176.htm https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=183676 https://issues.rpath.com/browse/RPL-429 oval:org.mitre.oval:def:9508 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9508 Common Vulnerability Exposure (CVE) ID: CVE-2006-1861 18034 http://www.securityfocus.com/bid/18034 20100 http://secunia.com/advisories/20100 21000 http://secunia.com/advisories/21000 27162 http://secunia.com/advisories/27162 27167 http://secunia.com/advisories/27167 27271 http://secunia.com/advisories/27271 33937 http://secunia.com/advisories/33937 35200 http://secunia.com/advisories/35200 35204 http://secunia.com/advisories/35204 35233 http://secunia.com/advisories/35233 ADV-2006-1868 http://www.vupen.com/english/advisories/2006/1868 APPLE-SA-2009-02-12 http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html FEDORA-2009-5558 https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01316.html FEDORA-2009-5644 https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01401.html GLSA-200607-02 http://security.gentoo.org/glsa/glsa-200607-02.xml GLSA-200710-09 http://www.gentoo.org/security/en/glsa/glsa-200710-09.xml RHSA-2009:0329 http://www.redhat.com/support/errata/RHSA-2009-0329.html RHSA-2009:1062 http://www.redhat.com/support/errata/RHSA-2009-1062.html SUSE-SR:2007:021 http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html freetype-lwfn-overflow(26553) https://exchange.xforce.ibmcloud.com/vulnerabilities/26553 http://sourceforge.net/project/shownotes.php?release_id=416463 http://support.apple.com/kb/HT3438 https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=128606 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190593 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190593#c8 https://bugzilla.redhat.com/show_bug.cgi?id=502565 oval:org.mitre.oval:def:9124 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9124 Common Vulnerability Exposure (CVE) ID: CVE-2006-2661 BugTraq ID: 18329 http://www.securityfocus.com/bid/18329 Bugtraq: 20060612 rPSA-2006-0100-1 freetype (Google Search) Debian Security Information: DSA-1095 (Google Search) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11692 http://securitytracker.com/id?1016520 SGI Security Advisory: 20060701-01-U SuSE Security Announcement: SUSE-SA:2006:037 (Google Search)
Copyright	Copyright (C) 2008 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.