| Description: | Description:
The remote host is missing an update to freetype2
announced via advisory MDKSA-2006:099-1.
Integer underflow in Freetype before 2.2 allows remote attackers to cause
a denial of service (crash) via a font file with an odd number of blue
values, which causes the underflow when decrementing by 2 in a context
that assumes an even number of values. (CVE-2006-0747)
Multiple integer overflows in FreeType before 2.2 allow remote attackers to
cause a denial of service (crash) and possibly execute arbitrary code via
attack vectors related to (1) bdf/bdflib.c, (2) sfnt/ttcmap.c,
(3) cff/cffgload.c, and (4) the read_lwfn function and a crafted LWFN file
in base/ftmac.c. (CVE-2006-1861)
Ftutil.c in Freetype before 2.2 allows remote attackers to cause a denial
of service (crash) via a crafted font file that triggers a null dereference.
(CVE-2006-2661)
In addition, a patch is applied to 2.1.10 in Mandriva 2006 to fix a serious
bug in ttkern.c that caused some programs to go into an infinite loop when
dealing with fonts that don't have a properly sorted kerning sub-table.
This patch is not applicable to the earlier Mandriva releases.
Update:
The previous update introduced some issues with other applications and
libraries linked to libfreetype, that were missed in testing for the
vulnerabilty issues. The new packages correct these issues.
Affected: 10.2, 2006.0, Corporate 3.0, Multi Network Firewall 2.0
Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2006:099-1
Risk factor : High
CVSS Score:
7.5
|
