Test ID:	1.3.6.1.4.1.25623.1.0.58687
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-1390-1)
Summary:	The remote host is missing an update for the Debian 't1lib' package(s) announced via the DSA-1390-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 't1lib' package(s) announced via the DSA-1390-1 advisory. Vulnerability Insight: Hamid Ebadi discovered a buffer overflow in the intT1_Env_GetCompletePath routine in t1lib, a Type 1 font rasterizer library. This flaw could allow an attacker to crash an application using the t1lib shared libraries, and potentially execute arbitrary code within such an application's security context. For the old stable distribution (sarge), this problem has been fixed in version 5.0.2-3sarge1. For the stable distribution (etch), this problem has been fixed in version 5.1.0-2etch1. We recommend that you upgrade your t1lib package. Affected Software/OS: 't1lib' package(s) on Debian 3.1, Debian 4. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-4033 BugTraq ID: 25079 http://www.securityfocus.com/bid/25079 Bugtraq: 20070921 Re: [Full-disclosure] [USN-515-1] t1lib vulnerability (Google Search) http://www.securityfocus.com/archive/1/480239/100/100/threaded Bugtraq: 20070921 Re: [USN-515-1] t1lib vulnerability (Google Search) http://www.securityfocus.com/archive/1/480244/100/100/threaded Bugtraq: 20080105 rPSA-2008-0007-1 tetex tetex-afm tetex-dvips tetex-fonts tetex-latex tetex-xdvi (Google Search) http://www.securityfocus.com/archive/1/485823/100/0/threaded Bugtraq: 20080212 FLEA-2008-0006-1 tetex tetex-dvips tetex-fonts (Google Search) http://www.securityfocus.com/archive/1/487984/100/0/threaded Debian Security Information: DSA-1390 (Google Search) http://www.debian.org/security/2007/dsa-1390 https://www.exploit-db.com/exploits/4227 http://fedoranews.org/updates/FEDORA-2007-234.shtml https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00724.html http://security.gentoo.org/glsa/glsa-200710-12.xml http://security.gentoo.org/glsa/glsa-200711-34.xml http://security.gentoo.org/glsa/glsa-200805-13.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:189 http://www.mandriva.com/security/advisories?name=MDKSA-2007:230 http://www.bugtraq.ir/adv/t1lib.txt https://bugzilla.redhat.com/show_bug.cgi?id=303021 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10557 http://www.redhat.com/support/errata/RHSA-2007-1027.html http://www.redhat.com/support/errata/RHSA-2007-1030.html http://www.redhat.com/support/errata/RHSA-2007-1031.html http://www.securitytracker.com/id?1018905 http://secunia.com/advisories/26241 http://secunia.com/advisories/26901 http://secunia.com/advisories/26981 http://secunia.com/advisories/26992 http://secunia.com/advisories/27239 http://secunia.com/advisories/27297 http://secunia.com/advisories/27439 http://secunia.com/advisories/27599 http://secunia.com/advisories/27718 http://secunia.com/advisories/27743 http://secunia.com/advisories/28345 http://secunia.com/advisories/30168 SuSE Security Announcement: SUSE-SR:2007:023 (Google Search) http://www.novell.com/linux/security/advisories/2007_23_sr.html http://www.ubuntu.com/usn/usn-515-1 XForce ISS Database: php-imagepsloadfont-bo(35620) https://exchange.xforce.ibmcloud.com/vulnerabilities/35620
Copyright	Copyright (C) 2008 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.