Test ID:	1.3.6.1.4.1.25623.1.0.59807
Category:	Fedora Local Security Checks
Title:	Fedora Core 7 FEDORA-2007-2343 (t1lib)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to t1lib announced via advisory FEDORA-2007-2343. T1lib is a rasterizer library for Adobe Type 1 Fonts. It supports rotation and transformation, kerning underlining and antialiasing. It does not depend on X11, but does provides some special functions for X11. AFM-files can be generated from Type 1 font files and font subsetting is possible. Update Information: This is most likely not exploitable on Fedora, due to FORTIFY_SOURCE protection, as the overflow is strcat() call which is protected. This update has a patch that avoids the call where the overflow would occur. ChangeLog: * Thu Sep 27 2007 José Matos - 5.1.1-3 - Apply patch to fix CVE-2007-4033 * Tue Aug 28 2007 José Matos - 5.1.1-2 - License fix, rebuild for devel (F8). * Thu Jun 7 2007 José Matos - 5.1.1-1 - Update to 5.1.1. - Remove t1lib-5.1.0-destdir.patch (applied upstream). References: [ 1 ] Bug #303021 - CVE-2007-4033 Buffer overflow in t1lib triggerable by long filename string https://bugzilla.redhat.com/show_bug.cgi?id=303021 [ 2 ] CVE-2007-4033 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4033 Updated packages: 81bdcde6dbf9b9e4130544fd2493434671c1fee2 t1lib-debuginfo-5.1.1-3.fc7.ppc64.rpm c64f11e4f89f6b065ec0a6d236e9e2df4cc03c60 t1lib-devel-5.1.1-3.fc7.ppc64.rpm b2d8aca754e8ac5d1345b509a24e0b47780dc221 t1lib-5.1.1-3.fc7.ppc64.rpm 4175603f9f32a2c5a2bcf3f528225e4c64a1f10b t1lib-devel-5.1.1-3.fc7.i386.rpm 6547e77817fe39768d94ebba3b704109ac741ca4 t1lib-debuginfo-5.1.1-3.fc7.i386.rpm 6bdca51e734f299be7b4073f8416c9851c5ee7f5 t1lib-5.1.1-3.fc7.i386.rpm a643ae032988f1d53406f90f5456df5cd6a6496a t1lib-devel-5.1.1-3.fc7.x86_64.rpm 8d4d24ad8845891523022444b15b9a8c9b8ab6a5 t1lib-debuginfo-5.1.1-3.fc7.x86_64.rpm 8f430463ca8d524a87afa181338dc71fc80fb18f t1lib-5.1.1-3.fc7.x86_64.rpm 756e1c529f5906ea7703ba04acf53996e40b5bfb t1lib-devel-5.1.1-3.fc7.ppc.rpm a21ab52ec28700e51cc9c23760604ce00cba54af t1lib-debuginfo-5.1.1-3.fc7.ppc.rpm ebdb0c258c02e084d1f4da873c0d3a85464c560b t1lib-5.1.1-3.fc7.ppc.rpm 23be7d55b85d68cdcd9cfeca3a297caca8b217aa t1lib-5.1.1-3.fc7.src.rpm This update can be installed with the yum update program. Use su -c 'yum update t1lib' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/. Solution: Apply the appropriate updates. http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2007-2343 Risk factor : High CVSS Score: 7.5
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-4033 BugTraq ID: 25079 http://www.securityfocus.com/bid/25079 Bugtraq: 20070921 Re: [Full-disclosure] [USN-515-1] t1lib vulnerability (Google Search) http://www.securityfocus.com/archive/1/480239/100/100/threaded Bugtraq: 20070921 Re: [USN-515-1] t1lib vulnerability (Google Search) http://www.securityfocus.com/archive/1/480244/100/100/threaded Bugtraq: 20080105 rPSA-2008-0007-1 tetex tetex-afm tetex-dvips tetex-fonts tetex-latex tetex-xdvi (Google Search) http://www.securityfocus.com/archive/1/485823/100/0/threaded Bugtraq: 20080212 FLEA-2008-0006-1 tetex tetex-dvips tetex-fonts (Google Search) http://www.securityfocus.com/archive/1/487984/100/0/threaded Debian Security Information: DSA-1390 (Google Search) http://www.debian.org/security/2007/dsa-1390 https://www.exploit-db.com/exploits/4227 http://fedoranews.org/updates/FEDORA-2007-234.shtml https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00724.html http://security.gentoo.org/glsa/glsa-200710-12.xml http://security.gentoo.org/glsa/glsa-200711-34.xml http://security.gentoo.org/glsa/glsa-200805-13.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:189 http://www.mandriva.com/security/advisories?name=MDKSA-2007:230 http://www.bugtraq.ir/adv/t1lib.txt https://bugzilla.redhat.com/show_bug.cgi?id=303021 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10557 http://www.redhat.com/support/errata/RHSA-2007-1027.html http://www.redhat.com/support/errata/RHSA-2007-1030.html http://www.redhat.com/support/errata/RHSA-2007-1031.html http://www.securitytracker.com/id?1018905 http://secunia.com/advisories/26241 http://secunia.com/advisories/26901 http://secunia.com/advisories/26981 http://secunia.com/advisories/26992 http://secunia.com/advisories/27239 http://secunia.com/advisories/27297 http://secunia.com/advisories/27439 http://secunia.com/advisories/27599 http://secunia.com/advisories/27718 http://secunia.com/advisories/27743 http://secunia.com/advisories/28345 http://secunia.com/advisories/30168 SuSE Security Announcement: SUSE-SR:2007:023 (Google Search) http://www.novell.com/linux/security/advisories/2007_23_sr.html http://www.ubuntu.com/usn/usn-515-1 XForce ISS Database: php-imagepsloadfont-bo(35620) https://exchange.xforce.ibmcloud.com/vulnerabilities/35620
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.