Test ID:	1.3.6.1.4.1.25623.1.0.70743
Category:	FreeBSD Local Security Checks
Title:	FreeBSD Ports: FreeBSD
Summary:	The remote host is missing an update to the system; as announced in the referenced advisory.
Description:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: FreeBSD CVE-2011-2895 The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-2895 1025920 http://securitytracker.com/id?1025920 45544 http://secunia.com/advisories/45544 45568 http://secunia.com/advisories/45568 45599 http://secunia.com/advisories/45599 45986 http://secunia.com/advisories/45986 46127 http://secunia.com/advisories/46127 48951 http://secunia.com/advisories/48951 49124 http://www.securityfocus.com/bid/49124 APPLE-SA-2012-02-01-1 http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html APPLE-SA-2012-05-09-1 http://lists.apple.com/archives/security-announce/2012/May/msg00001.html APPLE-SA-2015-12-08-1 http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html APPLE-SA-2015-12-08-2 http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html APPLE-SA-2015-12-08-3 http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html APPLE-SA-2015-12-08-4 http://lists.apple.com/archives/security-announce/2015/Dec/msg00002.html DSA-2293 http://www.debian.org/security/2011/dsa-2293 MDVSA-2011:153 http://www.mandriva.com/security/advisories?name=MDVSA-2011:153 NetBSD-SA2011-007 http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-007.txt.asc RHSA-2011:1154 http://www.redhat.com/support/errata/RHSA-2011-1154.html RHSA-2011:1155 http://www.redhat.com/support/errata/RHSA-2011-1155.html RHSA-2011:1161 http://www.redhat.com/support/errata/RHSA-2011-1161.html RHSA-2011:1834 http://www.redhat.com/support/errata/RHSA-2011-1834.html SUSE-SU-2011:1035 http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00019.html USN-1191-1 http://www.ubuntu.com/usn/USN-1191-1 [oss-security] 20110810 LZW decompression issues http://www.openwall.com/lists/oss-security/2011/08/10/10 [xorg-announce] 20110810 X.Org security advisory: libXfont LZW decompression heap corruption http://lists.freedesktop.org/archives/xorg-announce/2011-August/001721.html [xorg-announce] 20110810 [ANNOUNCE] libXfont 1.4.4 http://lists.freedesktop.org/archives/xorg-announce/2011-August/001722.html http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d11ee5886e9d9ec610051a206b135a4cdc1e09a0 http://support.apple.com/kb/HT5130 http://support.apple.com/kb/HT5281 http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/compress/zopen.c#rev1.17 https://bugzilla.redhat.com/show_bug.cgi?id=725760 https://bugzilla.redhat.com/show_bug.cgi?id=727624 https://support.apple.com/HT205635 https://support.apple.com/HT205637 https://support.apple.com/HT205640 https://support.apple.com/HT205641 openSUSE-SU-2011:1299 http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00004.html xorg-lzw-bo(69141) https://exchange.xforce.ibmcloud.com/vulnerabilities/69141
Copyright	Copyright (C) 2012 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.