Test ID:	1.3.6.1.4.1.25623.1.0.880576
Category:	CentOS Local Security Checks
Title:	CentOS Update for freetype CESA-2010:0578 centos5 i386
Summary:	The remote host is missing an update for the 'freetype'; package(s) announced via the referenced advisory.
Description:	Summary: The remote host is missing an update for the 'freetype' package(s) announced via the referenced advisory. Vulnerability Insight: FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for Red Hat Enterprise Linux 5 provide only the FreeType 2 font engine. An invalid memory management flaw was found in the way the FreeType font engine processed font files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2498) An integer overflow flaw was found in the way the FreeType font engine processed font files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2500) Several buffer overflow flaws were found in the way the FreeType font engine processed font files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2499, CVE-2010-2519) Several buffer overflow flaws were found in the FreeType demo applications. If a user loaded a carefully-crafted font file with a demo application, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2527, CVE-2010-2541) Red Hat would like to thank Robert Swiecki of the Google Security Team for the discovery of the CVE-2010-2498, CVE-2010-2500, CVE-2010-2499, CVE-2010-2519, and CVE-2010-2527 issues. Note: All of the issues in this erratum only affect the FreeType 2 font engine. Users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect. Affected Software/OS: freetype on CentOS 5 Solution: Please install the updated packages. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2498 1024266 http://securitytracker.com/id?1024266 48951 http://secunia.com/advisories/48951 APPLE-SA-2010-11-10-1 http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html DSA-2070 http://www.debian.org/security/2010/dsa-2070 MDVSA-2010:137 http://www.mandriva.com/security/advisories?name=MDVSA-2010:137 RHSA-2010:0578 http://www.redhat.com/support/errata/RHSA-2010-0578.html USN-963-1 http://www.ubuntu.com/usn/USN-963-1 [freetype] 20100712 FreeType 2.4.0 has been released http://lists.nongnu.org/archive/html/freetype/2010-07/msg00001.html [oss-security] 20100713 Multiple bugs in freetype http://marc.info/?l=oss-security&m=127905701201340&w=2 [oss-security] 20100714 Re: Multiple bugs in freetype http://marc.info/?l=oss-security&m=127909326909362&w=2 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8d22746c9e5af80ff4304aef440986403a5072e2 http://support.apple.com/kb/HT4435 https://bugzilla.redhat.com/show_bug.cgi?id=613160 https://savannah.nongnu.org/bugs/?30106 Common Vulnerability Exposure (CVE) ID: CVE-2010-2499 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=c69891a1345640096fbf396e8dd567fe879ce233 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f29f741efbba0a5ce2f16464f648fb8d026ed4c8 https://bugzilla.redhat.com/show_bug.cgi?id=613162 https://savannah.nongnu.org/bugs/?30248 https://savannah.nongnu.org/bugs/?30249 Common Vulnerability Exposure (CVE) ID: CVE-2010-2500 RHSA-2010:0577 http://www.redhat.com/support/errata/RHSA-2010-0577.html http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=6305b869d86ff415a33576df6d43729673c66eee https://bugzilla.redhat.com/show_bug.cgi?id=613167 https://savannah.nongnu.org/bugs/?30263 Common Vulnerability Exposure (CVE) ID: CVE-2010-2519 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=5ef20c8c1d4de12a84b50ba497c2a358c90ec44b http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=b2ea64bcc6c385a8e8318f9c759450a07df58b6d https://bugzilla.redhat.com/show_bug.cgi?id=613194 https://savannah.nongnu.org/bugs/?30306 Common Vulnerability Exposure (CVE) ID: CVE-2010-2527 http://marc.info/?l=oss-security&m=127912955808467&w=2 http://git.savannah.gnu.org/cgit/freetype/freetype2-demos.git/commit/?id=b995299b73ba4cd259f221f500d4e63095508bec http://savannah.nongnu.org/bugs/?30054 https://bugzilla.redhat.com/show_bug.cgi?id=614557 Common Vulnerability Exposure (CVE) ID: CVE-2010-2541 40982 http://secunia.com/advisories/40982 ADV-2010-2106 http://www.vupen.com/english/advisories/2010/2106 USN-972-1 http://www.ubuntu.com/usn/USN-972-1 http://freetype.sourceforge.net/index2.html#release-freetype-2.4.2 http://sourceforge.net/projects/freetype/files/freetype2/2.4.2/NEWS/view https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019 https://bugzilla.redhat.com/show_bug.cgi?id=617342
Copyright	Copyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.