Mandrake Local Security Checks : Mandriva Update for freetype2 MDVSA-2011:120 (freetype2)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.831432

Categoría: Mandrake Local Security Checks

Título: Mandriva Update for freetype2 MDVSA-2011:120 (freetype2)

Resumen: The remote host is missing an update for the 'freetype2'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'freetype2'
package(s) announced via the referenced advisory.

Vulnerability Insight:
A vulnerability was discovered and corrected in freetype2:

Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
Type 1 font in a PDF document, as exploited in the wild in July 2011
(CVE-2011-0226).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. The updated packages have been patched to correct this issue.

Affected Software/OS:
freetype2 on Mandriva Linux 2009.0,
Mandriva Linux 2009.0/X86_64,
Mandriva Linux 2010.1,
Mandriva Linux 2010.1/X86_64,
Mandriva Enterprise Server 5,
Mandriva Enterprise Server 5/X86_64

Solution:
Please Install the Updated Packages.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-0226
http://lists.apple.com/archives/security-announce/2011//Jul/msg00000.html
http://lists.apple.com/archives/security-announce/2011//Jul/msg00001.html
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
BugTraq ID: 48619
http://www.securityfocus.com/bid/48619
Debian Security Information: DSA-2294 (Google Search)
http://www.debian.org/security/2011/dsa-2294
http://www.mandriva.com/security/advisories?name=MDVSA-2011:120
http://www.appleinsider.com/articles/11/07/06/hackers_release_new_browser_based_ios_jailbreak_based_on_pdf_exploit.html
http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00015.html
http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00014.html
http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00020.html
http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00026.html
http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00028.html
http://www.redhat.com/support/errata/RHSA-2011-1085.html
http://secunia.com/advisories/45167
http://secunia.com/advisories/45224
SuSE Security Announcement: SUSE-SU-2011:0853 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00016.html
SuSE Security Announcement: openSUSE-SU-2011:0852 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00015.html

Copyright Copyright (c) 2011 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.831432
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Update for freetype2 MDVSA-2011:120 (freetype2)
Resumen:	The remote host is missing an update for the 'freetype2'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'freetype2' package(s) announced via the referenced advisory. Vulnerability Insight: A vulnerability was discovered and corrected in freetype2: Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011 (CVE-2011-0226). Packages for 2009.0 are provided as of the Extended Maintenance Program. The updated packages have been patched to correct this issue. Affected Software/OS: freetype2 on Mandriva Linux 2009.0, Mandriva Linux 2009.0/X86_64, Mandriva Linux 2010.1, Mandriva Linux 2010.1/X86_64, Mandriva Enterprise Server 5, Mandriva Enterprise Server 5/X86_64 Solution: Please Install the Updated Packages. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-0226 http://lists.apple.com/archives/security-announce/2011//Jul/msg00000.html http://lists.apple.com/archives/security-announce/2011//Jul/msg00001.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html BugTraq ID: 48619 http://www.securityfocus.com/bid/48619 Debian Security Information: DSA-2294 (Google Search) http://www.debian.org/security/2011/dsa-2294 http://www.mandriva.com/security/advisories?name=MDVSA-2011:120 http://www.appleinsider.com/articles/11/07/06/hackers_release_new_browser_based_ios_jailbreak_based_on_pdf_exploit.html http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00015.html http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00014.html http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00020.html http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00026.html http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00028.html http://www.redhat.com/support/errata/RHSA-2011-1085.html http://secunia.com/advisories/45167 http://secunia.com/advisories/45224 SuSE Security Announcement: SUSE-SU-2011:0853 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00016.html SuSE Security Announcement: openSUSE-SU-2011:0852 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00015.html
Copyright	Copyright (c) 2011 Greenbone Networks GmbH