Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.68118 |
Kategorie: | Red Hat Local Security Checks |
Titel: | RedHat Security Advisory RHSA-2010:0736 |
Zusammenfassung: | NOSUMMARY |
Beschreibung: | Description: The remote host is missing updates announced in advisory RHSA-2010:0736. FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 3 provide both the FreeType 1 and FreeType 2 font engines. It was discovered that the FreeType font rendering engine improperly validated certain position values when processing input streams. If a user loaded a specially-crafted font file with an application linked against FreeType, and the relevant font glyphs were subsequently rendered with the X FreeType library (libXft), it could trigger a heap-based buffer overflow in the libXft library, causing the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-3311) An array index error was found in the way the FreeType font rendering engine processed certain PostScript Type 42 font files. If a user loaded a specially-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2806) A stack overflow flaw was found in the way the FreeType font rendering engine processed PostScript Type 1 font files that contain nested Standard Encoding Accented Character (seac) calls. If a user loaded a specially-crafted font file with an application linked against FreeType, it could cause the application to crash. (CVE-2010-3054) Note: All of the issues in this erratum only affect the FreeType 2 font engine. Users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2010-0736.html http://www.redhat.com/security/updates/classification/#important Risk factor : Critical CVSS Score: 9.3 |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2010-2806 http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html BugTraq ID: 42285 http://www.securityfocus.com/bid/42285 http://marc.info/?l=oss-security&m=128111955616772&w=2 RedHat Security Advisories: RHSA-2010:0736 https://rhn.redhat.com/errata/RHSA-2010-0736.html RedHat Security Advisories: RHSA-2010:0737 https://rhn.redhat.com/errata/RHSA-2010-0737.html http://www.redhat.com/support/errata/RHSA-2010-0864.html http://secunia.com/advisories/40816 http://secunia.com/advisories/40982 http://secunia.com/advisories/42314 http://secunia.com/advisories/42317 http://www.ubuntu.com/usn/USN-972-1 http://www.vupen.com/english/advisories/2010/2018 http://www.vupen.com/english/advisories/2010/2106 http://www.vupen.com/english/advisories/2010/3045 http://www.vupen.com/english/advisories/2010/3046 Common Vulnerability Exposure (CVE) ID: CVE-2010-3054 BugTraq ID: 42621 http://www.securityfocus.com/bid/42621 http://secunia.com/advisories/48951 SuSE Security Announcement: SUSE-SR:2010:019 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html Common Vulnerability Exposure (CVE) ID: CVE-2010-3311 BugTraq ID: 43700 http://www.securityfocus.com/bid/43700 Debian Security Information: DSA-2116 (Google Search) http://www.debian.org/security/2010/dsa-2116 http://www.mandriva.com/security/advisories?name=MDVSA-2010:201 http://www.ubuntu.com/usn/USN-1013-1 |
Copyright | Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |