Vulnerability Assessment & Network Security Forums

If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.

Home >> Browse Vulnerability Assessment Database >> SuSE Local Security Checks >> SUSE-SA:2006:037: freetype2, freetype2-devel

Vulnerability Assessment Details

SUSE-SA:2006:037: freetype2, freetype2-devel

Vulnerability Assessment Summary
Check for the version of the freetype2, freetype2-devel package

Detailed Explanation for this Vulnerability Assessment

The remote host is missing the patch for the advisory SUSE-SA:2006:037 (freetype2, freetype2-devel).

The freetype2 library renders TrueType fonts for open source projects.
More than 900 packages on SUSE Linux use this library. Therefore the
integer overflows in this code found by Josh Bressers and Chris Evans
might have a high impact on the security of a desktop system.

The bugs can lead to a remote denial-of-service attack and may lead to
remote command execution. The user needs to use a program that uses
freetype2 (almost all GUI applications do) and let this program process
malicious font data.

Solution : http://www.suse.de/security/http://www.novell.com/linux/security/advisories/2006_37.freetype.html
Network Security Threat Level: High

Networks Security ID:

Vulnerability Assessment Copyright: This script is Copyright (C) 2007 Tenable Network Security

Workstations, Terminals

Discussions

No Discussions have been posted on this vulnerability.

Home >> Browse Vulnerability Assessment Database >> SuSE Local Security Checks >> SUSE-SA:2006:037: freetype2, freetype2-devel

Home

Network Security Store

Vulnerability Assessment & Network Security Forums

Contact Us