APPLE-SA-2011-11-10-1

http://support.apple.com/kb/HT5052

SUSE-SU-2011:1307

openSUSE-SU-2012:0015

openSUSE-SU-2012:0047

46921

48951

The remote Solaris system is missing necessary patches to address security updates :

  - FreeType in CoreGraphics in Apple iOS before 5.0.1     allows remote attackers to execute arbitrary code or     cause a denial of service (memory corruption) via a     crafted font in a document. (CVE-2011-3439)

This update of freetype2 fixes multiple security flaws that could allow attackers to cause a denial of service or to execute arbitrary code via specially crafted fonts (CVE-2011-3256, CVE-2011-3439).

FreeType allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font.
(CVE-2011-3439, bnc#730124)

Multiple input validation flaws were found in the way FreeType processed CID-keyed fonts. If a specially crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

From Red Hat Security Advisory 2011:1455 :

Updated freetype packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4, 5, and 6.

The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for Red Hat Enterprise Linux 5 and 6 provide only the FreeType 2 font engine.

Multiple input validation flaws were found in the way FreeType processed CID-keyed fonts. If a specially crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3439)

Note: These issues only affected the FreeType 2 font engine.

Users are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect.

Updated freetype packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.6 Extended Update Support.

The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently.

Multiple input validation flaws were found in the way FreeType processed bitmap font files. If a specially crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3256)

Multiple input validation flaws were found in the way FreeType processed CID-keyed fonts. If a specially crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3439)

Users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect.

FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Scientific Linux 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for Scientific Linux 5 and 6 provide only the FreeType 2 font engine.

Multiple input validation flaws were found in the way FreeType processed CID-keyed fonts. If a specially crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3439)

Note: These issues only affected the FreeType 2 font engine.

Users are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect.

The mobile device is running a version of iOS that is older than version 5.0.1.  Version 5.0.1 contains security-related fixes for the following vulnerabilities :

  - Apple iOS and Mac OS X CFNetwork Cross-Domain     Information Disclosure Vulnerability (CVE-2011-3246)

  - Apple iOS FreeType Multiple Memory Corruption     Vulnerabilities (CVE-2011-3439)

  - Apple iOS Code Signing Security Bypass Vulnerability     (CVE-2011-3442)

  - Apple iOS Libinfo Component Information Disclosure     Vulnerability (CVE-2011-3441)

  - Apple iPad Passcode Lock Local Security Bypass     Vulnerability (CVE-2011-3440)

The remote host is affected by the vulnerability described in GLSA-201201-09 (FreeType: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in FreeType. Please review       the CVE identifiers referenced below for details.
  Impact :

    A remote attacker could entice a user to open a specially crafted font,       possibly resulting in the remote execution of arbitrary code with the       privileges of the user running the application, or a Denial of Service.
  Workaround :

    There is no known workaround at this time.

This update of freetype2 fixes multiple security flaws that could allow attackers to cause a denial of service or to execute arbitrary code via specially crafted fonts. (CVE-2011-3256 / CVE-2011-3439 / CVE-2011-2895)

This update of freetype2 fixes multiple security flaws that could allow attackers to cause a denial of service or to execute arbitrary code via specially crafted fonts. (CVE-2011-3256 / CVE-2011-3439)

This update fixes CVE-2011-3439

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update fixes CVE-2011-3439

This update fixes CVE-2011-3256

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

A vulnerability has been discovered and corrected in freetype2 :

FreeType allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document (CVE-2011-3439).

The updated packages have been patched to correct these issues.

It was discovered that missing input sanitising in Freetype's processing of CID-keyed fonts could lead to the execution of arbitrary code.

Updated freetype packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4, 5, and 6.

The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for Red Hat Enterprise Linux 5 and 6 provide only the FreeType 2 font engine.

Multiple input validation flaws were found in the way FreeType processed CID-keyed fonts. If a specially crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3439)

Note: These issues only affected the FreeType 2 font engine.

Users are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect.

It was discovered that FreeType did not correctly handle certain malformed Type 1 font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges.
(CVE-2011-3256)

It was discovered that FreeType did not correctly handle certain malformed CID-keyed PostScript font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. (CVE-2011-3439).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to its banner, the remote Apple iOS device is missing a security update.  Versions of Apple iOS 3.0 through 5.0 are affected by vulnerabilities within the following components :

 - CFNetwork (CVE-2011-3246)
 - CoreGraphics (CVE-2011-3439)
 - Kernel (CVE-2011-3442)
 - libinfo (CVE-2011-3441)
 - Passcode Lock (CVE-2011-3440)

ID	Name	Product	Family	Severity
80615	Oracle Solaris Third-Party Patch Update : freetype (cve_2011_3439_denial_of)	Nessus	Solaris Local Security Checks	high
75845	openSUSE Security Update : freetype2 (openSUSE-SU-2012:0015-1)	Nessus	SuSE Local Security Checks	high
75507	openSUSE Security Update : freetype2 (openSUSE-SU-2012:0015-1)	Nessus	SuSE Local Security Checks	high
74541	openSUSE Security Update : freetype2 (openSUSE-2011-96)	Nessus	SuSE Local Security Checks	high
69579	Amazon Linux AMI : freetype (ALAS-2011-20)	Nessus	Amazon Linux Local Security Checks	high
68390	Oracle Linux 4 / 5 / 6 : freetype (ELSA-2011-1455)	Nessus	Oracle Linux Local Security Checks	high
64023	RHEL 5 : freetype (RHSA-2012:0094)	Nessus	Red Hat Local Security Checks	high
61176	Scientific Linux Security Update : freetype on SL4.x, SL5.x, SL6.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	high
60025	Apple iOS < 5.0.1 Multiple Vulnerabilities	Nessus	Mobile Devices	high
57651	GLSA-201201-09 : FreeType: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
57198	SuSE 10 Security Update : freetype2 (ZYPP Patch Number 7872)	Nessus	SuSE Local Security Checks	high
57103	SuSE 11.1 Security Update : freetype2 (SAT Patch Number 5491)	Nessus	SuSE Local Security Checks	high
57000	Fedora 15 : freetype-2.4.4-7.fc15 (2011-15964)	Nessus	Fedora Local Security Checks	high
56966	Fedora 14 : freetype-2.4.2-7.fc14 (2011-15956)	Nessus	Fedora Local Security Checks	high
56918	Fedora 16 : freetype-2.4.6-4.fc16 (2011-15927)	Nessus	Fedora Local Security Checks	high
56910	Mandriva Linux Security Advisory : freetype2 (MDVSA-2011:177)	Nessus	Mandriva Local Security Checks	high
56883	Debian DSA-2350-1 : freetype - missing input sanitising	Nessus	Debian Local Security Checks	high
56878	CentOS 4 / 5 : freetype (CESA-2011:1455)	Nessus	CentOS Local Security Checks	high
56870	Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : freetype vulnerabilities (USN-1267-1)	Nessus	Ubuntu Local Security Checks	high
56859	RHEL 4 / 5 / 6 : freetype (RHSA-2011:1455)	Nessus	Red Hat Local Security Checks	high
6096	Apple iOS < 5.0.1 Multiple Vulnerabilities	Nessus Network Monitor	Mobile Devices	high

CVE-2011-3439

high

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high