Oracle Solaris Third-Party Patch Update : freetype (multiple_denial_of_service_dos1)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote Solaris system is missing a security patch for third-party
software.

Description :

The remote Solaris system is missing necessary patches to address
security updates :

- FreeType before 2.4.9, as used in Mozilla Firefox Mobile
before 10.0.4 and other products, allows remote
attackers to cause a denial of service (invalid heap
read operation and memory corruption) or possibly
execute arbitrary code via crafted property data in a
BDF font. (CVE-2012-1126)

- FreeType before 2.4.9, as used in Mozilla Firefox Mobile
before 10.0.4 and other products, allows remote
attackers to cause a denial of service (invalid heap
read operation and memory corruption) or possibly
execute arbitrary code via crafted glyph or bitmap data
in a BDF font. (CVE-2012-1127)

- FreeType before 2.4.9, as used in Mozilla Firefox Mobile
before 10.0.4 and other products, allows remote
attackers to cause a denial of service (NULL pointer
dereference and memory corruption) or possibly execute
arbitrary code via a crafted TrueType font.
(CVE-2012-1128)

- FreeType before 2.4.9, as used in Mozilla Firefox Mobile
before 10.0.4 and other products, allows remote
attackers to cause a denial of service (invalid heap
read operation and memory corruption) or possibly
execute arbitrary code via a crafted SFNT string in a
Type 42 font. (CVE-2012-1129)

- FreeType before 2.4.9, as used in Mozilla Firefox Mobile
before 10.0.4 and other products, allows remote
attackers to cause a denial of service (invalid heap
read operation and memory corruption) or possibly
execute arbitrary code via crafted property data in a
PCF font. (CVE-2012-1130)

- FreeType before 2.4.9, as used in Mozilla Firefox Mobile
before 10.0.4 and other products, on 64-bit platforms
allows remote attackers to cause a denial of service
(invalid heap read operation and memory corruption) or
possibly execute arbitrary code via vectors related to
the cell table of a font. (CVE-2012-1131)

- FreeType before 2.4.9, as used in Mozilla Firefox Mobile
before 10.0.4 and other products, allows remote
attackers to cause a denial of service (invalid heap
read operation and memory corruption) or possibly
execute arbitrary code via crafted dictionary data in a
Type 1 font. (CVE-2012-1132)

- FreeType before 2.4.9, as used in Mozilla Firefox Mobile
before 10.0.4 and other products, allows remote
attackers to cause a denial of service (invalid heap
write operation and memory corruption) or possibly
execute arbitrary code via crafted glyph or bitmap data
in a BDF font. (CVE-2012-1133)

- FreeType before 2.4.9, as used in Mozilla Firefox Mobile
before 10.0.4 and other products, allows remote
attackers to cause a denial of service (invalid heap
write operation and memory corruption) or possibly
execute arbitrary code via crafted private-dictionary
data in a Type 1 font. (CVE-2012-1134)

- FreeType before 2.4.9, as used in Mozilla Firefox Mobile
before 10.0.4 and other products, allows remote
attackers to cause a denial of service (invalid heap
read operation and memory corruption) or possibly
execute arbitrary code via vectors involving the NPUSHB
and NPUSHW instructions in a TrueType font.
(CVE-2012-1135)

- FreeType before 2.4.9, as used in Mozilla Firefox Mobile
before 10.0.4 and other products, allows remote
attackers to cause a denial of service (invalid heap
write operation and memory corruption) or possibly
execute arbitrary code via crafted glyph or bitmap data
in a BDF font that lacks an ENCODING field.
(CVE-2012-1136)

- FreeType before 2.4.9, as used in Mozilla Firefox Mobile
before 10.0.4 and other products, allows remote
attackers to cause a denial of service (invalid heap
read operation and memory corruption) or possibly
execute arbitrary code via a crafted header in a BDF
font. (CVE-2012-1137)

- FreeType before 2.4.9, as used in Mozilla Firefox Mobile
before 10.0.4 and other products, allows remote
attackers to cause a denial of service (invalid heap
read operation and memory corruption) or possibly
execute arbitrary code via vectors involving the MIRP
instruction in a TrueType font. (CVE-2012-1138)

- Array index error in FreeType before 2.4.9, as used in
Mozilla Firefox Mobile before 10.0.4 and other products,
allows remote attackers to cause a denial of service
(invalid stack read operation and memory corruption) or
possibly execute arbitrary code via crafted glyph data
in a BDF font. (CVE-2012-1139)

- FreeType before 2.4.9, as used in Mozilla Firefox Mobile
before 10.0.4 and other products, allows remote
attackers to cause a denial of service (invalid heap
read operation and memory corruption) or possibly
execute arbitrary code via a crafted PostScript font
object. (CVE-2012-1140)

- FreeType before 2.4.9, as used in Mozilla Firefox Mobile
before 10.0.4 and other products, allows remote
attackers to cause a denial of service (invalid heap
read operation and memory corruption) or possibly
execute arbitrary code via a crafted ASCII string in a
BDF font. (CVE-2012-1141)

- FreeType before 2.4.9, as used in Mozilla Firefox Mobile
before 10.0.4 and other products, allows remote
attackers to cause a denial of service (invalid heap
write operation and memory corruption) or possibly
execute arbitrary code via crafted glyph-outline data in
a font. (CVE-2012-1142)

- FreeType before 2.4.9, as used in Mozilla Firefox Mobile
before 10.0.4 and other products, allows remote
attackers to cause a denial of service (divide-by-zero
error) via a crafted font. (CVE-2012-1143)

- FreeType before 2.4.9, as used in Mozilla Firefox Mobile
before 10.0.4 and other products, allows remote
attackers to cause a denial of service (invalid heap
write operation and memory corruption) or possibly
execute arbitrary code via a crafted TrueType font.
(CVE-2012-1144)

See also :

http://www.nessus.org/u?b5f8def1
http://www.nessus.org/u?911efc66

Solution :

Upgrade to Solaris 11/11 SRU 8.5.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now