OracleVM 3.3 : freetype (OVMSA-2015-0036)

This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.

Synopsis :

The remote OracleVM host is missing a security update.

Description :

The remote OracleVM system is missing necessary patches to address
critical security updates :

- Fixes (CVE-2014-9657)

- Check minimum size of `record_size'.

- Fixes (CVE-2014-9658)

- Use correct value for minimum table length test.

- Fixes (CVE-2014-9675)

- New macro that checks one character more than `strncmp'.

- Fixes (CVE-2014-9660)

- Check `_BDF_GLYPH_BITS'.

- Fixes (CVE-2014-9661)

- Initialize `face->ttf_size'.

- Always set `face->ttf_size' directly.

- Exclusively use the `truetype' font driver for loading
the font contained in the `sfnts' array.

- Fixes (CVE-2014-9663)

- Fix order of validity tests.

- Fixes (CVE-2014-9664)

- Add another boundary testing.

- Fix boundary testing.

- Fixes (CVE-2014-9667)

- Protect against addition overflow.

- Fixes (CVE-2014-9669)

- Protect against overflow in additions and

- Fixes (CVE-2014-9670)

- Add sanity checks for row and column values.

- Fixes (CVE-2014-9671)

- Check `size' and `offset' values.

- Fixes (CVE-2014-9673)

- Fix integer overflow by a broken POST table in

- Fixes (CVE-2014-9674)

- Fix integer overflow by a broken POST table in

- Additional overflow check in the summation of POST
fragment lengths.

- Work around behaviour of X11's `pcfWriteFont' and
`pcfReadFont' functions

- Resolves: #1197737

- Fix (CVE-2012-5669) (Use correct array size for checking

- Resolves: #903543

See also :

Solution :

Update the affected freetype package.

Risk factor :

High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.5
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now