SUSE-SA:2006:037: freetype2, freetype2-devel

high Nessus Plugin ID 24417

Synopsis

The remote host is missing a vendor-supplied security patch

Description

The remote host is missing the patch for the advisory SUSE-SA:2006:037 (freetype2, freetype2-devel).


The freetype2 library renders TrueType fonts for open source projects.
More than 900 packages on SUSE Linux use this library. Therefore the integer overflows in this code found by Josh Bressers and Chris Evans might have a high impact on the security of a desktop system.

The bugs can lead to a remote denial-of-service attack and may lead to remote command execution. The user needs to use a program that uses freetype2 (almost all GUI applications do) and let this program process malicious font data.

Solution

http://www.novell.com/linux/security/advisories/2006_37.freetype.html

Plugin Details

Severity: High

ID: 24417

File Name: suse_SA_2006_037.nasl

Version: 1.10

Agent: unix

Published: 2/18/2007

Updated: 1/14/2021

Supported Sensors: Nessus Agent, Nessus

Vulnerability Information

Required KB Items: Host/SuSE/rpm-list