SynopsisThe remote Debian host is missing a security-related update.
DescriptionTavis Ormandy discovered several integer overflows in FreeType, a library to process and access font files, resulting in heap- or stack-based buffer overflows leading to application crashes or the execution of arbitrary code via a crafted font file.
SolutionUpgrade the freetype packages.
For the oldstable distribution (etch), this problem has been fixed in version 2.2.1-5+etch4.
For the stable distribution (lenny), this problem has been fixed in version 2.3.7-2+lenny1.