SynopsisThe remote openSUSE host is missing a security update.
DescriptionThis update of freetype2 fixes several vulnerabilities that could lead to remote system compromise by executing arbitrary code with user privileges :
- CVE-2010-1797: stack-based buffer overflow while processing CFF opcodes
- CVE-2010-2497: integer underflow
- CVE-2010-2498: invalid free
- CVE-2010-2499: buffer overflow
- CVE-2010-2500: integer overflow
- CVE-2010-2519: heap buffer overflow
- CVE-2010-2520: heap buffer overflow
- CVE-2010-2527: buffer overflows in the freetype demo
- CVE-2010-2541: buffer overflow in ftmulti demo program
- CVE-2010-2805: improper bounds checking
- CVE-2010-2806: improper bounds checking
- CVE-2010-2807: improper type comparisons
- CVE-2010-2808: memory corruption flaw by processing certain LWFN fonts
SolutionUpdate the affected freetype2 packages.