SuSE 10 Security Update : freetype2 (ZYPP Patch Number 7121)

High Nessus Plugin ID 49854

Synopsis

The remote SuSE 10 host is missing a security-related patch.

Description

This update of freetype2 fixes several vulnerabilities that could lead to remote system compromise by executing arbitrary code with user privileges :

- stack-based buffer overflow while processing CFF opcodes. (CVE-2010-1797)

- integer underflow. (CVE-2010-2497)

- invalid free. (CVE-2010-2498)

- buffer overflow. (CVE-2010-2499)

- integer overflow. (CVE-2010-2500)

- heap buffer overflow. (CVE-2010-2519)

- heap buffer overflow. (CVE-2010-2520)

- buffer overflows in the freetype demo. (CVE-2010-2527)

- buffer overflow in ftmulti demo program. (CVE-2010-2541)

- improper bounds checking. (CVE-2010-2805)

- improper bounds checking. (CVE-2010-2806)

- improper type comparisons. (CVE-2010-2807)

- memory corruption flaw by processing certain LWFN fonts.
(CVE-2010-2808)

Solution

Apply ZYPP patch number 7121.

See Also

http://support.novell.com/security/cve/CVE-2010-1797.html

http://support.novell.com/security/cve/CVE-2010-2497.html

http://support.novell.com/security/cve/CVE-2010-2498.html

http://support.novell.com/security/cve/CVE-2010-2499.html

http://support.novell.com/security/cve/CVE-2010-2500.html

http://support.novell.com/security/cve/CVE-2010-2519.html

http://support.novell.com/security/cve/CVE-2010-2520.html

http://support.novell.com/security/cve/CVE-2010-2527.html

http://support.novell.com/security/cve/CVE-2010-2541.html

http://support.novell.com/security/cve/CVE-2010-2805.html

http://support.novell.com/security/cve/CVE-2010-2806.html

http://support.novell.com/security/cve/CVE-2010-2807.html

http://support.novell.com/security/cve/CVE-2010-2808.html

Plugin Details

Severity: High

ID: 49854

File Name: suse_freetype2-7121.nasl

Version: 1.14

Type: local

Agent: unix

Published: 2010/10/11

Updated: 2019/10/25

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:suse:suse_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2010/08/12

Exploitable With

CANVAS (White_Phosphorus)

Core Impact

Reference Information

CVE: CVE-2010-1797, CVE-2010-2497, CVE-2010-2498, CVE-2010-2499, CVE-2010-2500, CVE-2010-2519, CVE-2010-2520, CVE-2010-2527, CVE-2010-2541, CVE-2010-2805, CVE-2010-2806, CVE-2010-2807, CVE-2010-2808