Scientific Linux Security Update : freetype on SL3.x, SL4.x, SL5.x i386/x86_64

High Nessus Plugin ID 60427


The remote Scientific Linux host is missing one or more security updates.


Multiple flaws were discovered in FreeType's Printer Font Binary (PFB) and TrueType Font (TTF) font-file format parsers. If a user loaded a carefully crafted font-file with a program linked against FreeType, it could cause the application to crash, or possibly execute arbitrary code. (CVE-2008-1806, CVE-2008-1807, CVE-2008-1808)

Note: the flaw in FreeType's TrueType Font (TTF) font-file format parser, covered by CVE-2008-1808, did not affect the freetype packages as shipped in Scientific Linux 3, 4, and 5, as they are not compiled with TTF Byte Code Interpreter (BCI) support.


Update the affected packages.

See Also

Plugin Details

Severity: High

ID: 60427

File Name: sl_20080620_freetype_on_SL3_x.nasl

Version: $Revision: 1.1 $

Type: local

Agent: unix

Published: 2012/08/01

Modified: 2012/08/01

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: x-cpe:/o:fermilab:scientific_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 2008/06/20

Reference Information

CVE: CVE-2008-1806, CVE-2008-1807, CVE-2008-1808

CWE: 189