OracleVM 2.1 : freetype (OVMSA-2009-0012)

Critical Nessus Plugin ID 79459

Synopsis

The remote OracleVM host is missing a security update.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

CVE-2009-0946 Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c.

CVE-2008-1806 Integer overflow in FreeType2 before 2.3.6 allows context-dependent attackers to execute arbitrary code via a crafted set of 16-bit length values within the Private dictionary table in a Printer Font Binary (PFB) file, which triggers a heap-based buffer overflow.

CVE-2008-1807 FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via an invalid 'number of axes' field in a Printer Font Binary (PFB) file, which triggers a free of arbitrary memory locations, leading to memory corruption.

CVE-2008-1808 Multiple off-by-one errors in FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via (1) a crafted table in a Printer Font Binary (PFB) file or (2) a crafted SHC instruction in a TrueType Font (TTF) file, which triggers a heap-based buffer overflow.

- Add freetype-2009-CVEs.patch

- Resolves: #496111

- Add freetype-2.3.5-CVEs.patch

- Resolves: #450910

Solution

Update the affected freetype package.

See Also

https://oss.oracle.com/pipermail/oraclevm-errata/2009-May/000026.html

Plugin Details

Severity: Critical

ID: 79459

File Name: oraclevm_OVMSA-2009-0012.nasl

Version: 1.6

Type: local

Published: 2014/11/26

Updated: 2019/10/25

Dependencies: 12634

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:freetype, cpe:/o:oracle:vm_server:2.1

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2009/05/27

Vulnerability Publication Date: 2008/06/16

Reference Information

CVE: CVE-2008-1806, CVE-2008-1807, CVE-2008-1808, CVE-2009-0946

BID: 29637, 29639, 29640, 29641, 34550

CWE: 189