Detections
Analytics
RHEL 5 / 6 : freetype (RHSA-2012:0467)
medium Nessus Plugin ID 58674
Language:
Synopsis
The remote Red Hat host is missing one or more security updates for freetype.Description
The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:0467 advisory.- freetype: heap buffer over-read in BDF parsing _bdf_is_atom() (#35597, #35598) (CVE-2012-1126)
- freetype: heap buffer over-read in BDF parsing _bdf_parse_glyphs() (#35599, #35600) (CVE-2012-1127)
- freetype: heap buffer over-read in PCF parser pcf_get_properties() (#35603) (CVE-2012-1130)
- freetype: incorrect type cast allowing input sanity check bypass in ft_smooth_render_generic() (#35604) (CVE-2012-1131)
- freetype: heap buffer over-read in Type1 parser parse_subrs() (#35606) (CVE-2012-1132)
- freetype: limited heap buffer overflow in Type1 parser T1_Get_Private_Dict() (#35608) (CVE-2012-1134)
- freetype: uninitialized pointer use in BDF parser _bdf_parse_glyphs() (#35641) (CVE-2012-1136)
- freetype: heap buffer off-by-one in BDF parsing _bdf_list_ensure() (#35643) (CVE-2012-1137)
- freetype: data buffer underflow in BDF parser _bdf_parse_glyphs() (#35656) (CVE-2012-1139)
- freetype: multiple buffer over-read in PS parser conversion functions (#35657) (CVE-2012-1140)
- freetype: BDF parser _bdf_list_split() fails to properly initialize field array (#35658) (CVE-2012-1141)
- freetype: incorrect computation of number of glyphs in FNT_Face_Init() for FNT/FON files (#35659) (CVE-2012-1142)
- freetype: integer divide by zero in FT_DivFix() (#35660) (CVE-2012-1143)
- freetype: insufficient checking of first outline point in TTF parser (#35689) (CVE-2012-1144)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the RHEL freetype package based on the guidance in RHSA-2012:0467.See Also
http://www.nessus.org/u?290cf207
https://access.redhat.com/errata/RHSA-2012:0467
https://access.redhat.com/security/updates/classification/#important
https://bugzilla.redhat.com/show_bug.cgi?id=800581
https://bugzilla.redhat.com/show_bug.cgi?id=800583
https://bugzilla.redhat.com/show_bug.cgi?id=800587
https://bugzilla.redhat.com/show_bug.cgi?id=800589
https://bugzilla.redhat.com/show_bug.cgi?id=800590
https://bugzilla.redhat.com/show_bug.cgi?id=800592
https://bugzilla.redhat.com/show_bug.cgi?id=800594
https://bugzilla.redhat.com/show_bug.cgi?id=800595
https://bugzilla.redhat.com/show_bug.cgi?id=800598
https://bugzilla.redhat.com/show_bug.cgi?id=800600
https://bugzilla.redhat.com/show_bug.cgi?id=800602
https://bugzilla.redhat.com/show_bug.cgi?id=800604
Plugin Details
Severity: Medium
ID: 58674
File Name: redhat-RHSA-2012-0467.nasl
Version: 1.25
Type: local
Agent: unix
Family: Red Hat Local Security Checks
Published: 4/11/2012
Updated: 4/27/2024
Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 7.4
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2012-1126
CVSS v3
Risk Factor: Medium
Base Score: 6.5
Temporal Score: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
CVSS Score Source: CVE-2012-1143
Vulnerability Information
CPE: p-cpe:/a:redhat:enterprise_linux:freetype, p-cpe:/a:redhat:enterprise_linux:freetype-demos, p-cpe:/a:redhat:enterprise_linux:freetype-devel, cpe:/o:redhat:enterprise_linux:5, cpe:/o:redhat:enterprise_linux:6
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Exploit Ease: No known exploits are available
Patch Publication Date: 4/10/2012
Vulnerability Publication Date: 4/25/2012
Reference Information
CVE: CVE-2012-1126, CVE-2012-1127, CVE-2012-1130, CVE-2012-1131, CVE-2012-1132, CVE-2012-1134, CVE-2012-1136, CVE-2012-1137, CVE-2012-1139, CVE-2012-1140, CVE-2012-1141, CVE-2012-1142, CVE-2012-1143, CVE-2012-1144
BID: 52318