Detections
Analytics

OracleVM 3.3 : freetype (OVMSA-2015-0036)

high Nessus Plugin ID 81967

Language:

Synopsis

The remote OracleVM host is missing a security update.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

 - Fixes (CVE-2014-9657)

 - Check minimum size of `record_size'.

 - Fixes (CVE-2014-9658)

 - Use correct value for minimum table length test.

 - Fixes (CVE-2014-9675)

 - New macro that checks one character more than `strncmp'.

 - Fixes (CVE-2014-9660)

 - Check `_BDF_GLYPH_BITS'.

 - Fixes (CVE-2014-9661)

 - Initialize `face->ttf_size'.

 - Always set `face->ttf_size' directly.

 - Exclusively use the `truetype' font driver for loading the font contained in the `sfnts' array.

 - Fixes (CVE-2014-9663)

 - Fix order of validity tests.

 - Fixes (CVE-2014-9664)

 - Add another boundary testing.

 - Fix boundary testing.

 - Fixes (CVE-2014-9667)

 - Protect against addition overflow.

 - Fixes (CVE-2014-9669)

 - Protect against overflow in additions and multiplications.

 - Fixes (CVE-2014-9670)

 - Add sanity checks for row and column values.

 - Fixes (CVE-2014-9671)

 - Check `size' and `offset' values.

 - Fixes (CVE-2014-9673)

 - Fix integer overflow by a broken POST table in resource-fork.

 - Fixes (CVE-2014-9674)

 - Fix integer overflow by a broken POST table in resource-fork.

 - Additional overflow check in the summation of POST fragment lengths.

 - Work around behaviour of X11's `pcfWriteFont' and `pcfReadFont' functions

 - Resolves: #1197737

 - Fix (CVE-2012-5669) (Use correct array size for checking `glyph_enc')

 - Resolves: #903543

Solution

Update the affected freetype package.

See Also

http://www.nessus.org/u?22fbb5cd

Plugin Details

Severity: High

ID: 81967

File Name: oraclevm_OVMSA-2015-0036.nasl

Version: 1.7

Type: local

Published: 3/20/2015

Updated: 1/4/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:freetype, cpe:/o:oracle:vm_server:3.3

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 3/19/2015

Vulnerability Publication Date: 1/24/2013

Reference Information

CVE: CVE-2012-5669, CVE-2014-9657, CVE-2014-9658, CVE-2014-9660, CVE-2014-9661, CVE-2014-9663, CVE-2014-9664, CVE-2014-9667, CVE-2014-9669, CVE-2014-9670, CVE-2014-9671, CVE-2014-9673, CVE-2014-9674, CVE-2014-9675

BID: 57041, 72986