Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title FreeType vulnerabilities
Informations
Name USN-1267-1 First vendor Publication 2011-11-18
Vendor Ubuntu Last vendor Modification 2011-11-18
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS

Summary:

FreeType could be made to crash or run programs as your login if it opened a specially crafted font file.

Software Description: - freetype: FreeType 2 is a font engine library

Details:

It was discovered that FreeType did not correctly handle certain malformed Type 1 font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. (CVE-2011-3256)

It was discovered that FreeType did not correctly handle certain malformed CID-keyed PostScript font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. (CVE-2011-3439)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 11.10:
libfreetype6 2.4.4-2ubuntu1.1

Ubuntu 11.04:
libfreetype6 2.4.4-1ubuntu2.2

Ubuntu 10.10:
libfreetype6 2.4.2-2ubuntu0.3

Ubuntu 10.04 LTS:
libfreetype6 2.3.11-1ubuntu2.5

Ubuntu 8.04 LTS:
libfreetype6 2.3.5-1ubuntu4.8.04.7

After a standard system update you need to restart your session to make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1267-1
CVE-2011-3256, CVE-2011-3439

Package Information:
https://launchpad.net/ubuntu/+source/freetype/2.4.4-2ubuntu1.1
https://launchpad.net/ubuntu/+source/freetype/2.4.4-1ubuntu2.2
https://launchpad.net/ubuntu/+source/freetype/2.4.2-2ubuntu0.3
https://launchpad.net/ubuntu/+source/freetype/2.3.11-1ubuntu2.5
https://launchpad.net/ubuntu/+source/freetype/2.3.5-1ubuntu4.8.04.7

Original Source

Url : http://www.ubuntu.com/usn/USN-1267-1

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-787 Out-of-bounds Write (CWE/SANS Top 25)
50 % CWE-94 Failure to Control Generation of Code ('Code Injection')

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:15179
 
Oval ID: oval:org.mitre.oval:def:15179
Title: DSA-2328-1 freetype -- missing input sanitising
Description: It was discovered that missing input sanitising in Freetype's glyph handling could lead to memory corruption, resulting in denial of service or the execution of arbitrary code.
Family: unix Class: patch
Reference(s): DSA-2328-1
CVE-2011-3256
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): freetype
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15271
 
Oval ID: oval:org.mitre.oval:def:15271
Title: DSA-2350-1 freetype -- missing input sanitising
Description: It was discovered that missing input sanitising in Freetype's processing of CID-keyed fonts could lead to the execution of arbitrary code.
Family: unix Class: patch
Reference(s): DSA-2350-1
CVE-2011-3439
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): freetype
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15440
 
Oval ID: oval:org.mitre.oval:def:15440
Title: USN-1267-1 -- FreeType vulnerabilities
Description: freetype: FreeType 2 is a font engine library FreeType could be made to crash or run programs as your login if it opened a specially crafted font file.
Family: unix Class: patch
Reference(s): USN-1267-1
CVE-2011-3256
CVE-2011-3439
Version: 5
Platform(s): Ubuntu 11.04
Ubuntu 11.10
Ubuntu 8.04
Ubuntu 10.04
Ubuntu 10.10
Product(s): FreeType
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21950
 
Oval ID: oval:org.mitre.oval:def:21950
Title: RHSA-2011:1402: freetype security update (Important)
Description: FreeType 2 before 2.4.7, as used in CoreGraphics in Apple iOS before 5, Mandriva Enterprise Server 5, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font, a different vulnerability than CVE-2011-0226.
Family: unix Class: patch
Reference(s): RHSA-2011:1402-01
CESA-2011:1402
CVE-2011-3256
Version: 4
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
CentOS Linux 5
CentOS Linux 6
Product(s): freetype
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22011
 
Oval ID: oval:org.mitre.oval:def:22011
Title: RHSA-2011:1455: freetype security update (Important)
Description: FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document.
Family: unix Class: patch
Reference(s): RHSA-2011:1455-01
CESA-2011:1455
CVE-2011-3439
Version: 4
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
CentOS Linux 5
CentOS Linux 6
Product(s): freetype
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23072
 
Oval ID: oval:org.mitre.oval:def:23072
Title: DEPRECATED: ELSA-2011:1455: freetype security update (Important)
Description: FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document.
Family: unix Class: patch
Reference(s): ELSA-2011:1455-01
CVE-2011-3439
Version: 7
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): freetype
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23196
 
Oval ID: oval:org.mitre.oval:def:23196
Title: DEPRECATED: ELSA-2011:1402: freetype security update (Important)
Description: FreeType 2 before 2.4.7, as used in CoreGraphics in Apple iOS before 5, Mandriva Enterprise Server 5, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font, a different vulnerability than CVE-2011-0226.
Family: unix Class: patch
Reference(s): ELSA-2011:1402-01
CVE-2011-3256
Version: 7
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): freetype
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23365
 
Oval ID: oval:org.mitre.oval:def:23365
Title: ELSA-2011:1402: freetype security update (Important)
Description: FreeType 2 before 2.4.7, as used in CoreGraphics in Apple iOS before 5, Mandriva Enterprise Server 5, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font, a different vulnerability than CVE-2011-0226.
Family: unix Class: patch
Reference(s): ELSA-2011:1402-01
CVE-2011-3256
Version: 6
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): freetype
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23617
 
Oval ID: oval:org.mitre.oval:def:23617
Title: ELSA-2011:1455: freetype security update (Important)
Description: FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document.
Family: unix Class: patch
Reference(s): ELSA-2011:1455-01
CVE-2011-3439
Version: 6
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): freetype
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 113
Os 1
Os 2
Os 1

OpenVAS Exploits

Date Description
2012-08-02 Name : SuSE Update for freetype2 openSUSE-SU-2012:0047-1 (freetype2)
File : nvt/gb_suse_2012_0047_1.nasl
2012-08-02 Name : SuSE Update for freetype2 openSUSE-SU-2012:0015-1 (freetype2)
File : nvt/gb_suse_2012_0015_1.nasl
2012-07-30 Name : CentOS Update for freetype CESA-2011:1402 centos4 x86_64
File : nvt/gb_CESA-2011_1402_freetype_centos4_x86_64.nasl
2012-07-30 Name : CentOS Update for freetype CESA-2011:1402 centos5 x86_64
File : nvt/gb_CESA-2011_1402_freetype_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for freetype CESA-2011:1455 centos4 x86_64
File : nvt/gb_CESA-2011_1455_freetype_centos4_x86_64.nasl
2012-07-30 Name : CentOS Update for freetype CESA-2011:1455 centos5 x86_64
File : nvt/gb_CESA-2011_1455_freetype_centos5_x86_64.nasl
2012-04-26 Name : Fedora Update for freetype FEDORA-2012-5422
File : nvt/gb_fedora_2012_5422_freetype_fc15.nasl
2012-04-20 Name : Fedora Update for freetype FEDORA-2012-4946
File : nvt/gb_fedora_2012_4946_freetype_fc16.nasl
2012-03-19 Name : Fedora Update for freetype FEDORA-2011-15927
File : nvt/gb_fedora_2011_15927_freetype_fc16.nasl
2012-02-12 Name : Gentoo Security Advisory GLSA 201201-09 (FreeType)
File : nvt/glsa_201201_09.nasl
2012-02-11 Name : Debian Security Advisory DSA 2350-1 (freetype)
File : nvt/deb_2350_1.nasl
2012-02-11 Name : Debian Security Advisory DSA 2328-1 (freetype)
File : nvt/deb_2328_1.nasl
2012-02-06 Name : Mac OS X Multiple Vulnerabilities (2012-001)
File : nvt/gb_macosx_su12-001.nasl
2011-12-05 Name : Fedora Update for freetype FEDORA-2011-15964
File : nvt/gb_fedora_2011_15964_freetype_fc15.nasl
2011-12-02 Name : Fedora Update for freetype FEDORA-2011-15956
File : nvt/gb_fedora_2011_15956_freetype_fc14.nasl
2011-11-25 Name : Mandriva Update for freetype2 MDVSA-2011:177 (freetype2)
File : nvt/gb_mandriva_MDVSA_2011_177.nasl
2011-11-21 Name : CentOS Update for freetype CESA-2011:1455 centos5 i386
File : nvt/gb_CESA-2011_1455_freetype_centos5_i386.nasl
2011-11-21 Name : CentOS Update for freetype CESA-2011:1455 centos4 i386
File : nvt/gb_CESA-2011_1455_freetype_centos4_i386.nasl
2011-11-21 Name : Ubuntu Update for freetype USN-1267-1
File : nvt/gb_ubuntu_USN_1267_1.nasl
2011-11-18 Name : RedHat Update for freetype RHSA-2011:1455-01
File : nvt/gb_RHSA-2011_1455-01_freetype.nasl
2011-11-11 Name : Fedora Update for freetype FEDORA-2011-14749
File : nvt/gb_fedora_2011_14749_freetype_fc15.nasl
2011-11-11 Name : CentOS Update for freetype CESA-2011:1402 centos4 i386
File : nvt/gb_CESA-2011_1402_freetype_centos4_i386.nasl
2011-10-31 Name : RedHat Update for freetype RHSA-2011:1402-01
File : nvt/gb_RHSA-2011_1402-01_freetype.nasl
2011-10-31 Name : CentOS Update for freetype CESA-2011:1402 centos5 i386
File : nvt/gb_CESA-2011_1402_freetype_centos5_i386.nasl
2011-10-31 Name : Mandriva Update for freetype2 MDVSA-2011:157 (freetype2)
File : nvt/gb_mandriva_MDVSA_2011_157.nasl
0000-00-00 Name : FreeBSD Ports: freetype2
File : nvt/freebsd_freetype24.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
77014 Apple iOS CoreGraphics Component src/cid/cidload.c FreeType CID-keyed Type 1 ...

76324 Apple iOS CoreGraphics Multiple freetype Font Handling Memory Corruption

Nessus® Vulnerability Scanner

Date Description
2015-01-19 Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_libfxt_20141107.nasl - Type : ACT_GATHER_INFO
2015-01-19 Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_freetype_20141107.nasl - Type : ACT_GATHER_INFO
2014-10-12 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2011-8.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_freetype2-111216.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_freetype2-111216.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2011-96.nasl - Type : ACT_GATHER_INFO
2013-09-04 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2011-20.nasl - Type : ACT_GATHER_INFO
2013-09-04 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2011-08.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-1455.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-1402.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0094.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20111116_freetype_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20111025_freetype_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-02-02 Name : The remote host is missing a Mac OS X update that fixes several security vuln...
File : macosx_10_7_3.nasl - Type : ACT_GATHER_INFO
2012-01-24 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201201-09.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_freetype2-7872.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_freetype2-111201.nasl - Type : ACT_GATHER_INFO
2011-12-05 Name : The remote Fedora host is missing a security update.
File : fedora_2011-15964.nasl - Type : ACT_GATHER_INFO
2011-11-29 Name : The remote Fedora host is missing a security update.
File : fedora_2011-15956.nasl - Type : ACT_GATHER_INFO
2011-11-22 Name : The remote Fedora host is missing a security update.
File : fedora_2011-15927.nasl - Type : ACT_GATHER_INFO
2011-11-22 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2350.nasl - Type : ACT_GATHER_INFO
2011-11-22 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-1455.nasl - Type : ACT_GATHER_INFO
2011-11-22 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-177.nasl - Type : ACT_GATHER_INFO
2011-11-18 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1267-1.nasl - Type : ACT_GATHER_INFO
2011-11-17 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-1455.nasl - Type : ACT_GATHER_INFO
2011-11-14 Name : The remote Fedora host is missing a security update.
File : fedora_2011-14749.nasl - Type : ACT_GATHER_INFO
2011-11-02 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_54075e3904ac11e1a94ebcaec565249c.nasl - Type : ACT_GATHER_INFO
2011-10-27 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-1402.nasl - Type : ACT_GATHER_INFO
2011-10-26 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-1402.nasl - Type : ACT_GATHER_INFO
2011-10-25 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2328.nasl - Type : ACT_GATHER_INFO
2011-10-24 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-157.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:59:16
  • Multiple Updates