Family: SuSE Local Security Checks --> Category: infos
SUSE-SA:2006:037: freetype2, freetype2-devel Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the freetype2, freetype2-devel package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory SUSE-SA:2006:037 (freetype2, freetype2-devel).
The freetype2 library renders TrueType fonts for open source projects.
More than 900 packages on SUSE Linux use this library. Therefore the
integer overflows in this code found by Josh Bressers and Chris Evans
might have a high impact on the security of a desktop system.
The bugs can lead to a remote denial-of-service attack and may lead to
remote command execution. The user needs to use a program that uses
freetype2 (almost all GUI applications do) and let this program process
malicious font data.
Solution : http://www.suse.de/security/http://www.novell.com/linux/security/advisories/2006_37.freetype.html
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.