Detalji
Kreirano: 12 Travanj 2012
U radu programskog paketa FreeType2 uočen je niz sigurnosnih propusta. Udaljenom napadaču omogućuju izvođenje napada uskraćivanjem usluge (DoS) i pokretanje proizvoljnog programskog koda.
Paket:
FreeType 2.x
Operacijski sustavi:
SUSE Linux Enterprise Desktop 11, SUSE Linux Enterprise Server (SLES) 10
Kritičnost:
5.9
Problem:
cjelobrojno prepisivanje, neodgovarajuće rukovanje datotekama, pogreška u programskoj funkciji
Iskorištavanje:
udaljeno
Posljedica:
proizvoljno izvršavanje programskog koda, uskraćivanje usluga (DoS)
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2012-1126, CVE-2012-1127, CVE-2012-1129, CVE-2012-1130, CVE-2012-1131, CVE-2012-1132, CVE-2012-1133, CVE-2012-1134, CVE-2012-1135, CVE-2012-1136, CVE-2012-1137, CVE-2012-1138, CVE-2012-1139, CVE-2012-1141, CVE-2012-1142, CVE-2012-1143
Izvorni ID preporuke:
SUSE-SU-2012:0483-1
Izvor:
SUSE
Problem:
Propusti su posljedica prepisivanja cjelobrojne varijable u funkciji "_bdf_parse_glyphs()", pogrešaka u datotekama "src/bdf/bdflib.c", "src/winfonts/winfnt.c", "src/type1/t1parse.c", itd. Za detaljniji uvid u sve propuste preporuča se čitanje izvorne preporuke.
Posljedica:
Napadač ih može iskoristiti za izvođenje DoS napada i pokretanje proizvoljnog programskog koda.
Rješenje:
Korisnicima se savjetuje korištenje nadogradnje.
Izvorni tekst preporuke
SUSE Security Update: Security update for freetype2
______________________________________________________________________________
Announcement ID: SUSE-SU-2012:0483-1
Rating: important
References: #750937 #750938 #750939 #750940 #750941 #750943
#750945 #750946 #750947 #750948 #750949 #750950
#750951 #750952 #750953 #750955
Cross-References: CVE-2012-1126 CVE-2012-1127 CVE-2012-1129
CVE-2012-1130 CVE-2012-1131 CVE-2012-1132
CVE-2012-1133 CVE-2012-1134 CVE-2012-1135
CVE-2012-1136 CVE-2012-1137 CVE-2012-1138
CVE-2012-1139 CVE-2012-1141 CVE-2012-1142
CVE-2012-1143
Affected Products:
SUSE Linux Enterprise Server 10 SP4
SUSE Linux Enterprise Desktop 10 SP4
______________________________________________________________________________
An update that fixes 16 vulnerabilities is now available.
Description:
Specially crafted font files could have caused buffer
overflows in freetype. This has been fixed.
Security Issue references:
* CVE-2012-1129
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1129
>
* CVE-2012-1127
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1127
>
* CVE-2012-1138
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1138
>
* CVE-2012-1131
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1131
>
* CVE-2012-1141
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1141
>
* CVE-2012-1132
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1132
>
* CVE-2012-1139
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1139
>
* CVE-2012-1137
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1137
>
* CVE-2012-1126
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1126
>
* CVE-2012-1142
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1142
>
* CVE-2012-1130
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1130
>
* CVE-2012-1136
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1136
>
* CVE-2012-1143
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1143
>
* CVE-2012-1133
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1133
>
* CVE-2012-1135
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1135
>
* CVE-2012-1134
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1134
>
Package List:
- SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64):
freetype2-2.1.10-18.29.6
freetype2-devel-2.1.10-18.29.6
ft2demos-2.1.10-19.29.2
- SUSE Linux Enterprise Server 10 SP4 (s390x x86_64):
freetype2-32bit-2.1.10-18.29.6
freetype2-devel-32bit-2.1.10-18.29.6
- SUSE Linux Enterprise Server 10 SP4 (ia64):
freetype2-x86-2.1.10-18.29.6
- SUSE Linux Enterprise Server 10 SP4 (ppc):
freetype2-64bit-2.1.10-18.29.6
freetype2-devel-64bit-2.1.10-18.29.6
- SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64):
freetype2-2.1.10-18.29.6
freetype2-devel-2.1.10-18.29.6
ft2demos-2.1.10-19.29.2
- SUSE Linux Enterprise Desktop 10 SP4 (x86_64):
freetype2-32bit-2.1.10-18.29.6
freetype2-devel-32bit-2.1.10-18.29.6
References:
http://support.novell.com/security/cve/CVE-2012-1126.html
http://support.novell.com/security/cve/CVE-2012-1127.html
http://support.novell.com/security/cve/CVE-2012-1129.html
http://support.novell.com/security/cve/CVE-2012-1130.html
http://support.novell.com/security/cve/CVE-2012-1131.html
http://support.novell.com/security/cve/CVE-2012-1132.html
http://support.novell.com/security/cve/CVE-2012-1133.html
http://support.novell.com/security/cve/CVE-2012-1134.html
http://support.novell.com/security/cve/CVE-2012-1135.html
http://support.novell.com/security/cve/CVE-2012-1136.html
http://support.novell.com/security/cve/CVE-2012-1137.html
http://support.novell.com/security/cve/CVE-2012-1138.html
http://support.novell.com/security/cve/CVE-2012-1139.html
http://support.novell.com/security/cve/CVE-2012-1141.html
http://support.novell.com/security/cve/CVE-2012-1142.html
http://support.novell.com/security/cve/CVE-2012-1143.html
https://bugzilla.novell.com/750937
https://bugzilla.novell.com/750938
https://bugzilla.novell.com/750939
https://bugzilla.novell.com/750940
https://bugzilla.novell.com/750941
https://bugzilla.novell.com/750943
https://bugzilla.novell.com/750945
https://bugzilla.novell.com/750946
https://bugzilla.novell.com/750947
https://bugzilla.novell.com/750948
https://bugzilla.novell.com/750949
https://bugzilla.novell.com/750950
https://bugzilla.novell.com/750951
https://bugzilla.novell.com/750952
https://bugzilla.novell.com/750953
https://bugzilla.novell.com/750955
http://download.novell.com/patch/finder/?keywords=1726216ecdcd5bf2aac95567fbb683f1
--
To unsubscribe, e-mail: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
For additional commands, e-mail: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
Posljednje sigurnosne preporuke