Debian Security Advisory DSA 2155-1 (freetype) Network Vulnerability

Summary

The remote host is missing an update to freetype announced via advisory DSA 2155-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202155-1

Insight

Two buffer overflows were found in the Freetype font library, which could lead to the execution of arbitrary code. For the stable distribution (lenny), this problem has been fixed in version 2.3.7-2+lenny5. For the testing distribution (squeeze), this problem has been fixed in version 2.4.2-2.1. For the unstable distribution (sid), this problem has been fixed in version 2.4.2-2.1. We recommend that you upgrade your freetype packages.

Severity

Classification

CVE CVE-2010-3814, CVE-2010-3855

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Debian Security Advisory DSA 1112-1 (mysql-dfsg-4.1)
Debian Security Advisory DSA 1121-1 (postgrey)
Debian Security Advisory DSA 1102-1 (pinball)
Debian Security Advisory DSA 088-1 (fml)
Debian Security Advisory DSA 1144-1 (chmlib)

Take action and discover your vulnerabilities