Debian Security Advisory DSA 2294-1 (freetype) Network Vulnerability

Summary

The remote host is missing an update to freetype announced via advisory DSA 2294-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202294-1

Insight

It was discovered that insufficient input saniting in Freetype's code to parse Type1 could lead to the execution of arbitrary code. For the oldstable distribution (lenny), this problem has been fixed in version 2.3.7-2+lenny6. For the stable distribution (squeeze), this problem has been fixed in version 2.4.2-2.1+squeeze1. For the unstable distribution (sid), this problem has been fixed in version 2.4.6-1. We recommend that you upgrade your freetype packages.

Severity

Classification

CVE CVE-2011-0226

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Debian Security Advisory DSA 102-2 (at)
Debian Security Advisory DSA 1005-1 (xine-lib)
Debian Security Advisory DSA 054-1 (cron)
Debian Security Advisory DSA 1044-1 (mozilla-firefox)
Debian Security Advisory DSA 089-1 (icecast-server)

Take action and discover your vulnerabilities