Debian Security Advisory DSA 2328-1 (freetype) Network Vulnerability

Summary

The remote host is missing an update to freetype announced via advisory DSA 2328-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202328-1

Insight

It was discovered that missing input sanitising in Freetype's glyph handling could lead to memory corruption, resulting in denial of service or the execution of arbitrary code. For the oldstable distribution (lenny), this problem has been fixed in version 2.3.7-2+lenny7. For the stable distribution (squeeze), this problem has been fixed in version 2.4.2-2.1+squeeze2. For the unstable distribution (sid), this problem has been fixed in version 2.4.7-1. We recommend that you upgrade your freetype packages.

Severity

Classification

CVE CVE-2011-3256

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Debian Security Advisory DSA 093-1 (postfix)
Debian Security Advisory DSA 104-1 (cipe)
Debian Security Advisory DSA 114-1 (gnujsp)
Debian Security Advisory DSA 068-1 (openldap)
Debian Security Advisory DSA 1071-1 (mysql)

Take action and discover your vulnerabilities