Debian Security Advisory DSA 2350-1 (freetype) Network Vulnerability

Summary

The remote host is missing an update to freetype announced via advisory DSA 2350-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202350-1

Insight

It was discovered that missing input sanitising in Freetype's processing of CID-keyed fonts could lead to the execution of arbitrary code. For the oldstable distribution (lenny), this problem has been fixed in version 2.3.7-2+lenny8. For the stable distribution (squeeze), this problem has been fixed in version 2.4.2-2.1+squeeze3. For the unstable distribution (sid), this problem has been fixed in version 2.4.8-1. We recommend that you upgrade your freetype packages.

Severity

Classification

CVE CVE-2011-3439

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Debian Security Advisory DSA 060-1 (fetchmail)
Debian Security Advisory DSA 1070-1 (kernel-source-2.4.19,kernel-image-sparc-2.4,kernel-patch-2.4.19-mips)
Debian Security Advisory DSA 063-1 (xinetd)
Debian Security Advisory DSA 030-1 (xfree86-1)
Debian Security Advisory DSA 026-1 (bind)

Take action and discover your vulnerabilities