var-201110-0321
Vulnerability from variot

FreeType 2 before 2.4.7, as used in CoreGraphics in Apple iOS before 5, Mandriva Enterprise Server 5, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font, a different vulnerability than CVE-2011-0226. Free Type is prone to multiple memory corruption vulnerabilities. Successfully exploiting these issues will allow attackers to execute arbitrary code. Failed exploit attempts may cause denial-of-service conditions. NOTE: This issue was previously discussed in BID 50086 (Apple iPhone/iPad/iPod touch Prior to iOS 5 Multiple Vulnerabilities) but has been given its own record to better document it. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. A code injection vulnerability exists in FreeType of Apple's CoreGraphics versions prior to iOS 5. ----------------------------------------------------------------------

Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool.

Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/


TITLE: Apple iOS Multiple Vulnerabilities

SECUNIA ADVISORY ID: SA46377

VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46377/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46377

RELEASE DATE: 2011-10-14

DISCUSS ADVISORY: http://secunia.com/advisories/46377/#comments

AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

http://secunia.com/advisories/46377/

ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

https://ca.secunia.com/?page=viewadvisory&vuln_id=46377

ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

DESCRIPTION: Multiple vulnerabilities have been reported in Apple iOS, which can be exploited by malicious people with physical access to disclose certain information and by malicious people to conduct script insertion, cross-site scripting, and spoofing attacks, disclose sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service), and compromise a user's device.

1) An error within the CalDAV component does not properly validate the SSL certificate when synchronizing the calendar, which can be exploited to disclose encrypted information e.g. using a Man-in-the-Middle (MitM) attack.

2) Input passed via invitation notes is not properly sanitised in Calendar before being returned to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious invitation is being viewed.

3) The CFNetwork component stores a user's AppleID password and username in the log file readable by applications, which can be exploited to disclose the credentials.

4) The CFNetwork component does not properly restrict cross-domain access of HTTP cookies, which can be exploited to access the cookies of another web site.

5) An error exists within CoreFoundation when handling string tokenization.

For more information see vulnerability #1 in: SA46339

6) Multiple errors within CoreGraphics when handling the certain freetype fonts can be exploited to corrupt memory.

7) An error within CoreMedia does not properly handle cross-site redirects and can be exploited to disclose video data.

8) An error exits within the Data Access component when handling multiple accounts configured on the same server and can be exploited to disclose the cookie of another account.

9) The application accepts X.509 certificates with MD5 hashes, which could lead to weak cryptographic certificates being used. This can be exploited to disclose encrypted information e.g. using a Man-in-the-Middle (MitM) attack.

10) A design error exists within the implementation of SSL 3.0 and TLS 1.0 protocols.

For more information: SA46168

11) An error within ImageIO when handling CCITT Group 4 encoded TIFF files can be exploited to cause a buffer overflow.

For more information see vulnerability #1 in: SA43593

12) An error in ImageIO within the handling of CCITT Group 4 encoded TIFF image files can be exploited to cause a heap-based buffer overflow.

For more information see vulnerability #9 in: SA45325

13) An error within ICU (International Components for Unicode) can be exploited to cause a buffer overflow.

For more information see vulnerability #11 in: SA45054

14) An error within the kernel does not reclaim memory from incomplete TCP connections, which can be exploited to exhaust system resources by connecting to a listening service and cause the device to reset.

15) A NULL-pointer dereference error within the kernel when handling IPv6 socket options can be exploited to cause the device to reset.

16) An error within libxml can be exploited to cause a heap-based buffer overflow.

For more information see vulnerability #12 in: SA45325

17) An error within OfficeImport when viewing certain Microsoft Word files can be exploited to cause a buffer overflow.

18) An error within OfficeImport when viewing certain Microsoft Excel files can be exploited to cause a buffer overflow.

19) An indexing error exists in the OfficeImport framework when processing certain records in a Microsoft Word file.

For more information see vulnerability #19 in: SA45054

20) An error in the OfficeImport framework when processing records can be exploited to corrupt memory.

For more information see vulnerability #28 in: SA43814

21) An error within Safari does not properly handle the "attachment" HTTP Content-Disposition header and can be exploited to conduct cross-site scripting attacks.

22) The parental restrictions feature stores the restrictions passcode in plaintext on disk and can be exploited to disclose the passcode.

23) An error within UIKit does not properly handle "tel:" URIs and can be exploited to cause the device to hang by tricking the user into visiting a malicious website.

24) Some vulnerabilities are caused due to a bundled vulnerable version of WebKit.

For more information: SA43519 SA43683 SA43696 SA43859 SA45097 SA45325 SA45325 SA45498 SA45498 SA46339 SA46412

25) The WiFi credentials are stored in a file readable by other applications, which may lead to the credentials being disclosed.

PROVIDED AND/OR DISCOVERED BY: 1) Leszek Tasiemski, nSense. 6, 9) Reported by the vendor.

The vendor credits: 2) Rick Deacon 3) Peter Quade, qdevelop 4) Erling Ellingsen, Facebook. 7) Nirankush Panchbhai and Microsoft Vulnerability Research (MSVR) 8) Bob Sielken, IBM 14) Wouter van der Veer, Topicus and Josh Enders 15) Thomas Clement, Intego 17) Tobias Klein via iDefense. 18) Tobias Klein, www.trapkit.de 21) Christian Matthies via iDefense and Yoshinori Oota, Business Architects via JP/CERT. 22) An anonymous person 23) Simon Young, Anglia Ruskin University 25) Laurent OUDOT, TEHTRI Security

ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT4999

nSense: http://www.nsense.fi/advisories/nsense_2011_006.txt

OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/


About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


.

For the oldstable distribution (lenny), this problem has been fixed in version 2.3.7-2+lenny7.

For the stable distribution (squeeze), this problem has been fixed in version 2.4.2-2.1+squeeze2.

For the unstable distribution (sid), this problem has been fixed in version 2.4.7-1. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ .

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 media-libs/freetype < 2.4.8 >= 2.4.8

Description

Multiple vulnerabilities have been discovered in FreeType. Please review the CVE identifiers referenced below for details.

Workaround

There is no known workaround at this time.

Resolution

All FreeType users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/freetype-2.4.8"

References

[ 1 ] CVE-2010-1797 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1797 [ 2 ] CVE-2010-2497 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2497 [ 3 ] CVE-2010-2498 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2498 [ 4 ] CVE-2010-2499 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2499 [ 5 ] CVE-2010-2500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2500 [ 6 ] CVE-2010-2519 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2519 [ 7 ] CVE-2010-2520 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2520 [ 8 ] CVE-2010-2527 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2527 [ 9 ] CVE-2010-2541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2541 [ 10 ] CVE-2010-2805 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2805 [ 11 ] CVE-2010-2806 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2806 [ 12 ] CVE-2010-2807 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2807 [ 13 ] CVE-2010-2808 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2808 [ 14 ] CVE-2010-3053 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3053 [ 15 ] CVE-2010-3054 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3054 [ 16 ] CVE-2010-3311 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3311 [ 17 ] CVE-2010-3814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3814 [ 18 ] CVE-2010-3855 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3855 [ 19 ] CVE-2011-0226 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0226 [ 20 ] CVE-2011-3256 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3256 [ 21 ] CVE-2011-3439 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3439

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201201-09.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5 .

A regression was found in freetype2 in Mandriva Enterprise Server 5 that caused ugly font rendering with firefox (#63892).

Additionally, improvements conserning the LZW handling (as noted in the freetype-2.4.7 version) was added. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFOoSQgmqjQ0CJFipgRAu7bAKCNJuDDSIC2BGla3ck+cJp/Kn88ZwCg1jD/ dxu3TlyhMXF4coBC+GcK+2g= =QK6b -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

APPLE-SA-2012-02-01-1 OS X Lion v10.7.3 and Security Update 2012-001

OS X Lion v10.7.3 and Security Update 2012-001 is now available and addresses the following:

Address Book Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: An attacker in a privileged network position may intercept CardDAV data Description: Address Book supports Secure Sockets Layer (SSL) for accessing CardDAV. A downgrade issue caused Address Book to attempt an unencrypted connection if an encrypted connection failed. An attacker in a privileged network position could abuse this behavior to intercept CardDAV data. This issue is addressed by not downgrading to an unencrypted connection without user approval. CVE-ID CVE-2011-3444 : Bernard Desruisseaux of Oracle Corporation

Apache Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Multiple vulnerabilities in Apache Description: Apache is updated to version 2.2.21 to address several vulnerabilities, the most serious of which may lead to a denial of service. Further information is available via the Apache web site at http://httpd.apache.org/ CVE-ID CVE-2011-3348

Apache Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: An attacker may be able to decrypt data protected by SSL Description: There are known attacks on the confidentiality of SSL 3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode. Apache disabled the 'empty fragment' countermeasure which prevented these attacks. This issue is addressed by providing a configuration parameter to control the countermeasure and enabling it by default. CVE-ID CVE-2011-3389

CFNetwork Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information Description: An issue existed in CFNetwork's handling of malformed URLs. When accessing a maliciously crafted URL, CFNetwork could send the request to an incorrect origin server. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3246 : Erling Ellingsen of Facebook

CFNetwork Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information Description: An issue existed in CFNetwork's handling of malformed URLs. When accessing a maliciously crafted URL, CFNetwork could send unexpected request headers. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3447 : Erling Ellingsen of Facebook

ColorSync Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Viewing a maliciously crafted image with an embedded ColorSync profile may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow existed in the handling of images with an embedded ColorSync profile, which may lead to a heap buffer overflow. This issue does not affect OS X Lion systems. CVE-ID CVE-2011-0200 : binaryproof working with TippingPoint's Zero Day Initiative

CoreAudio Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Playing maliciously crafted audio content may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of AAC encoded audio streams. This issue does not affect OS X Lion systems. CVE-ID CVE-2011-3252 : Luigi Auriemma working with TippingPoint's Zero Day Initiative

CoreMedia Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in CoreMedia's handling of H.264 encoded movie files. CVE-ID CVE-2011-3448 : Scott Stender of iSEC Partners

CoreText Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to an unexpected application termination or arbitrary code execution Description: A use after free issue existed in the handling of font files. CVE-ID CVE-2011-3449 : Will Dormann of the CERT/CC

CoreUI Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Visiting a malicious website may lead to an unexpected application termination or arbitrary code execution Description: An unbounded stack allocation issue existed in the handling of long URLs. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3450 : Ben Syverson

curl Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: A remote server may be able to impersonate clients via GSSAPI requests Description: When doing GSSAPI authentication, libcurl unconditionally performs credential delegation. This issue is addressed by disabling GSSAPI credential delegation. CVE-ID CVE-2011-2192

Data Security Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information Description: Two certificate authorities in the list of trusted root certificates have independently issued intermediate certificates to DigiCert Malaysia. DigiCert Malaysia has issued certificates with weak keys that it is unable to revoke. An attacker with a privileged network position could intercept user credentials or other sensitive information intended for a site with a certificate issued by DigiCert Malaysia. This issue is addressed by configuring default system trust settings so that DigiCert Malaysia's certificates are not trusted. We would like to acknowledge Bruce Morton of Entrust, Inc. for reporting this issue.

dovecot Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: An attacker may be able to decrypt data protected by SSL Description: There are known attacks on the confidentiality of SSL 3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode. Dovecot disabled the 'empty fragment' countermeasure which prevented these attacks. This issue is addressed by enabling the countermeasure. CVE-ID CVE-2011-3389 : Apple

filecmds Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Decompressing a maliciously crafted compressed file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the 'uncompress' command line tool. CVE-ID CVE-2011-2895

ImageIO Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Viewing a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in ImageIO's handling of CCITT Group 4 encoded TIFF files. This issue does not affect OS X Lion systems. CVE-ID CVE-2011-0241 : Cyril CATTIAUX of Tessi Technologies

ImageIO Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in libtiff's handling of ThunderScan encoded TIFF images. This issue is address by updating libtiff to version 3.9.5. CVE-ID CVE-2011-1167

ImageIO Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Multiple vulnerabilities in libpng 1.5.4 Description: libpng is updated to version 1.5.5 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html CVE-ID CVE-2011-3328

Internet Sharing Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: A Wi-Fi network created by Internet Sharing may lose security settings after a system update Description: After updating to a version of OS X Lion prior to 10.7.3, the Wi-Fi configuration used by Internet Sharing may revert to factory defaults, which disables the WEP password. This issue only affects systems with Internet Sharing enabled and sharing the connection to Wi-Fi. This issue is addressed by preserving the Wi-Fi configuration during a system update. CVE-ID CVE-2011-3452 : an anonymous researcher

Libinfo Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information Description: An issue existed in Libinfo's handling of hostname lookup requests. Libinfo could return incorrect results for a maliciously crafted hostname. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3441 : Erling Ellingsen of Facebook

libresolv Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Applications that use OS X's libresolv library may be vulnerable to an unexpected application termination or arbitrary code execution Description: An integer overflow existed in the parsing of DNS resource records, which may lead to heap memory corruption. CVE-ID CVE-2011-3453 : Ilja van Sprundel of IOActive

libsecurity Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Some EV certificates may be trusted even if the corresponding root has been marked as untrusted Description: The certificate code trusted a root certificate to sign EV certificates if it was on the list of known EV issuers, even if the user had marked it as 'Never Trust' in Keychain. The root would not be trusted to sign non-EV certificates. CVE-ID CVE-2011-3422 : Alastair Houghton

OpenGL Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Applications that use OS X's OpenGL implementation may be vulnerable to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in the handling of GLSL compilation. CVE-ID CVE-2011-3457 : Chris Evans of the Google Chrome Security Team, and Marc Schoenefeld of the Red Hat Security Response Team

PHP Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Multiple vulnerabilities in PHP 5.3.6 Description: PHP is updated to version 5.3.8 to address several vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the PHP web site at http://www.php.net CVE-ID CVE-2011-1148 CVE-2011-1657 CVE-2011-1938 CVE-2011-2202 CVE-2011-2483 CVE-2011-3182 CVE-2011-3189 CVE-2011-3267 CVE-2011-3268

PHP Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in FreeType's handling of Type 1 fonts. This issue is addressed by updating FreeType to version 2.4.7. Further information is available via the FreeType site at http://www.freetype.org/ CVE-ID CVE-2011-3256 : Apple

PHP Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Multiple vulnerabilities in libpng 1.5.4 Description: libpng is updated to version 1.5.5 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html CVE-ID CVE-2011-3328

QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Opening a maliciously crafted MP4 encoded file may lead to an unexpected application termination or arbitrary code execution Description: An uninitialized memory access issue existed in the handling of MP4 encoded files. CVE-ID CVE-2011-3458 : Luigi Auriemma and pa_kt both working with TippingPoint's Zero Day Initiative

QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A signedness issue existed in the handling of font tables embedded in QuickTime movie files. CVE-ID CVE-2011-3248 : Luigi Auriemma working with TippingPoint's Zero Day Initiative

QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An off by one buffer overflow existed in the handling of rdrf atoms in QuickTime movie files. CVE-ID CVE-2011-3459 : Luigi Auriemma working with TippingPoint's Zero Day Initiative

QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing a maliciously crafted JPEG2000 image file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of JPEG2000 files. CVE-ID CVE-2011-3250 : Luigi Auriemma working with TippingPoint's Zero Day Initiative

QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Processing a maliciously crafted PNG image may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of PNG files. CVE-ID CVE-2011-3460 : Luigi Auriemma working with TippingPoint's Zero Day Initiative

QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of FLC encoded movie files CVE-ID CVE-2011-3249 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero Day Initiative

SquirrelMail Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Multiple vulnerabilities in SquirrelMail Description: SquirrelMail is updated to version 1.4.22 to address several vulnerabilities, the most serious of which is a cross-site scripting issue. This issue does not affect OS X Lion systems. Further information is available via the SquirrelMail web site at http://www.SquirrelMail.org/ CVE-ID CVE-2010-1637 CVE-2010-2813 CVE-2010-4554 CVE-2010-4555 CVE-2011-2023

Subversion Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Accessing a Subversion repository may lead to the disclosure of sensitive information Description: Subversion is updated to version 1.6.17 to address multiple vulnerabilities, the most serious of which may lead to the disclosure of sensitive information. Further information is available via the Subversion web site at http://subversion.tigris.org/ CVE-ID CVE-2011-1752 CVE-2011-1783 CVE-2011-1921

Time Machine Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: A remote attacker may access new backups created by the user's system Description: The user may designate a remote AFP volume or Time Capsule to be used for Time Machine backups. Time Machine did not verify that the same device was being used for subsequent backup operations. An attacker who is able to spoof the remote volume could gain access to new backups created by the user's system. This issue is addressed by verifying the unique identifier associated with a disk for backup operations. CVE-ID CVE-2011-3462 : Michael Roitzsch of the Technische Universitat Dresden

Tomcat Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Multiple vulnerabilities in Tomcat 6.0.32 Description: Tomcat is updated to version 6.0.33 to address multiple vulnerabilities, the most serious of which may lead to the disclosure of sensitive information. Tomcat is only provided on Mac OS X Server systems. This issue does not affect OS X Lion systems. Further information is available via the Tomcat site at http://tomcat.apache.org/ CVE-ID CVE-2011-2204

WebDAV Sharing Available for: OS X Lion Server v10.7 to v10.7.2 Impact: Local users may obtain system privileges Description: An issue existed in WebDAV Sharing's handling of user authentication. A user with a valid account on the server or one of its bound directories could cause the execution of arbitrary code with system privileges. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3463 : Gordon Davisson of Crywolf

Webmail Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing a maliciously crafted e-mail message may lead to the disclosure of message content Description: A cross-site scripting vulnerability existed in the handling of mail messages. This issue is addressed by updating Roundcube Webmail to version 0.6. This issue does not affect systems prior to OS X Lion. Further information is available via the Roundcube site at http://trac.roundcube.net/ CVE-ID CVE-2011-2937

X11 Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in FreeType's handling of Type 1 fonts. This issue is addressed by updating FreeType to version 2.4.7. Further information is available via the FreeType site at http://www.freetype.org/ CVE-ID CVE-2011-3256 : Apple

OS X Lion v10.7.3 and Security Update 2012-001 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/

The Software Update utility will present the update that applies to your system configuration. Only one is needed, either Security Update 2021-001 or OS X v10.7.3.

For OS X Lion v10.7.2 The download file is named: MacOSXUpd10.7.3.dmg Its SHA-1 digest is: 7102fe8f9f47286c45dfa35f6e84e7f730493a7c

For OS X Lion v10.7 and v10.7.1 The download file is named: MacOSXUpdCombo10.7.3.dmg Its SHA-1 digest is: 07dfce300f6801eb63d9ac13e0bec84e1862a16c

For OS X Lion Server v10.7.2 The download file is named: MacOSXServerUpd10.7.3.dmg Its SHA-1 digest is: 55a9571635d4ec088c142d68132d0d69fcb8867d

For OS X Lion Server v10.7 and v10.7.1 The download file is named: MacOSXServerUpdCombo10.7.3.dmg Its SHA-1 digest is: 2c87824f09734499ea166ea0617a3ac21ecf832b

For Mac OS X v10.6.8 The download file is named: SecUpd2012-001Snow.dmg Its SHA-1 digest is: 40875ee8cb609bbaefc8f421a9c34cc353db42b8

For Mac OS X Server v10.6.8 The download file is named: SecUpdSrvr2012-001.dmg Its SHA-1 digest is: 53b3ca5548001a9920aeabed4a034c6e4657fe20

Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin)

iQEcBAEBAgAGBQJPKYxNAAoJEGnF2JsdZQeeLiIIAMLhH2ipDFrhCsw/n4VDeF1V P6jSkGXC9tBBVMvw1Xq4c2ok4SI34bDfMlURAVR+dde/h6nIZR24aLQVoDLjJuIp RrO2dm1nQeozLJSx2NbxhVh54BucJdKp4xS1GkDNxkqcdh04RE9hRURXdKagnfGy 9P8QQPOQmKAiWos/LYhCPDInMfrpVNvEVwP8MCDP15g6hylN4De/Oyt7ZshPshSf MnAFObfBTGX5KioVqTyfdlBkKUfdXHJux61QEFHn8eadX6+/6IuKbUvK9B0icc8E pvbjOxQatFRps0KNWeIsKQc5i6iQoJhocAiIy6Y6LCuZQuSXCImY2RWXkVYzbWo= =c1eU -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Important: freetype security update Advisory ID: RHSA-2011:1402-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1402.html Issue date: 2011-10-25 CVE Names: CVE-2011-3256 =====================================================================

  1. Summary:

Updated freetype packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4, 5, and 6.

The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

  1. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

  1. Description:

FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for Red Hat Enterprise Linux 5 and 6 provide only the FreeType 2 font engine.

Multiple input validation flaws were found in the way FreeType processed bitmap font files. (CVE-2011-3256)

Note: These issues only affected the FreeType 2 font engine.

Users are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect.

  1. Solution:

Before applying this update, make sure all previously-released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259

  1. Bugs fixed (http://bugzilla.redhat.com/):

746226 - CVE-2011-3256 FreeType FT_Bitmap_New integer overflow to buffer overflow, FreeType TT_Vary_Get_Glyph_Deltas improper input validation

  1. Package List:

Red Hat Enterprise Linux AS version 4:

Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/freetype-2.1.9-20.el4.src.rpm

i386: freetype-2.1.9-20.el4.i386.rpm freetype-debuginfo-2.1.9-20.el4.i386.rpm freetype-demos-2.1.9-20.el4.i386.rpm freetype-devel-2.1.9-20.el4.i386.rpm freetype-utils-2.1.9-20.el4.i386.rpm

ia64: freetype-2.1.9-20.el4.i386.rpm freetype-2.1.9-20.el4.ia64.rpm freetype-debuginfo-2.1.9-20.el4.i386.rpm freetype-debuginfo-2.1.9-20.el4.ia64.rpm freetype-demos-2.1.9-20.el4.ia64.rpm freetype-devel-2.1.9-20.el4.ia64.rpm freetype-utils-2.1.9-20.el4.ia64.rpm

ppc: freetype-2.1.9-20.el4.ppc.rpm freetype-2.1.9-20.el4.ppc64.rpm freetype-debuginfo-2.1.9-20.el4.ppc.rpm freetype-debuginfo-2.1.9-20.el4.ppc64.rpm freetype-demos-2.1.9-20.el4.ppc.rpm freetype-devel-2.1.9-20.el4.ppc.rpm freetype-utils-2.1.9-20.el4.ppc.rpm

s390: freetype-2.1.9-20.el4.s390.rpm freetype-debuginfo-2.1.9-20.el4.s390.rpm freetype-demos-2.1.9-20.el4.s390.rpm freetype-devel-2.1.9-20.el4.s390.rpm freetype-utils-2.1.9-20.el4.s390.rpm

s390x: freetype-2.1.9-20.el4.s390.rpm freetype-2.1.9-20.el4.s390x.rpm freetype-debuginfo-2.1.9-20.el4.s390.rpm freetype-debuginfo-2.1.9-20.el4.s390x.rpm freetype-demos-2.1.9-20.el4.s390x.rpm freetype-devel-2.1.9-20.el4.s390x.rpm freetype-utils-2.1.9-20.el4.s390x.rpm

x86_64: freetype-2.1.9-20.el4.i386.rpm freetype-2.1.9-20.el4.x86_64.rpm freetype-debuginfo-2.1.9-20.el4.i386.rpm freetype-debuginfo-2.1.9-20.el4.x86_64.rpm freetype-demos-2.1.9-20.el4.x86_64.rpm freetype-devel-2.1.9-20.el4.x86_64.rpm freetype-utils-2.1.9-20.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/freetype-2.1.9-20.el4.src.rpm

i386: freetype-2.1.9-20.el4.i386.rpm freetype-debuginfo-2.1.9-20.el4.i386.rpm freetype-demos-2.1.9-20.el4.i386.rpm freetype-devel-2.1.9-20.el4.i386.rpm freetype-utils-2.1.9-20.el4.i386.rpm

x86_64: freetype-2.1.9-20.el4.i386.rpm freetype-2.1.9-20.el4.x86_64.rpm freetype-debuginfo-2.1.9-20.el4.i386.rpm freetype-debuginfo-2.1.9-20.el4.x86_64.rpm freetype-demos-2.1.9-20.el4.x86_64.rpm freetype-devel-2.1.9-20.el4.x86_64.rpm freetype-utils-2.1.9-20.el4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/freetype-2.1.9-20.el4.src.rpm

i386: freetype-2.1.9-20.el4.i386.rpm freetype-debuginfo-2.1.9-20.el4.i386.rpm freetype-demos-2.1.9-20.el4.i386.rpm freetype-devel-2.1.9-20.el4.i386.rpm freetype-utils-2.1.9-20.el4.i386.rpm

ia64: freetype-2.1.9-20.el4.i386.rpm freetype-2.1.9-20.el4.ia64.rpm freetype-debuginfo-2.1.9-20.el4.i386.rpm freetype-debuginfo-2.1.9-20.el4.ia64.rpm freetype-demos-2.1.9-20.el4.ia64.rpm freetype-devel-2.1.9-20.el4.ia64.rpm freetype-utils-2.1.9-20.el4.ia64.rpm

x86_64: freetype-2.1.9-20.el4.i386.rpm freetype-2.1.9-20.el4.x86_64.rpm freetype-debuginfo-2.1.9-20.el4.i386.rpm freetype-debuginfo-2.1.9-20.el4.x86_64.rpm freetype-demos-2.1.9-20.el4.x86_64.rpm freetype-devel-2.1.9-20.el4.x86_64.rpm freetype-utils-2.1.9-20.el4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/freetype-2.1.9-20.el4.src.rpm

i386: freetype-2.1.9-20.el4.i386.rpm freetype-debuginfo-2.1.9-20.el4.i386.rpm freetype-demos-2.1.9-20.el4.i386.rpm freetype-devel-2.1.9-20.el4.i386.rpm freetype-utils-2.1.9-20.el4.i386.rpm

ia64: freetype-2.1.9-20.el4.i386.rpm freetype-2.1.9-20.el4.ia64.rpm freetype-debuginfo-2.1.9-20.el4.i386.rpm freetype-debuginfo-2.1.9-20.el4.ia64.rpm freetype-demos-2.1.9-20.el4.ia64.rpm freetype-devel-2.1.9-20.el4.ia64.rpm freetype-utils-2.1.9-20.el4.ia64.rpm

x86_64: freetype-2.1.9-20.el4.i386.rpm freetype-2.1.9-20.el4.x86_64.rpm freetype-debuginfo-2.1.9-20.el4.i386.rpm freetype-debuginfo-2.1.9-20.el4.x86_64.rpm freetype-demos-2.1.9-20.el4.x86_64.rpm freetype-devel-2.1.9-20.el4.x86_64.rpm freetype-utils-2.1.9-20.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 5 client):

Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/freetype-2.2.1-28.el5_7.1.src.rpm

i386: freetype-2.2.1-28.el5_7.1.i386.rpm freetype-debuginfo-2.2.1-28.el5_7.1.i386.rpm

x86_64: freetype-2.2.1-28.el5_7.1.i386.rpm freetype-2.2.1-28.el5_7.1.x86_64.rpm freetype-debuginfo-2.2.1-28.el5_7.1.i386.rpm freetype-debuginfo-2.2.1-28.el5_7.1.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/freetype-2.2.1-28.el5_7.1.src.rpm

i386: freetype-debuginfo-2.2.1-28.el5_7.1.i386.rpm freetype-demos-2.2.1-28.el5_7.1.i386.rpm freetype-devel-2.2.1-28.el5_7.1.i386.rpm

x86_64: freetype-debuginfo-2.2.1-28.el5_7.1.i386.rpm freetype-debuginfo-2.2.1-28.el5_7.1.x86_64.rpm freetype-demos-2.2.1-28.el5_7.1.x86_64.rpm freetype-devel-2.2.1-28.el5_7.1.i386.rpm freetype-devel-2.2.1-28.el5_7.1.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/freetype-2.2.1-28.el5_7.1.src.rpm

i386: freetype-2.2.1-28.el5_7.1.i386.rpm freetype-debuginfo-2.2.1-28.el5_7.1.i386.rpm freetype-demos-2.2.1-28.el5_7.1.i386.rpm freetype-devel-2.2.1-28.el5_7.1.i386.rpm

ia64: freetype-2.2.1-28.el5_7.1.i386.rpm freetype-2.2.1-28.el5_7.1.ia64.rpm freetype-debuginfo-2.2.1-28.el5_7.1.i386.rpm freetype-debuginfo-2.2.1-28.el5_7.1.ia64.rpm freetype-demos-2.2.1-28.el5_7.1.ia64.rpm freetype-devel-2.2.1-28.el5_7.1.ia64.rpm

ppc: freetype-2.2.1-28.el5_7.1.ppc.rpm freetype-2.2.1-28.el5_7.1.ppc64.rpm freetype-debuginfo-2.2.1-28.el5_7.1.ppc.rpm freetype-debuginfo-2.2.1-28.el5_7.1.ppc64.rpm freetype-demos-2.2.1-28.el5_7.1.ppc.rpm freetype-devel-2.2.1-28.el5_7.1.ppc.rpm freetype-devel-2.2.1-28.el5_7.1.ppc64.rpm

s390x: freetype-2.2.1-28.el5_7.1.s390.rpm freetype-2.2.1-28.el5_7.1.s390x.rpm freetype-debuginfo-2.2.1-28.el5_7.1.s390.rpm freetype-debuginfo-2.2.1-28.el5_7.1.s390x.rpm freetype-demos-2.2.1-28.el5_7.1.s390x.rpm freetype-devel-2.2.1-28.el5_7.1.s390.rpm freetype-devel-2.2.1-28.el5_7.1.s390x.rpm

x86_64: freetype-2.2.1-28.el5_7.1.i386.rpm freetype-2.2.1-28.el5_7.1.x86_64.rpm freetype-debuginfo-2.2.1-28.el5_7.1.i386.rpm freetype-debuginfo-2.2.1-28.el5_7.1.x86_64.rpm freetype-demos-2.2.1-28.el5_7.1.x86_64.rpm freetype-devel-2.2.1-28.el5_7.1.i386.rpm freetype-devel-2.2.1-28.el5_7.1.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 6):

Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/freetype-2.3.11-6.el6_1.7.src.rpm

i386: freetype-2.3.11-6.el6_1.7.i686.rpm freetype-debuginfo-2.3.11-6.el6_1.7.i686.rpm

x86_64: freetype-2.3.11-6.el6_1.7.i686.rpm freetype-2.3.11-6.el6_1.7.x86_64.rpm freetype-debuginfo-2.3.11-6.el6_1.7.i686.rpm freetype-debuginfo-2.3.11-6.el6_1.7.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/freetype-2.3.11-6.el6_1.7.src.rpm

i386: freetype-debuginfo-2.3.11-6.el6_1.7.i686.rpm freetype-demos-2.3.11-6.el6_1.7.i686.rpm freetype-devel-2.3.11-6.el6_1.7.i686.rpm

x86_64: freetype-debuginfo-2.3.11-6.el6_1.7.i686.rpm freetype-debuginfo-2.3.11-6.el6_1.7.x86_64.rpm freetype-demos-2.3.11-6.el6_1.7.x86_64.rpm freetype-devel-2.3.11-6.el6_1.7.i686.rpm freetype-devel-2.3.11-6.el6_1.7.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/freetype-2.3.11-6.el6_1.7.src.rpm

x86_64: freetype-2.3.11-6.el6_1.7.i686.rpm freetype-2.3.11-6.el6_1.7.x86_64.rpm freetype-debuginfo-2.3.11-6.el6_1.7.i686.rpm freetype-debuginfo-2.3.11-6.el6_1.7.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/freetype-2.3.11-6.el6_1.7.src.rpm

x86_64: freetype-debuginfo-2.3.11-6.el6_1.7.i686.rpm freetype-debuginfo-2.3.11-6.el6_1.7.x86_64.rpm freetype-demos-2.3.11-6.el6_1.7.x86_64.rpm freetype-devel-2.3.11-6.el6_1.7.i686.rpm freetype-devel-2.3.11-6.el6_1.7.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/freetype-2.3.11-6.el6_1.7.src.rpm

i386: freetype-2.3.11-6.el6_1.7.i686.rpm freetype-debuginfo-2.3.11-6.el6_1.7.i686.rpm freetype-devel-2.3.11-6.el6_1.7.i686.rpm

ppc64: freetype-2.3.11-6.el6_1.7.ppc.rpm freetype-2.3.11-6.el6_1.7.ppc64.rpm freetype-debuginfo-2.3.11-6.el6_1.7.ppc.rpm freetype-debuginfo-2.3.11-6.el6_1.7.ppc64.rpm freetype-devel-2.3.11-6.el6_1.7.ppc.rpm freetype-devel-2.3.11-6.el6_1.7.ppc64.rpm

s390x: freetype-2.3.11-6.el6_1.7.s390.rpm freetype-2.3.11-6.el6_1.7.s390x.rpm freetype-debuginfo-2.3.11-6.el6_1.7.s390.rpm freetype-debuginfo-2.3.11-6.el6_1.7.s390x.rpm freetype-devel-2.3.11-6.el6_1.7.s390.rpm freetype-devel-2.3.11-6.el6_1.7.s390x.rpm

x86_64: freetype-2.3.11-6.el6_1.7.i686.rpm freetype-2.3.11-6.el6_1.7.x86_64.rpm freetype-debuginfo-2.3.11-6.el6_1.7.i686.rpm freetype-debuginfo-2.3.11-6.el6_1.7.x86_64.rpm freetype-devel-2.3.11-6.el6_1.7.i686.rpm freetype-devel-2.3.11-6.el6_1.7.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/freetype-2.3.11-6.el6_1.7.src.rpm

i386: freetype-debuginfo-2.3.11-6.el6_1.7.i686.rpm freetype-demos-2.3.11-6.el6_1.7.i686.rpm

ppc64: freetype-debuginfo-2.3.11-6.el6_1.7.ppc64.rpm freetype-demos-2.3.11-6.el6_1.7.ppc64.rpm

s390x: freetype-debuginfo-2.3.11-6.el6_1.7.s390x.rpm freetype-demos-2.3.11-6.el6_1.7.s390x.rpm

x86_64: freetype-debuginfo-2.3.11-6.el6_1.7.x86_64.rpm freetype-demos-2.3.11-6.el6_1.7.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/freetype-2.3.11-6.el6_1.7.src.rpm

i386: freetype-2.3.11-6.el6_1.7.i686.rpm freetype-debuginfo-2.3.11-6.el6_1.7.i686.rpm freetype-devel-2.3.11-6.el6_1.7.i686.rpm

x86_64: freetype-2.3.11-6.el6_1.7.i686.rpm freetype-2.3.11-6.el6_1.7.x86_64.rpm freetype-debuginfo-2.3.11-6.el6_1.7.i686.rpm freetype-debuginfo-2.3.11-6.el6_1.7.x86_64.rpm freetype-devel-2.3.11-6.el6_1.7.i686.rpm freetype-devel-2.3.11-6.el6_1.7.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/freetype-2.3.11-6.el6_1.7.src.rpm

i386: freetype-debuginfo-2.3.11-6.el6_1.7.i686.rpm freetype-demos-2.3.11-6.el6_1.7.i686.rpm

x86_64: freetype-debuginfo-2.3.11-6.el6_1.7.x86_64.rpm freetype-demos-2.3.11-6.el6_1.7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package

  1. References:

https://www.redhat.com/security/data/cve/CVE-2011-3256.html https://access.redhat.com/security/updates/classification/#important

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFOpv7zXlSAg2UNWIIRAtxRAJ9yxP+ABOboEq9+fB+RnBOLIUp/XgCePltE cL8BidDpB1YhdkDs+bUyhbU= =qAkG -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201110-0321",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "3.2.1"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "4.3.5"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "3.0"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "3.1.3"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "3.1.2"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "4.0"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "4.2.5"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "4.3.2"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "3.2.2"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "4.2.1"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "4.3.0"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "4.1"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "4.3.1"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "4.0.2"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "4.2.8"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "4.3.3"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "3.2"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "4.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "3.0 to  4.3.5 (iphone 3gs and  iphone 4)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "3.1 to  4.3.5 (ipod touch (3rd generation) after )"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "3.2 to  4.3.5 (ipad for )"
      },
      {
        "model": "ipad",
        "scope": null,
        "trust": 0.8,
        "vendor": "apple",
        "version": null
      },
      {
        "model": "iphone",
        "scope": null,
        "trust": 0.8,
        "vendor": "apple",
        "version": null
      },
      {
        "model": "ipod touch",
        "scope": null,
        "trust": 0.8,
        "vendor": "apple",
        "version": null
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.1.2"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "11.10"
      },
      {
        "model": "aura session manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "conferencing standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.2"
      },
      {
        "model": "freetype",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freetype",
        "version": "0"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "enterprise linux hpc node optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.8"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.3"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "iphone ipodtouch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.1-"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "voice portal sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.0"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "freetype",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freetype",
        "version": "2.1.10"
      },
      {
        "model": "voice portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "linux enterprise sdk sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.2"
      },
      {
        "model": "mac os server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.3"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.2"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "8"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1.1"
      },
      {
        "model": "aura session manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "enterprise linux server optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.1.1"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.3"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.1"
      },
      {
        "model": "enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "5"
      },
      {
        "model": "voice portal sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "iphone ipodtouch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.2-"
      },
      {
        "model": "iphone ipodtouch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.3-"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "11.3"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.1"
      },
      {
        "model": "freetype",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freetype",
        "version": "2.2.10"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7"
      },
      {
        "model": "voice portal sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.1"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "11.10"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "freetype",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freetype",
        "version": "2.3.3"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.0"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.2"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "enterprise linux desktop version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.1"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2011"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.5"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.10"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.1"
      },
      {
        "model": "iphone iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.1-"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "freetype",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freetype",
        "version": "2.4.3"
      },
      {
        "model": "voice portal sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.1"
      },
      {
        "model": "aura session manager sp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "enterprise linux desktop client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1"
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.8"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.2"
      },
      {
        "model": "iphone iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.2-"
      },
      {
        "model": "linux enterprise server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.1"
      },
      {
        "model": "iphone iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.3-"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.10"
      },
      {
        "model": "freetype",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freetype",
        "version": "2.4.5"
      },
      {
        "model": "freetype",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freetype",
        "version": "2.3.11"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "iphone ipodtouch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0-"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "11.4"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "11.04"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0.1"
      },
      {
        "model": "iphone ipodtouch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2-"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0"
      },
      {
        "model": "ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5"
      },
      {
        "model": "enterprise linux workstation optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.2"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.2"
      },
      {
        "model": "voice portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1.1"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.2"
      },
      {
        "model": "ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.1"
      },
      {
        "model": "proactive contact",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "iphone ipodtouch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0.1-"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.3"
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.3"
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.8"
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.10"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.1"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "9"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.3"
      },
      {
        "model": "ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "voice portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.0"
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "messaging storage server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "11.04"
      },
      {
        "model": "messaging storage server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "freetype",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freetype",
        "version": "2.1.7"
      },
      {
        "model": "aura system platform sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "linux enterprise desktop sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.5"
      },
      {
        "model": "aura system platform sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.2"
      },
      {
        "model": "iphone iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0-"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.10"
      },
      {
        "model": "enterprise linux eus 5.6.z server",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "freetype",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freetype",
        "version": "2.4.2"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.2"
      },
      {
        "model": "iphone iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2-"
      },
      {
        "model": "linux enterprise server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "freetype",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freetype",
        "version": "2.4"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.1"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1"
      },
      {
        "model": "iphone iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0.1-"
      },
      {
        "model": "linux enterprise server sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.1"
      },
      {
        "model": "iphone ipodtouch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0-"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.10"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.1"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "enterprise linux desktop optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2010.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.9"
      },
      {
        "model": "iphone ipodtouch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1-"
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0"
      },
      {
        "model": "voice portal sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.3"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "aura application server sip core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53002.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.2"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.2.1"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4"
      },
      {
        "model": "ios beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2"
      },
      {
        "model": "voice portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "model": "iphone iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0-"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2011"
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "linux lts lpia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "11.04"
      },
      {
        "model": "freetype",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freetype",
        "version": "1.3.1"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aura session manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.2"
      },
      {
        "model": "iphone ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.1-"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7"
      },
      {
        "model": "freetype",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freetype",
        "version": "2.3.4"
      },
      {
        "model": "iphone iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1-"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.3"
      },
      {
        "model": "voice portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.6"
      },
      {
        "model": "freetype",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freetype",
        "version": "2.0.6"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "11.04"
      },
      {
        "model": "enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "aura session manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.3"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "aura system manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.2"
      },
      {
        "model": "aura system manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "freetype",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freetype",
        "version": "2.2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.7"
      },
      {
        "model": "message networking sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "linux enterprise server for vmware sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aura system manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "freetype",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freetype",
        "version": "2.1.9"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.2"
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "freetype",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freetype",
        "version": "2.3.5"
      },
      {
        "model": "enterprise linux desktop workstation client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.0.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.1"
      },
      {
        "model": "messaging storage server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "linux enterprise desktop sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "freetype",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freetype",
        "version": "2.2"
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.0"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "aura system manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "freetype",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freetype",
        "version": "2.4.7"
      },
      {
        "model": "freetype",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freetype",
        "version": "2.3.9"
      },
      {
        "model": "messaging storage server sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.1"
      },
      {
        "model": "enterprise server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "5"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.4"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.2"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.3"
      },
      {
        "model": "aura session manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "aura application server sip core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53002.1"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.2"
      },
      {
        "model": "aura session manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.1"
      },
      {
        "model": "messaging storage server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.2.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.2"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "freetype",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freetype",
        "version": "2.0.9"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2010.1"
      },
      {
        "model": "conferencing standard edition sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "freetype",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freetype",
        "version": "2.3.6"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "50155"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002459"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201110-333"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3256"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.0:-:ipodtouch:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.2:-:ipodtouch:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.2:-:iphone:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.0:-:iphone:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.2.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.1.3:-:iphone:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.1.2:-:iphone:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.2.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.0.1:-:ipodtouch:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.0.1:-:iphone:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.1:-:ipodtouch:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.1:-:iphone:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.3.5:-:ipad:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.0:-:iphone:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.2.1:-:ipad:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.3.5:-:ipodtouch:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2011-3256"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Reported by the vendo",
    "sources": [
      {
        "db": "BID",
        "id": "50155"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2011-3256",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2011-3256",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-51201",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2011-3256",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201110-333",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-51201",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-51201"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002459"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201110-333"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3256"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "FreeType 2 before 2.4.7, as used in CoreGraphics in Apple iOS before 5, Mandriva Enterprise Server 5, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font, a different vulnerability than CVE-2011-0226. Free Type is prone to multiple memory corruption vulnerabilities. \nSuccessfully exploiting these issues will allow attackers to execute arbitrary code. Failed exploit attempts may cause denial-of-service conditions. \nNOTE: This issue was previously discussed in BID 50086 (Apple iPhone/iPad/iPod touch Prior to iOS 5 Multiple Vulnerabilities) but has been given its own record to better document it. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. A code injection vulnerability exists in FreeType of Apple\u0027s CoreGraphics versions prior to iOS 5. ----------------------------------------------------------------------\n\nOvum says ad hoc tools are out-dated. The best practice approach?\nFast vulnerability intelligence, threat handling, and setup in one tool. \n\nRead the new report on the Secunia VIM:\nhttp://secunia.com/products/corporate/vim/ovum_2011_request/ \n\n----------------------------------------------------------------------\n\nTITLE:\nApple iOS Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA46377\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46377/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46377\n\nRELEASE DATE:\n2011-10-14\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46377/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46377/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46377\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in Apple iOS, which can\nbe exploited by malicious people with physical access to disclose\ncertain information and by malicious people to conduct script\ninsertion, cross-site scripting, and spoofing attacks, disclose\nsensitive information, bypass certain security restrictions, cause a\nDoS (Denial of Service), and compromise a user\u0027s device. \n\n1) An error within the CalDAV component does not properly validate\nthe SSL certificate when synchronizing the calendar, which can be\nexploited to disclose encrypted information e.g. using a\nMan-in-the-Middle (MitM) attack. \n\n2) Input passed via invitation notes is not properly sanitised in\nCalendar before being returned to the user. This can be exploited to\ninsert arbitrary HTML and script code, which will be executed in a\nuser\u0027s browser session in context of an affected site when the\nmalicious invitation is being viewed. \n\n3) The CFNetwork component stores a user\u0027s AppleID password and\nusername in the log file readable by applications, which can be\nexploited to disclose the credentials. \n\n4) The CFNetwork component does not properly restrict cross-domain\naccess of HTTP cookies, which can be exploited to access the cookies\nof another web site. \n\n5) An error exists within CoreFoundation when handling string\ntokenization. \n\nFor more information see vulnerability #1 in:\nSA46339\n\n6) Multiple errors within CoreGraphics when handling the certain\nfreetype fonts can be exploited to corrupt memory. \n\n7) An error within CoreMedia does not properly handle cross-site\nredirects and can be exploited to disclose video data. \n\n8) An error exits within the Data Access component when handling\nmultiple accounts configured on the same server and can be exploited\nto disclose the cookie of another account. \n\n9) The application accepts X.509 certificates with MD5 hashes, which\ncould lead to weak cryptographic certificates being used. This can be\nexploited to disclose encrypted information e.g. using a\nMan-in-the-Middle (MitM) attack. \n\n10) A design error exists within the implementation of SSL 3.0 and\nTLS 1.0 protocols. \n\nFor more information:\nSA46168\n\n11) An error within ImageIO when handling CCITT Group 4 encoded TIFF\nfiles can be exploited to cause a buffer overflow. \n\nFor more information see vulnerability #1 in:\nSA43593\n\n12) An error in ImageIO within the handling of CCITT Group 4 encoded\nTIFF image files can be exploited to cause a heap-based buffer\noverflow. \n\nFor more information see vulnerability #9 in:\nSA45325\n\n13) An error within ICU (International Components for Unicode) can be\nexploited to cause a buffer overflow. \n\nFor more information see vulnerability #11 in:\nSA45054\n\n14) An error within the kernel does not reclaim memory from\nincomplete TCP connections, which can be exploited to exhaust system\nresources by connecting to a listening service and cause the device\nto reset. \n\n15) A NULL-pointer dereference error within the kernel when handling\nIPv6 socket options can be exploited to cause the device to reset. \n\n16) An error within libxml can be exploited to cause a heap-based\nbuffer overflow. \n\nFor more information see vulnerability #12 in:\nSA45325\n\n17) An error within OfficeImport when viewing certain Microsoft Word\nfiles can be exploited to cause a buffer overflow. \n\n18) An error within OfficeImport when viewing certain Microsoft Excel\nfiles can be exploited to cause a buffer overflow. \n\n19) An indexing error exists in the OfficeImport framework when\nprocessing certain records in a Microsoft Word file. \n\nFor more information see vulnerability #19 in:\nSA45054\n\n20) An error in the OfficeImport framework when processing records\ncan be exploited to corrupt memory. \n\nFor more information see vulnerability #28 in:\nSA43814\n\n21) An error within Safari does not properly handle the \"attachment\"\nHTTP Content-Disposition header and can be exploited to conduct\ncross-site scripting attacks. \n\n22) The parental restrictions feature stores the restrictions\npasscode in plaintext on disk and can be exploited to disclose the\npasscode. \n\n23) An error within UIKit does not properly handle \"tel:\" URIs and\ncan be exploited to cause the device to hang by tricking the user\ninto visiting a malicious website. \n\n24) Some vulnerabilities are caused due to a bundled vulnerable\nversion of WebKit. \n\nFor more information:\nSA43519\nSA43683\nSA43696\nSA43859\nSA45097\nSA45325\nSA45325\nSA45498\nSA45498\nSA46339\nSA46412\n\n25) The WiFi credentials are stored in a file readable by other\napplications, which may lead to the credentials being disclosed. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Leszek Tasiemski, nSense. \n6, 9) Reported by the vendor. \n\nThe vendor credits:\n2) Rick Deacon\n3) Peter Quade, qdevelop\n4) Erling Ellingsen, Facebook. \n7) Nirankush Panchbhai and Microsoft Vulnerability Research (MSVR)\n8) Bob Sielken, IBM\n14) Wouter van der Veer, Topicus and Josh Enders\n15) Thomas Clement, Intego\n17) Tobias Klein via iDefense. \n18) Tobias Klein, www.trapkit.de\n21) Christian Matthies via iDefense and Yoshinori Oota, Business\nArchitects via JP/CERT. \n22) An anonymous person\n23) Simon Young, Anglia Ruskin University\n25) Laurent OUDOT, TEHTRI Security\n\nORIGINAL ADVISORY:\nApple:\nhttp://support.apple.com/kb/HT4999\n\nnSense:\nhttp://www.nsense.fi/advisories/nsense_2011_006.txt\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 2.3.7-2+lenny7. \n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.4.2-2.1+squeeze2. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.4.7-1. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  media-libs/freetype          \u003c 2.4.8                    \u003e= 2.4.8\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in FreeType. Please\nreview the CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll FreeType users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=media-libs/freetype-2.4.8\"\n\nReferences\n==========\n\n[  1 ] CVE-2010-1797\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1797\n[  2 ] CVE-2010-2497\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2497\n[  3 ] CVE-2010-2498\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2498\n[  4 ] CVE-2010-2499\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2499\n[  5 ] CVE-2010-2500\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2500\n[  6 ] CVE-2010-2519\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2519\n[  7 ] CVE-2010-2520\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2520\n[  8 ] CVE-2010-2527\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2527\n[  9 ] CVE-2010-2541\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2541\n[ 10 ] CVE-2010-2805\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2805\n[ 11 ] CVE-2010-2806\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2806\n[ 12 ] CVE-2010-2807\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2807\n[ 13 ] CVE-2010-2808\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2808\n[ 14 ] CVE-2010-3053\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3053\n[ 15 ] CVE-2010-3054\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3054\n[ 16 ] CVE-2010-3311\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3311\n[ 17 ] CVE-2010-3814\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3814\n[ 18 ] CVE-2010-3855\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3855\n[ 19 ] CVE-2011-0226\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0226\n[ 20 ] CVE-2011-3256\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3256\n[ 21 ] CVE-2011-3439\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3439\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201201-09.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. \n \n A regression was found in freetype2 in Mandriva Enterprise Server 5\n that caused ugly font rendering with firefox (#63892). \n \n Additionally, improvements conserning the LZW handling (as noted in\n the freetype-2.4.7 version) was added.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.11 (GNU/Linux)\n\niD8DBQFOoSQgmqjQ0CJFipgRAu7bAKCNJuDDSIC2BGla3ck+cJp/Kn88ZwCg1jD/\ndxu3TlyhMXF4coBC+GcK+2g=\n=QK6b\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2012-02-01-1 OS X Lion v10.7.3 and Security Update 2012-001\n\nOS X Lion v10.7.3 and Security Update 2012-001 is now available and\naddresses the following:\n\nAddress Book\nAvailable for:  OS X Lion v10.7 to v10.7.2,\nOS X Lion Server v10.7 to v10.7.2\nImpact:  An attacker in a privileged network position may intercept\nCardDAV data\nDescription:  Address Book supports Secure Sockets Layer (SSL) for\naccessing CardDAV. A downgrade issue caused Address Book to attempt\nan unencrypted connection if an encrypted connection failed. An\nattacker in a privileged network position could abuse this behavior\nto intercept CardDAV data. This issue is addressed by not downgrading\nto an unencrypted connection without user approval. \nCVE-ID\nCVE-2011-3444 : Bernard Desruisseaux of Oracle Corporation\n\nApache\nAvailable for:  Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact:  Multiple vulnerabilities in Apache\nDescription:  Apache is updated to version 2.2.21 to address several\nvulnerabilities, the most serious of which may lead to a denial of\nservice. Further information is available via the Apache web site at\nhttp://httpd.apache.org/\nCVE-ID\nCVE-2011-3348\n\nApache\nAvailable for:  Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact:  An attacker may be able to decrypt data protected by SSL\nDescription:  There are known attacks on the confidentiality of SSL\n3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode. \nApache disabled the \u0027empty fragment\u0027 countermeasure which prevented\nthese attacks. This issue is addressed by providing a configuration\nparameter to control the countermeasure and enabling it by default. \nCVE-ID\nCVE-2011-3389\n\nCFNetwork\nAvailable for:  OS X Lion v10.7 to v10.7.2,\nOS X Lion Server v10.7 to v10.7.2\nImpact:  Visiting a maliciously crafted website may lead to the\ndisclosure of sensitive information\nDescription:  An issue existed in CFNetwork\u0027s handling of malformed\nURLs. When accessing a maliciously crafted URL, CFNetwork could send\nthe request to an incorrect origin server. This issue does not affect\nsystems prior to OS X Lion. \nCVE-ID\nCVE-2011-3246 : Erling Ellingsen of Facebook\n\nCFNetwork\nAvailable for:  OS X Lion v10.7 to v10.7.2,\nOS X Lion Server v10.7 to v10.7.2\nImpact:  Visiting a maliciously crafted website may lead to the\ndisclosure of sensitive information\nDescription:  An issue existed in CFNetwork\u0027s handling of malformed\nURLs. When accessing a maliciously crafted URL, CFNetwork could send\nunexpected request headers. This issue does not affect systems prior\nto OS X Lion. \nCVE-ID\nCVE-2011-3447 : Erling Ellingsen of Facebook\n\nColorSync\nAvailable for:  Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact:  Viewing a maliciously crafted image with an embedded\nColorSync profile may lead to an unexpected application termination\nor arbitrary code execution\nDescription:  An integer overflow existed in the handling of images\nwith an embedded ColorSync profile, which may lead to a heap buffer\noverflow. This issue does not affect OS X Lion systems. \nCVE-ID\nCVE-2011-0200 : binaryproof working with TippingPoint\u0027s Zero Day\nInitiative\n\nCoreAudio\nAvailable for:  Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact:  Playing maliciously crafted audio content may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A buffer overflow existed in the handling of AAC\nencoded audio streams. This issue does not affect OS X Lion systems. \nCVE-ID\nCVE-2011-3252 : Luigi Auriemma working with TippingPoint\u0027s Zero Day\nInitiative\n\nCoreMedia\nAvailable for:  Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact:  Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A heap buffer overflow existed in CoreMedia\u0027s handling\nof H.264 encoded movie files. \nCVE-ID\nCVE-2011-3448 : Scott Stender of iSEC Partners\n\nCoreText\nAvailable for:  Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact:  Viewing or downloading a document containing a maliciously\ncrafted embedded font may lead to an unexpected application\ntermination or arbitrary code execution\nDescription:  A use after free issue existed in the handling of font\nfiles. \nCVE-ID\nCVE-2011-3449 : Will Dormann of the CERT/CC\n\nCoreUI\nAvailable for:  OS X Lion v10.7 to v10.7.2,\nOS X Lion Server v10.7 to v10.7.2\nImpact:  Visiting a malicious website may lead to an unexpected\napplication termination or arbitrary code execution\nDescription:  An unbounded stack allocation issue existed in the\nhandling of long URLs. This issue does not affect systems prior to OS\nX Lion. \nCVE-ID\nCVE-2011-3450 : Ben Syverson\n\ncurl\nAvailable for:  Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact:  A remote server may be able to impersonate clients via\nGSSAPI requests\nDescription:  When doing GSSAPI authentication, libcurl\nunconditionally performs credential delegation. This issue is\naddressed by disabling GSSAPI credential delegation. \nCVE-ID\nCVE-2011-2192\n\nData Security\nAvailable for:  Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact:  An attacker with a privileged network position may intercept\nuser credentials or other sensitive information\nDescription:  Two certificate authorities in the list of trusted root\ncertificates have independently issued intermediate certificates to\nDigiCert Malaysia. DigiCert Malaysia has issued certificates with\nweak keys that it is unable to revoke. An attacker with a privileged\nnetwork position could intercept user credentials or other sensitive\ninformation intended for a site with a certificate issued by DigiCert\nMalaysia. This issue is addressed by configuring default system trust\nsettings so that DigiCert Malaysia\u0027s certificates are not trusted. We\nwould like to acknowledge Bruce Morton of Entrust, Inc. for reporting\nthis issue. \n\ndovecot\nAvailable for:  Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact:  An attacker may be able to decrypt data protected by SSL\nDescription:  There are known attacks on the confidentiality of SSL\n3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode. \nDovecot disabled the \u0027empty fragment\u0027 countermeasure which prevented\nthese attacks. This issue is addressed by enabling the\ncountermeasure. \nCVE-ID\nCVE-2011-3389 : Apple\n\nfilecmds\nAvailable for:  Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact:  Decompressing a maliciously crafted compressed file may lead\nto an unexpected application termination or arbitrary code execution\nDescription:  A buffer overflow existed in the \u0027uncompress\u0027 command\nline tool. \nCVE-ID\nCVE-2011-2895\n\nImageIO\nAvailable for:  Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact:  Viewing a maliciously crafted TIFF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A buffer overflow existed in ImageIO\u0027s handling of\nCCITT Group 4 encoded TIFF files. This issue does not affect OS X\nLion systems. \nCVE-ID\nCVE-2011-0241 : Cyril CATTIAUX of Tessi Technologies\n\nImageIO\nAvailable for:  Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact:  Viewing a maliciously crafted TIFF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A buffer overflow existed in libtiff\u0027s handling of\nThunderScan encoded TIFF images. This issue is address by updating\nlibtiff to version 3.9.5. \nCVE-ID\nCVE-2011-1167\n\nImageIO\nAvailable for:  Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact:  Multiple vulnerabilities in libpng 1.5.4\nDescription:  libpng is updated to version 1.5.5 to address multiple\nvulnerabilities, the most serious of which may lead to arbitrary code\nexecution. Further information is available via the libpng website at\nhttp://www.libpng.org/pub/png/libpng.html\nCVE-ID\nCVE-2011-3328\n\nInternet Sharing\nAvailable for:  OS X Lion v10.7 to v10.7.2,\nOS X Lion Server v10.7 to v10.7.2\nImpact:  A Wi-Fi network created by Internet Sharing may lose\nsecurity settings after a system update\nDescription:  After updating to a version of OS X Lion prior to\n10.7.3, the Wi-Fi configuration used by Internet Sharing may revert\nto factory defaults, which disables the WEP password. This issue only\naffects systems with Internet Sharing enabled and sharing the\nconnection to Wi-Fi. This issue is addressed by preserving the Wi-Fi\nconfiguration during a system update. \nCVE-ID\nCVE-2011-3452 : an anonymous researcher\n\nLibinfo\nAvailable for:  OS X Lion v10.7 to v10.7.2,\nOS X Lion Server v10.7 to v10.7.2\nImpact:  Visiting a maliciously crafted website may lead to the\ndisclosure of sensitive information\nDescription:  An issue existed in Libinfo\u0027s handling of hostname\nlookup requests. Libinfo could return incorrect results for a\nmaliciously crafted hostname. This issue does not affect systems\nprior to OS X Lion. \nCVE-ID\nCVE-2011-3441 : Erling Ellingsen of Facebook\n\nlibresolv\nAvailable for:  Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact:  Applications that use OS X\u0027s libresolv library may be\nvulnerable to an unexpected application termination or arbitrary code\nexecution\nDescription:  An integer overflow existed in the parsing of DNS\nresource records, which may lead to heap memory corruption. \nCVE-ID\nCVE-2011-3453 : Ilja van Sprundel of IOActive\n\nlibsecurity\nAvailable for:  Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact:  Some EV certificates may be trusted even if the\ncorresponding root has been marked as untrusted\nDescription:  The certificate code trusted a root certificate to sign\nEV certificates if it was on the list of known EV issuers, even if\nthe user had marked it as \u0027Never Trust\u0027 in Keychain. The root would\nnot be trusted to sign non-EV certificates. \nCVE-ID\nCVE-2011-3422 : Alastair Houghton\n\nOpenGL\nAvailable for:  Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact:  Applications that use OS X\u0027s OpenGL implementation may be\nvulnerable to an unexpected application termination or arbitrary code\nexecution\nDescription:  Multiple memory corruption issues existed in the\nhandling of GLSL compilation. \nCVE-ID\nCVE-2011-3457 : Chris Evans of the Google Chrome Security Team, and\nMarc Schoenefeld of the Red Hat Security Response Team\n\nPHP\nAvailable for:  Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact:  Multiple vulnerabilities in PHP 5.3.6\nDescription:  PHP is updated to version 5.3.8 to address several\nvulnerabilities, the most serious of which may lead to arbitrary code\nexecution. Further information is available via the PHP web site at\nhttp://www.php.net\nCVE-ID\nCVE-2011-1148\nCVE-2011-1657\nCVE-2011-1938\nCVE-2011-2202\nCVE-2011-2483\nCVE-2011-3182\nCVE-2011-3189\nCVE-2011-3267\nCVE-2011-3268\n\nPHP\nAvailable for:  OS X Lion v10.7 to v10.7.2,\nOS X Lion Server v10.7 to v10.7.2\nImpact:  Viewing a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A memory corruption issue existed in FreeType\u0027s\nhandling of Type 1 fonts. This issue is addressed by updating\nFreeType to version 2.4.7. Further information is available via the\nFreeType site at http://www.freetype.org/\nCVE-ID\nCVE-2011-3256 : Apple\n\nPHP\nAvailable for:  Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact:  Multiple vulnerabilities in libpng 1.5.4\nDescription:  libpng is updated to version 1.5.5 to address multiple\nvulnerabilities, the most serious of which may lead to arbitrary code\nexecution. Further information is available via the libpng website at\nhttp://www.libpng.org/pub/png/libpng.html\nCVE-ID\nCVE-2011-3328\n\nQuickTime\nAvailable for:  Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact:  Opening a maliciously crafted MP4 encoded file may lead to\nan unexpected application termination or arbitrary code execution\nDescription:  An uninitialized memory access issue existed in the\nhandling of MP4 encoded files. \nCVE-ID\nCVE-2011-3458 : Luigi Auriemma and pa_kt both working with\nTippingPoint\u0027s Zero Day Initiative\n\nQuickTime\nAvailable for:  Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact:  Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A signedness issue existed in the handling of font\ntables embedded in QuickTime movie files. \nCVE-ID\nCVE-2011-3248 : Luigi Auriemma working with TippingPoint\u0027s Zero Day\nInitiative\n\nQuickTime\nAvailable for:  Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact:  Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  An off by one buffer overflow existed in the handling\nof rdrf atoms in QuickTime movie files. \nCVE-ID\nCVE-2011-3459 : Luigi Auriemma working with TippingPoint\u0027s Zero Day\nInitiative\n\nQuickTime\nAvailable for:  Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact:  Viewing a maliciously crafted JPEG2000 image file may lead\nto an unexpected application termination or arbitrary code execution\nDescription:  A buffer overflow existed in the handling of JPEG2000\nfiles. \nCVE-ID\nCVE-2011-3250 : Luigi Auriemma working with TippingPoint\u0027s Zero Day\nInitiative\n\nQuickTime\nAvailable for:  Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact:  Processing a maliciously crafted PNG image may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A buffer overflow existed in the handling of PNG files. \nCVE-ID\nCVE-2011-3460 : Luigi Auriemma working with TippingPoint\u0027s Zero Day\nInitiative\n\nQuickTime\nAvailable for:  Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact:  Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A buffer overflow existed in the handling of FLC\nencoded movie files\nCVE-ID\nCVE-2011-3249 : Matt \u0027j00ru\u0027 Jurczyk working with TippingPoint\u0027s Zero\nDay Initiative\n\nSquirrelMail\nAvailable for:  Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact:  Multiple vulnerabilities in SquirrelMail\nDescription:  SquirrelMail is updated to version 1.4.22 to address\nseveral vulnerabilities, the most serious of which is a cross-site\nscripting issue. This issue does not affect OS X Lion systems. \nFurther information is available via the SquirrelMail web site at\nhttp://www.SquirrelMail.org/\nCVE-ID\nCVE-2010-1637\nCVE-2010-2813\nCVE-2010-4554\nCVE-2010-4555\nCVE-2011-2023\n\nSubversion\nAvailable for:  Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact:  Accessing a Subversion repository may lead to the disclosure\nof sensitive information\nDescription:  Subversion is updated to version 1.6.17 to address\nmultiple vulnerabilities, the most serious of which may lead to the\ndisclosure of sensitive information. Further information is available\nvia the Subversion web site at http://subversion.tigris.org/\nCVE-ID\nCVE-2011-1752\nCVE-2011-1783\nCVE-2011-1921\n\nTime Machine\nAvailable for:  OS X Lion v10.7 to v10.7.2,\nOS X Lion Server v10.7 to v10.7.2\nImpact:  A remote attacker may access new backups created by the\nuser\u0027s system\nDescription:  The user may designate a remote AFP volume or Time\nCapsule to be used for Time Machine backups. Time Machine did not\nverify that the same device was being used for subsequent backup\noperations. An attacker who is able to spoof the remote volume could\ngain access to new backups created by the user\u0027s system. This issue\nis addressed by verifying the unique identifier associated with a\ndisk for backup operations. \nCVE-ID\nCVE-2011-3462 : Michael Roitzsch of the Technische Universitat\nDresden\n\nTomcat\nAvailable for:  Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact:  Multiple vulnerabilities in Tomcat 6.0.32\nDescription:  Tomcat is updated to version 6.0.33 to address multiple\nvulnerabilities, the most serious of which may lead to the disclosure\nof sensitive information. Tomcat is only provided on Mac OS X Server\nsystems. This issue does not affect OS X Lion systems. Further\ninformation is available via the Tomcat site at\nhttp://tomcat.apache.org/\nCVE-ID\nCVE-2011-2204\n\nWebDAV Sharing\nAvailable for:  OS X Lion Server v10.7 to v10.7.2\nImpact:  Local users may obtain system privileges\nDescription:  An issue existed in WebDAV Sharing\u0027s handling of user\nauthentication. A user with a valid account on the server or one of\nits bound directories could cause the execution of arbitrary code\nwith system privileges. This issue does not affect systems prior to\nOS X Lion. \nCVE-ID\nCVE-2011-3463 : Gordon Davisson of Crywolf\n\nWebmail\nAvailable for:  OS X Lion v10.7 to v10.7.2,\nOS X Lion Server v10.7 to v10.7.2\nImpact:  Viewing a maliciously crafted e-mail message may lead to the\ndisclosure of message content\nDescription:  A cross-site scripting vulnerability existed in the\nhandling of mail messages. This issue is addressed by updating\nRoundcube Webmail to version 0.6. This issue does not affect systems\nprior to OS X Lion. Further information is available via the\nRoundcube site at http://trac.roundcube.net/\nCVE-ID\nCVE-2011-2937\n\nX11\nAvailable for:  Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact:  Viewing a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A memory corruption issue existed in FreeType\u0027s\nhandling of Type 1 fonts. This issue is addressed by updating\nFreeType to version 2.4.7. Further information is available via the\nFreeType site at http://www.freetype.org/\nCVE-ID\nCVE-2011-3256 : Apple\n\nOS X Lion v10.7.3 and Security Update 2012-001 may be obtained from\nthe Software Update pane in System Preferences, or Apple\u0027s Software\nDownloads web site:\nhttp://www.apple.com/support/downloads/\n\nThe Software Update utility will present the update that applies\nto your system configuration. Only one is needed, either\nSecurity Update 2021-001 or OS X v10.7.3. \n\nFor OS X Lion v10.7.2\nThe download file is named: MacOSXUpd10.7.3.dmg\nIts SHA-1 digest is: 7102fe8f9f47286c45dfa35f6e84e7f730493a7c\n\nFor OS X Lion v10.7 and v10.7.1\nThe download file is named: MacOSXUpdCombo10.7.3.dmg\nIts SHA-1 digest is: 07dfce300f6801eb63d9ac13e0bec84e1862a16c\n\nFor OS X Lion Server v10.7.2\nThe download file is named: MacOSXServerUpd10.7.3.dmg\nIts SHA-1 digest is: 55a9571635d4ec088c142d68132d0d69fcb8867d\n\nFor OS X Lion Server v10.7 and v10.7.1\nThe download file is named: MacOSXServerUpdCombo10.7.3.dmg\nIts SHA-1 digest is: 2c87824f09734499ea166ea0617a3ac21ecf832b\n\nFor Mac OS X v10.6.8\nThe download file is named: SecUpd2012-001Snow.dmg\nIts SHA-1 digest is: 40875ee8cb609bbaefc8f421a9c34cc353db42b8\n\nFor Mac OS X Server v10.6.8\nThe download file is named: SecUpdSrvr2012-001.dmg\nIts SHA-1 digest is: 53b3ca5548001a9920aeabed4a034c6e4657fe20\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.16 (Darwin)\n\niQEcBAEBAgAGBQJPKYxNAAoJEGnF2JsdZQeeLiIIAMLhH2ipDFrhCsw/n4VDeF1V\nP6jSkGXC9tBBVMvw1Xq4c2ok4SI34bDfMlURAVR+dde/h6nIZR24aLQVoDLjJuIp\nRrO2dm1nQeozLJSx2NbxhVh54BucJdKp4xS1GkDNxkqcdh04RE9hRURXdKagnfGy\n9P8QQPOQmKAiWos/LYhCPDInMfrpVNvEVwP8MCDP15g6hylN4De/Oyt7ZshPshSf\nMnAFObfBTGX5KioVqTyfdlBkKUfdXHJux61QEFHn8eadX6+/6IuKbUvK9B0icc8E\npvbjOxQatFRps0KNWeIsKQc5i6iQoJhocAiIy6Y6LCuZQuSXCImY2RWXkVYzbWo=\n=c1eU\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: freetype security update\nAdvisory ID:       RHSA-2011:1402-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2011-1402.html\nIssue date:        2011-10-25\nCVE Names:         CVE-2011-3256 \n=====================================================================\n\n1. Summary:\n\nUpdated freetype packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4, 5, and 6. \n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from the\nCVE link in the References section. \n\n2. Relevant releases/architectures:\n\nRHEL Desktop Workstation (v. 5 client) - i386, x86_64\nRed Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64\nRed Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64\nRed Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop version 4 - i386, x86_64\nRed Hat Enterprise Linux ES version 4 - i386, ia64, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux WS version 4 - i386, ia64, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\n\n3. Description:\n\nFreeType is a free, high-quality, portable font engine that can open and\nmanage font files. It also loads, hints, and renders individual glyphs\nefficiently. The freetype packages for Red Hat Enterprise Linux 4 provide\nboth the FreeType 1 and FreeType 2 font engines. The freetype packages for\nRed Hat Enterprise Linux 5 and 6 provide only the FreeType 2 font engine. \n\nMultiple input validation flaws were found in the way FreeType processed\nbitmap font files. (CVE-2011-3256)\n\nNote: These issues only affected the FreeType 2 font engine. \n\nUsers are advised to upgrade to these updated packages, which contain a\nbackported patch to correct these issues. The X server must be restarted\n(log out, then log back in) for this update to take effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n746226 - CVE-2011-3256 FreeType FT_Bitmap_New integer overflow to buffer overflow, FreeType TT_Vary_Get_Glyph_Deltas improper input validation\n\n6. Package List:\n\nRed Hat Enterprise Linux AS version 4:\n\nSource:\nftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/freetype-2.1.9-20.el4.src.rpm\n\ni386:\nfreetype-2.1.9-20.el4.i386.rpm\nfreetype-debuginfo-2.1.9-20.el4.i386.rpm\nfreetype-demos-2.1.9-20.el4.i386.rpm\nfreetype-devel-2.1.9-20.el4.i386.rpm\nfreetype-utils-2.1.9-20.el4.i386.rpm\n\nia64:\nfreetype-2.1.9-20.el4.i386.rpm\nfreetype-2.1.9-20.el4.ia64.rpm\nfreetype-debuginfo-2.1.9-20.el4.i386.rpm\nfreetype-debuginfo-2.1.9-20.el4.ia64.rpm\nfreetype-demos-2.1.9-20.el4.ia64.rpm\nfreetype-devel-2.1.9-20.el4.ia64.rpm\nfreetype-utils-2.1.9-20.el4.ia64.rpm\n\nppc:\nfreetype-2.1.9-20.el4.ppc.rpm\nfreetype-2.1.9-20.el4.ppc64.rpm\nfreetype-debuginfo-2.1.9-20.el4.ppc.rpm\nfreetype-debuginfo-2.1.9-20.el4.ppc64.rpm\nfreetype-demos-2.1.9-20.el4.ppc.rpm\nfreetype-devel-2.1.9-20.el4.ppc.rpm\nfreetype-utils-2.1.9-20.el4.ppc.rpm\n\ns390:\nfreetype-2.1.9-20.el4.s390.rpm\nfreetype-debuginfo-2.1.9-20.el4.s390.rpm\nfreetype-demos-2.1.9-20.el4.s390.rpm\nfreetype-devel-2.1.9-20.el4.s390.rpm\nfreetype-utils-2.1.9-20.el4.s390.rpm\n\ns390x:\nfreetype-2.1.9-20.el4.s390.rpm\nfreetype-2.1.9-20.el4.s390x.rpm\nfreetype-debuginfo-2.1.9-20.el4.s390.rpm\nfreetype-debuginfo-2.1.9-20.el4.s390x.rpm\nfreetype-demos-2.1.9-20.el4.s390x.rpm\nfreetype-devel-2.1.9-20.el4.s390x.rpm\nfreetype-utils-2.1.9-20.el4.s390x.rpm\n\nx86_64:\nfreetype-2.1.9-20.el4.i386.rpm\nfreetype-2.1.9-20.el4.x86_64.rpm\nfreetype-debuginfo-2.1.9-20.el4.i386.rpm\nfreetype-debuginfo-2.1.9-20.el4.x86_64.rpm\nfreetype-demos-2.1.9-20.el4.x86_64.rpm\nfreetype-devel-2.1.9-20.el4.x86_64.rpm\nfreetype-utils-2.1.9-20.el4.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop version 4:\n\nSource:\nftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/freetype-2.1.9-20.el4.src.rpm\n\ni386:\nfreetype-2.1.9-20.el4.i386.rpm\nfreetype-debuginfo-2.1.9-20.el4.i386.rpm\nfreetype-demos-2.1.9-20.el4.i386.rpm\nfreetype-devel-2.1.9-20.el4.i386.rpm\nfreetype-utils-2.1.9-20.el4.i386.rpm\n\nx86_64:\nfreetype-2.1.9-20.el4.i386.rpm\nfreetype-2.1.9-20.el4.x86_64.rpm\nfreetype-debuginfo-2.1.9-20.el4.i386.rpm\nfreetype-debuginfo-2.1.9-20.el4.x86_64.rpm\nfreetype-demos-2.1.9-20.el4.x86_64.rpm\nfreetype-devel-2.1.9-20.el4.x86_64.rpm\nfreetype-utils-2.1.9-20.el4.x86_64.rpm\n\nRed Hat Enterprise Linux ES version 4:\n\nSource:\nftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/freetype-2.1.9-20.el4.src.rpm\n\ni386:\nfreetype-2.1.9-20.el4.i386.rpm\nfreetype-debuginfo-2.1.9-20.el4.i386.rpm\nfreetype-demos-2.1.9-20.el4.i386.rpm\nfreetype-devel-2.1.9-20.el4.i386.rpm\nfreetype-utils-2.1.9-20.el4.i386.rpm\n\nia64:\nfreetype-2.1.9-20.el4.i386.rpm\nfreetype-2.1.9-20.el4.ia64.rpm\nfreetype-debuginfo-2.1.9-20.el4.i386.rpm\nfreetype-debuginfo-2.1.9-20.el4.ia64.rpm\nfreetype-demos-2.1.9-20.el4.ia64.rpm\nfreetype-devel-2.1.9-20.el4.ia64.rpm\nfreetype-utils-2.1.9-20.el4.ia64.rpm\n\nx86_64:\nfreetype-2.1.9-20.el4.i386.rpm\nfreetype-2.1.9-20.el4.x86_64.rpm\nfreetype-debuginfo-2.1.9-20.el4.i386.rpm\nfreetype-debuginfo-2.1.9-20.el4.x86_64.rpm\nfreetype-demos-2.1.9-20.el4.x86_64.rpm\nfreetype-devel-2.1.9-20.el4.x86_64.rpm\nfreetype-utils-2.1.9-20.el4.x86_64.rpm\n\nRed Hat Enterprise Linux WS version 4:\n\nSource:\nftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/freetype-2.1.9-20.el4.src.rpm\n\ni386:\nfreetype-2.1.9-20.el4.i386.rpm\nfreetype-debuginfo-2.1.9-20.el4.i386.rpm\nfreetype-demos-2.1.9-20.el4.i386.rpm\nfreetype-devel-2.1.9-20.el4.i386.rpm\nfreetype-utils-2.1.9-20.el4.i386.rpm\n\nia64:\nfreetype-2.1.9-20.el4.i386.rpm\nfreetype-2.1.9-20.el4.ia64.rpm\nfreetype-debuginfo-2.1.9-20.el4.i386.rpm\nfreetype-debuginfo-2.1.9-20.el4.ia64.rpm\nfreetype-demos-2.1.9-20.el4.ia64.rpm\nfreetype-devel-2.1.9-20.el4.ia64.rpm\nfreetype-utils-2.1.9-20.el4.ia64.rpm\n\nx86_64:\nfreetype-2.1.9-20.el4.i386.rpm\nfreetype-2.1.9-20.el4.x86_64.rpm\nfreetype-debuginfo-2.1.9-20.el4.i386.rpm\nfreetype-debuginfo-2.1.9-20.el4.x86_64.rpm\nfreetype-demos-2.1.9-20.el4.x86_64.rpm\nfreetype-devel-2.1.9-20.el4.x86_64.rpm\nfreetype-utils-2.1.9-20.el4.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop (v. 5 client):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/freetype-2.2.1-28.el5_7.1.src.rpm\n\ni386:\nfreetype-2.2.1-28.el5_7.1.i386.rpm\nfreetype-debuginfo-2.2.1-28.el5_7.1.i386.rpm\n\nx86_64:\nfreetype-2.2.1-28.el5_7.1.i386.rpm\nfreetype-2.2.1-28.el5_7.1.x86_64.rpm\nfreetype-debuginfo-2.2.1-28.el5_7.1.i386.rpm\nfreetype-debuginfo-2.2.1-28.el5_7.1.x86_64.rpm\n\nRHEL Desktop Workstation (v. 5 client):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/freetype-2.2.1-28.el5_7.1.src.rpm\n\ni386:\nfreetype-debuginfo-2.2.1-28.el5_7.1.i386.rpm\nfreetype-demos-2.2.1-28.el5_7.1.i386.rpm\nfreetype-devel-2.2.1-28.el5_7.1.i386.rpm\n\nx86_64:\nfreetype-debuginfo-2.2.1-28.el5_7.1.i386.rpm\nfreetype-debuginfo-2.2.1-28.el5_7.1.x86_64.rpm\nfreetype-demos-2.2.1-28.el5_7.1.x86_64.rpm\nfreetype-devel-2.2.1-28.el5_7.1.i386.rpm\nfreetype-devel-2.2.1-28.el5_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux (v. 5 server):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/freetype-2.2.1-28.el5_7.1.src.rpm\n\ni386:\nfreetype-2.2.1-28.el5_7.1.i386.rpm\nfreetype-debuginfo-2.2.1-28.el5_7.1.i386.rpm\nfreetype-demos-2.2.1-28.el5_7.1.i386.rpm\nfreetype-devel-2.2.1-28.el5_7.1.i386.rpm\n\nia64:\nfreetype-2.2.1-28.el5_7.1.i386.rpm\nfreetype-2.2.1-28.el5_7.1.ia64.rpm\nfreetype-debuginfo-2.2.1-28.el5_7.1.i386.rpm\nfreetype-debuginfo-2.2.1-28.el5_7.1.ia64.rpm\nfreetype-demos-2.2.1-28.el5_7.1.ia64.rpm\nfreetype-devel-2.2.1-28.el5_7.1.ia64.rpm\n\nppc:\nfreetype-2.2.1-28.el5_7.1.ppc.rpm\nfreetype-2.2.1-28.el5_7.1.ppc64.rpm\nfreetype-debuginfo-2.2.1-28.el5_7.1.ppc.rpm\nfreetype-debuginfo-2.2.1-28.el5_7.1.ppc64.rpm\nfreetype-demos-2.2.1-28.el5_7.1.ppc.rpm\nfreetype-devel-2.2.1-28.el5_7.1.ppc.rpm\nfreetype-devel-2.2.1-28.el5_7.1.ppc64.rpm\n\ns390x:\nfreetype-2.2.1-28.el5_7.1.s390.rpm\nfreetype-2.2.1-28.el5_7.1.s390x.rpm\nfreetype-debuginfo-2.2.1-28.el5_7.1.s390.rpm\nfreetype-debuginfo-2.2.1-28.el5_7.1.s390x.rpm\nfreetype-demos-2.2.1-28.el5_7.1.s390x.rpm\nfreetype-devel-2.2.1-28.el5_7.1.s390.rpm\nfreetype-devel-2.2.1-28.el5_7.1.s390x.rpm\n\nx86_64:\nfreetype-2.2.1-28.el5_7.1.i386.rpm\nfreetype-2.2.1-28.el5_7.1.x86_64.rpm\nfreetype-debuginfo-2.2.1-28.el5_7.1.i386.rpm\nfreetype-debuginfo-2.2.1-28.el5_7.1.x86_64.rpm\nfreetype-demos-2.2.1-28.el5_7.1.x86_64.rpm\nfreetype-devel-2.2.1-28.el5_7.1.i386.rpm\nfreetype-devel-2.2.1-28.el5_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/freetype-2.3.11-6.el6_1.7.src.rpm\n\ni386:\nfreetype-2.3.11-6.el6_1.7.i686.rpm\nfreetype-debuginfo-2.3.11-6.el6_1.7.i686.rpm\n\nx86_64:\nfreetype-2.3.11-6.el6_1.7.i686.rpm\nfreetype-2.3.11-6.el6_1.7.x86_64.rpm\nfreetype-debuginfo-2.3.11-6.el6_1.7.i686.rpm\nfreetype-debuginfo-2.3.11-6.el6_1.7.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/freetype-2.3.11-6.el6_1.7.src.rpm\n\ni386:\nfreetype-debuginfo-2.3.11-6.el6_1.7.i686.rpm\nfreetype-demos-2.3.11-6.el6_1.7.i686.rpm\nfreetype-devel-2.3.11-6.el6_1.7.i686.rpm\n\nx86_64:\nfreetype-debuginfo-2.3.11-6.el6_1.7.i686.rpm\nfreetype-debuginfo-2.3.11-6.el6_1.7.x86_64.rpm\nfreetype-demos-2.3.11-6.el6_1.7.x86_64.rpm\nfreetype-devel-2.3.11-6.el6_1.7.i686.rpm\nfreetype-devel-2.3.11-6.el6_1.7.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/freetype-2.3.11-6.el6_1.7.src.rpm\n\nx86_64:\nfreetype-2.3.11-6.el6_1.7.i686.rpm\nfreetype-2.3.11-6.el6_1.7.x86_64.rpm\nfreetype-debuginfo-2.3.11-6.el6_1.7.i686.rpm\nfreetype-debuginfo-2.3.11-6.el6_1.7.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/freetype-2.3.11-6.el6_1.7.src.rpm\n\nx86_64:\nfreetype-debuginfo-2.3.11-6.el6_1.7.i686.rpm\nfreetype-debuginfo-2.3.11-6.el6_1.7.x86_64.rpm\nfreetype-demos-2.3.11-6.el6_1.7.x86_64.rpm\nfreetype-devel-2.3.11-6.el6_1.7.i686.rpm\nfreetype-devel-2.3.11-6.el6_1.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/freetype-2.3.11-6.el6_1.7.src.rpm\n\ni386:\nfreetype-2.3.11-6.el6_1.7.i686.rpm\nfreetype-debuginfo-2.3.11-6.el6_1.7.i686.rpm\nfreetype-devel-2.3.11-6.el6_1.7.i686.rpm\n\nppc64:\nfreetype-2.3.11-6.el6_1.7.ppc.rpm\nfreetype-2.3.11-6.el6_1.7.ppc64.rpm\nfreetype-debuginfo-2.3.11-6.el6_1.7.ppc.rpm\nfreetype-debuginfo-2.3.11-6.el6_1.7.ppc64.rpm\nfreetype-devel-2.3.11-6.el6_1.7.ppc.rpm\nfreetype-devel-2.3.11-6.el6_1.7.ppc64.rpm\n\ns390x:\nfreetype-2.3.11-6.el6_1.7.s390.rpm\nfreetype-2.3.11-6.el6_1.7.s390x.rpm\nfreetype-debuginfo-2.3.11-6.el6_1.7.s390.rpm\nfreetype-debuginfo-2.3.11-6.el6_1.7.s390x.rpm\nfreetype-devel-2.3.11-6.el6_1.7.s390.rpm\nfreetype-devel-2.3.11-6.el6_1.7.s390x.rpm\n\nx86_64:\nfreetype-2.3.11-6.el6_1.7.i686.rpm\nfreetype-2.3.11-6.el6_1.7.x86_64.rpm\nfreetype-debuginfo-2.3.11-6.el6_1.7.i686.rpm\nfreetype-debuginfo-2.3.11-6.el6_1.7.x86_64.rpm\nfreetype-devel-2.3.11-6.el6_1.7.i686.rpm\nfreetype-devel-2.3.11-6.el6_1.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/freetype-2.3.11-6.el6_1.7.src.rpm\n\ni386:\nfreetype-debuginfo-2.3.11-6.el6_1.7.i686.rpm\nfreetype-demos-2.3.11-6.el6_1.7.i686.rpm\n\nppc64:\nfreetype-debuginfo-2.3.11-6.el6_1.7.ppc64.rpm\nfreetype-demos-2.3.11-6.el6_1.7.ppc64.rpm\n\ns390x:\nfreetype-debuginfo-2.3.11-6.el6_1.7.s390x.rpm\nfreetype-demos-2.3.11-6.el6_1.7.s390x.rpm\n\nx86_64:\nfreetype-debuginfo-2.3.11-6.el6_1.7.x86_64.rpm\nfreetype-demos-2.3.11-6.el6_1.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/freetype-2.3.11-6.el6_1.7.src.rpm\n\ni386:\nfreetype-2.3.11-6.el6_1.7.i686.rpm\nfreetype-debuginfo-2.3.11-6.el6_1.7.i686.rpm\nfreetype-devel-2.3.11-6.el6_1.7.i686.rpm\n\nx86_64:\nfreetype-2.3.11-6.el6_1.7.i686.rpm\nfreetype-2.3.11-6.el6_1.7.x86_64.rpm\nfreetype-debuginfo-2.3.11-6.el6_1.7.i686.rpm\nfreetype-debuginfo-2.3.11-6.el6_1.7.x86_64.rpm\nfreetype-devel-2.3.11-6.el6_1.7.i686.rpm\nfreetype-devel-2.3.11-6.el6_1.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/freetype-2.3.11-6.el6_1.7.src.rpm\n\ni386:\nfreetype-debuginfo-2.3.11-6.el6_1.7.i686.rpm\nfreetype-demos-2.3.11-6.el6_1.7.i686.rpm\n\nx86_64:\nfreetype-debuginfo-2.3.11-6.el6_1.7.x86_64.rpm\nfreetype-demos-2.3.11-6.el6_1.7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and \ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2011-3256.html\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e.  More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2011 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFOpv7zXlSAg2UNWIIRAtxRAJ9yxP+ABOboEq9+fB+RnBOLIUp/XgCePltE\ncL8BidDpB1YhdkDs+bUyhbU=\n=qAkG\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2011-3256"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002459"
      },
      {
        "db": "BID",
        "id": "50155"
      },
      {
        "db": "VULHUB",
        "id": "VHN-51201"
      },
      {
        "db": "PACKETSTORM",
        "id": "105765"
      },
      {
        "db": "PACKETSTORM",
        "id": "106183"
      },
      {
        "db": "PACKETSTORM",
        "id": "109005"
      },
      {
        "db": "PACKETSTORM",
        "id": "106070"
      },
      {
        "db": "PACKETSTORM",
        "id": "109368"
      },
      {
        "db": "PACKETSTORM",
        "id": "109373"
      },
      {
        "db": "PACKETSTORM",
        "id": "106219"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2011-3256",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "50155",
        "trust": 1.4
      },
      {
        "db": "SECUNIA",
        "id": "48951",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002459",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201110-333",
        "trust": 0.7
      },
      {
        "db": "SECUNIA",
        "id": "46377",
        "trust": 0.7
      },
      {
        "db": "NSFOCUS",
        "id": "18006",
        "trust": 0.6
      },
      {
        "db": "APPLE",
        "id": "APPLE-SA-2011-10-12-1",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "106219",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "109368",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "106070",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "106183",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "107115",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-51201",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "105765",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "109005",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "109373",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-51201"
      },
      {
        "db": "BID",
        "id": "50155"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002459"
      },
      {
        "db": "PACKETSTORM",
        "id": "105765"
      },
      {
        "db": "PACKETSTORM",
        "id": "106183"
      },
      {
        "db": "PACKETSTORM",
        "id": "109005"
      },
      {
        "db": "PACKETSTORM",
        "id": "106070"
      },
      {
        "db": "PACKETSTORM",
        "id": "109368"
      },
      {
        "db": "PACKETSTORM",
        "id": "109373"
      },
      {
        "db": "PACKETSTORM",
        "id": "106219"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201110-333"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3256"
      }
    ]
  },
  "id": "VAR-201110-0321",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-51201"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-07-23T21:43:33.476000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT4999",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht4999"
      },
      {
        "title": "CVE-2011-3256 Denial of Service (DoS) vulnerability in FreeType 2",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2011_3256_denial_of"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002459"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-94",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-51201"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002459"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3256"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "http://support.apple.com/kb/ht4999"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2011//oct/msg00001.html"
      },
      {
        "trust": 1.4,
        "url": "https://sourceforge.net/projects/freetype/files/freetype2/2.4.7/readme/view"
      },
      {
        "trust": 1.1,
        "url": "http://lists.apple.com/archives/security-announce/2012/feb/msg00000.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/50155"
      },
      {
        "trust": 1.1,
        "url": "http://support.apple.com/kb/ht5130"
      },
      {
        "trust": 1.1,
        "url": "http://www.debian.org/security/2011/dsa-2328"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-november/069100.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2011:157"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/48951"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00008.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00003.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00012.html"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70552"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3256"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu177979"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3256"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3256"
      },
      {
        "trust": 0.6,
        "url": "http://secunia.com/advisories/46377"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/18006"
      },
      {
        "trust": 0.4,
        "url": "http://www.freetype.org/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/iphone/softwareupdate/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/ipad/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/iphone/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/ipodtouch/"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/css/p8/documents/100153367"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3439"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/security/data/cve/cve-2011-3256.html"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/kb/docs/doc-11259"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/key/#package"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.2,
        "url": "http://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.1,
        "url": "https://www.trapkit.de"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_intelligence/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/46377/#comments"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_scanning/personal/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://www.nsense.fi/advisories/nsense_2011_006.txt"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/products/corporate/vim/ovum_2011_request/"
      },
      {
        "trust": 0.1,
        "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46377"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/46377/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2807"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2520"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0226"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2498"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2805"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3311"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2541"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3439"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2527"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0226"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3814"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3311"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2519"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3054"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2520"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2500"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2497"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2519"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2499"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2498"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2527"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2806"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/glsa/glsa-201201-09.xml"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3054"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1797"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3053"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2497"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2806"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3855"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3855"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2500"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2541"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3256"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3053"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2499"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2805"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2808"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3814"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1797"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2808"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2807"
      },
      {
        "trust": 0.1,
        "url": "https://qa.mandriva.com/63892"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/advisories"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2011-3439.html"
      },
      {
        "trust": 0.1,
        "url": "https://rhn.redhat.com/errata/rhsa-2012-0094.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2204"
      },
      {
        "trust": 0.1,
        "url": "http://www.php.net"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1783"
      },
      {
        "trust": 0.1,
        "url": "http://tomcat.apache.org/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2023"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3252"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1148"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1167"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3182"
      },
      {
        "trust": 0.1,
        "url": "http://support.apple.com/kb/ht1222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3249"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0200"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1752"
      },
      {
        "trust": 0.1,
        "url": "http://trac.roundcube.net/"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4554"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2202"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2895"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0241"
      },
      {
        "trust": 0.1,
        "url": "http://www.squirrelmail.org/"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1938"
      },
      {
        "trust": 0.1,
        "url": "http://httpd.apache.org/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1921"
      },
      {
        "trust": 0.1,
        "url": "http://www.libpng.org/pub/png/libpng.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3250"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2483"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2813"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1657"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4555"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3246"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2937"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3248"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1637"
      },
      {
        "trust": 0.1,
        "url": "http://subversion.tigris.org/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2192"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3189"
      },
      {
        "trust": 0.1,
        "url": "https://rhn.redhat.com/errata/rhsa-2011-1402.html"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-51201"
      },
      {
        "db": "BID",
        "id": "50155"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002459"
      },
      {
        "db": "PACKETSTORM",
        "id": "105765"
      },
      {
        "db": "PACKETSTORM",
        "id": "106183"
      },
      {
        "db": "PACKETSTORM",
        "id": "109005"
      },
      {
        "db": "PACKETSTORM",
        "id": "106070"
      },
      {
        "db": "PACKETSTORM",
        "id": "109368"
      },
      {
        "db": "PACKETSTORM",
        "id": "109373"
      },
      {
        "db": "PACKETSTORM",
        "id": "106219"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201110-333"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3256"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-51201"
      },
      {
        "db": "BID",
        "id": "50155"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002459"
      },
      {
        "db": "PACKETSTORM",
        "id": "105765"
      },
      {
        "db": "PACKETSTORM",
        "id": "106183"
      },
      {
        "db": "PACKETSTORM",
        "id": "109005"
      },
      {
        "db": "PACKETSTORM",
        "id": "106070"
      },
      {
        "db": "PACKETSTORM",
        "id": "109368"
      },
      {
        "db": "PACKETSTORM",
        "id": "109373"
      },
      {
        "db": "PACKETSTORM",
        "id": "106219"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201110-333"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3256"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-10-14T00:00:00",
        "db": "VULHUB",
        "id": "VHN-51201"
      },
      {
        "date": "2011-10-14T00:00:00",
        "db": "BID",
        "id": "50155"
      },
      {
        "date": "2011-10-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-002459"
      },
      {
        "date": "2011-10-13T09:15:38",
        "db": "PACKETSTORM",
        "id": "105765"
      },
      {
        "date": "2011-10-25T01:58:45",
        "db": "PACKETSTORM",
        "id": "106183"
      },
      {
        "date": "2012-01-24T04:19:22",
        "db": "PACKETSTORM",
        "id": "109005"
      },
      {
        "date": "2011-10-21T22:24:45",
        "db": "PACKETSTORM",
        "id": "106070"
      },
      {
        "date": "2012-02-03T00:18:48",
        "db": "PACKETSTORM",
        "id": "109368"
      },
      {
        "date": "2012-02-03T00:24:52",
        "db": "PACKETSTORM",
        "id": "109373"
      },
      {
        "date": "2011-10-25T22:56:07",
        "db": "PACKETSTORM",
        "id": "106219"
      },
      {
        "date": "2011-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201110-333"
      },
      {
        "date": "2011-10-14T10:55:10.090000",
        "db": "NVD",
        "id": "CVE-2011-3256"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-08-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-51201"
      },
      {
        "date": "2015-05-07T17:18:00",
        "db": "BID",
        "id": "50155"
      },
      {
        "date": "2012-04-16T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-002459"
      },
      {
        "date": "2011-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201110-333"
      },
      {
        "date": "2017-08-29T01:30:07.943000",
        "db": "NVD",
        "id": "CVE-2011-3256"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "109005"
      },
      {
        "db": "PACKETSTORM",
        "id": "106070"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201110-333"
      }
    ],
    "trust": 0.8
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple iOS of  CoreGraphics of  FreeType Vulnerable to arbitrary code execution",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002459"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "code injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201110-333"
      }
    ],
    "trust": 0.6
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.