var-201111-0222
Vulnerability from variot
FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document. Apple iOS is prone to multiple memory corruption vulnerabilities. Successfully exploiting these issues will allow attackers to execute arbitrary code. Failed exploit attempts may cause denial-of-service conditions. The following Apple systems are vulnerable: iOS 3.0 through 5.0 for iPhone 3GS, iPhone 4 and iPhone 4S iOS 3.1 through 5.0 for iPod touch (3rd generation) and later iOS 3.2 through 5.0 for iPad iOS 4.3 through 5.0 for iPad 2. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. When accessing a maliciously crafted HTTP or HTTPS URL, CFNetwork could navigate to an incorrect server. DigiCert Malaysia has issued certificates with weak keys that it is unable to revoke. An attacker with a privileged network position could intercept user credentials or other sensitive information intended for a site with a certificate issued by DigiCert Malaysia. This issue is addressed by configuring default system trust settings so that DigiCert Malaysia's certificates are not trusted. We would like to acknowledge Bruce Morton of Entrust, Inc. for reporting this issue. This issue may lead to a bypass of codesigning checks. This issue does not affect devices running iOS prior to version 4.3. When resolving a maliciously crafted hostname, libinfo could return an incorrect result. CVE-ID CVE-2011-3441 : Erling Ellingsen of Facebook, Per Johansson of Blocket AB
Passcode Lock Available for: iOS 4.3 through 5.0 for iPad 2 Impact: A person with physical access to a locked iPad 2 may be able to access some of the user's data Description: When a Smart Cover is opened while iPad 2 is confirming power off in the locked state, the iPad does not request a passcode. This allows some access to the iPad, but data protected by Data Protection is inaccessible and apps cannot be launched. CVE-ID CVE-2011-3440
Installation note:
This update is only available through iTunes, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/
iTunes will automatically check Apple's update server on its weekly schedule. When an update is detected, it will download it. When the iPhone, iPod touch or iPad is docked, iTunes will present the user with the option to install the update. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iPhone, iPod touch, or iPad.
The automatic update process may take up to a week depending on the day that iTunes checks for updates. You may manually obtain the update via the Check for Updates button within iTunes.
To check that the iPhone, iPod touch, or iPad has been updated:
- Navigate to Settings
- Select General
- Select About.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 media-libs/freetype < 2.4.8 >= 2.4.8
Description
Multiple vulnerabilities have been discovered in FreeType. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All FreeType users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/freetype-2.4.8"
References
[ 1 ] CVE-2010-1797 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1797 [ 2 ] CVE-2010-2497 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2497 [ 3 ] CVE-2010-2498 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2498 [ 4 ] CVE-2010-2499 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2499 [ 5 ] CVE-2010-2500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2500 [ 6 ] CVE-2010-2519 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2519 [ 7 ] CVE-2010-2520 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2520 [ 8 ] CVE-2010-2527 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2527 [ 9 ] CVE-2010-2541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2541 [ 10 ] CVE-2010-2805 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2805 [ 11 ] CVE-2010-2806 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2806 [ 12 ] CVE-2010-2807 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2807 [ 13 ] CVE-2010-2808 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2808 [ 14 ] CVE-2010-3053 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3053 [ 15 ] CVE-2010-3054 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3054 [ 16 ] CVE-2010-3311 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3311 [ 17 ] CVE-2010-3814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3814 [ 18 ] CVE-2010-3855 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3855 [ 19 ] CVE-2011-0226 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0226 [ 20 ] CVE-2011-3256 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3256 [ 21 ] CVE-2011-3439 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3439
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201201-09.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: freetype security update Advisory ID: RHSA-2011:1455-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1455.html Issue date: 2011-11-16 CVE Names: CVE-2011-3439 =====================================================================
- Summary:
Updated freetype packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4, 5, and 6.
The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
- Relevant releases/architectures:
RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
- Description:
FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for Red Hat Enterprise Linux 5 and 6 provide only the FreeType 2 font engine.
Multiple input validation flaws were found in the way FreeType processed CID-keyed fonts. (CVE-2011-3439)
Note: These issues only affected the FreeType 2 font engine.
Users are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect.
- Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259
- Bugs fixed (http://bugzilla.redhat.com/):
753799 - CVE-2011-3439 freetype: Multiple security flaws when loading CID-keyed Type 1 fonts
- Package List:
Red Hat Enterprise Linux AS version 4:
Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/freetype-2.1.9-21.el4.src.rpm
i386: freetype-2.1.9-21.el4.i386.rpm freetype-debuginfo-2.1.9-21.el4.i386.rpm freetype-demos-2.1.9-21.el4.i386.rpm freetype-devel-2.1.9-21.el4.i386.rpm freetype-utils-2.1.9-21.el4.i386.rpm
ia64: freetype-2.1.9-21.el4.i386.rpm freetype-2.1.9-21.el4.ia64.rpm freetype-debuginfo-2.1.9-21.el4.i386.rpm freetype-debuginfo-2.1.9-21.el4.ia64.rpm freetype-demos-2.1.9-21.el4.ia64.rpm freetype-devel-2.1.9-21.el4.ia64.rpm freetype-utils-2.1.9-21.el4.ia64.rpm
ppc: freetype-2.1.9-21.el4.ppc.rpm freetype-2.1.9-21.el4.ppc64.rpm freetype-debuginfo-2.1.9-21.el4.ppc.rpm freetype-debuginfo-2.1.9-21.el4.ppc64.rpm freetype-demos-2.1.9-21.el4.ppc.rpm freetype-devel-2.1.9-21.el4.ppc.rpm freetype-utils-2.1.9-21.el4.ppc.rpm
s390: freetype-2.1.9-21.el4.s390.rpm freetype-debuginfo-2.1.9-21.el4.s390.rpm freetype-demos-2.1.9-21.el4.s390.rpm freetype-devel-2.1.9-21.el4.s390.rpm freetype-utils-2.1.9-21.el4.s390.rpm
s390x: freetype-2.1.9-21.el4.s390.rpm freetype-2.1.9-21.el4.s390x.rpm freetype-debuginfo-2.1.9-21.el4.s390.rpm freetype-debuginfo-2.1.9-21.el4.s390x.rpm freetype-demos-2.1.9-21.el4.s390x.rpm freetype-devel-2.1.9-21.el4.s390x.rpm freetype-utils-2.1.9-21.el4.s390x.rpm
x86_64: freetype-2.1.9-21.el4.i386.rpm freetype-2.1.9-21.el4.x86_64.rpm freetype-debuginfo-2.1.9-21.el4.i386.rpm freetype-debuginfo-2.1.9-21.el4.x86_64.rpm freetype-demos-2.1.9-21.el4.x86_64.rpm freetype-devel-2.1.9-21.el4.x86_64.rpm freetype-utils-2.1.9-21.el4.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/freetype-2.1.9-21.el4.src.rpm
i386: freetype-2.1.9-21.el4.i386.rpm freetype-debuginfo-2.1.9-21.el4.i386.rpm freetype-demos-2.1.9-21.el4.i386.rpm freetype-devel-2.1.9-21.el4.i386.rpm freetype-utils-2.1.9-21.el4.i386.rpm
x86_64: freetype-2.1.9-21.el4.i386.rpm freetype-2.1.9-21.el4.x86_64.rpm freetype-debuginfo-2.1.9-21.el4.i386.rpm freetype-debuginfo-2.1.9-21.el4.x86_64.rpm freetype-demos-2.1.9-21.el4.x86_64.rpm freetype-devel-2.1.9-21.el4.x86_64.rpm freetype-utils-2.1.9-21.el4.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/freetype-2.1.9-21.el4.src.rpm
i386: freetype-2.1.9-21.el4.i386.rpm freetype-debuginfo-2.1.9-21.el4.i386.rpm freetype-demos-2.1.9-21.el4.i386.rpm freetype-devel-2.1.9-21.el4.i386.rpm freetype-utils-2.1.9-21.el4.i386.rpm
ia64: freetype-2.1.9-21.el4.i386.rpm freetype-2.1.9-21.el4.ia64.rpm freetype-debuginfo-2.1.9-21.el4.i386.rpm freetype-debuginfo-2.1.9-21.el4.ia64.rpm freetype-demos-2.1.9-21.el4.ia64.rpm freetype-devel-2.1.9-21.el4.ia64.rpm freetype-utils-2.1.9-21.el4.ia64.rpm
x86_64: freetype-2.1.9-21.el4.i386.rpm freetype-2.1.9-21.el4.x86_64.rpm freetype-debuginfo-2.1.9-21.el4.i386.rpm freetype-debuginfo-2.1.9-21.el4.x86_64.rpm freetype-demos-2.1.9-21.el4.x86_64.rpm freetype-devel-2.1.9-21.el4.x86_64.rpm freetype-utils-2.1.9-21.el4.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/freetype-2.1.9-21.el4.src.rpm
i386: freetype-2.1.9-21.el4.i386.rpm freetype-debuginfo-2.1.9-21.el4.i386.rpm freetype-demos-2.1.9-21.el4.i386.rpm freetype-devel-2.1.9-21.el4.i386.rpm freetype-utils-2.1.9-21.el4.i386.rpm
ia64: freetype-2.1.9-21.el4.i386.rpm freetype-2.1.9-21.el4.ia64.rpm freetype-debuginfo-2.1.9-21.el4.i386.rpm freetype-debuginfo-2.1.9-21.el4.ia64.rpm freetype-demos-2.1.9-21.el4.ia64.rpm freetype-devel-2.1.9-21.el4.ia64.rpm freetype-utils-2.1.9-21.el4.ia64.rpm
x86_64: freetype-2.1.9-21.el4.i386.rpm freetype-2.1.9-21.el4.x86_64.rpm freetype-debuginfo-2.1.9-21.el4.i386.rpm freetype-debuginfo-2.1.9-21.el4.x86_64.rpm freetype-demos-2.1.9-21.el4.x86_64.rpm freetype-devel-2.1.9-21.el4.x86_64.rpm freetype-utils-2.1.9-21.el4.x86_64.rpm
Red Hat Enterprise Linux Desktop (v. 5 client):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/freetype-2.2.1-28.el5_7.2.src.rpm
i386: freetype-2.2.1-28.el5_7.2.i386.rpm freetype-debuginfo-2.2.1-28.el5_7.2.i386.rpm
x86_64: freetype-2.2.1-28.el5_7.2.i386.rpm freetype-2.2.1-28.el5_7.2.x86_64.rpm freetype-debuginfo-2.2.1-28.el5_7.2.i386.rpm freetype-debuginfo-2.2.1-28.el5_7.2.x86_64.rpm
RHEL Desktop Workstation (v. 5 client):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/freetype-2.2.1-28.el5_7.2.src.rpm
i386: freetype-debuginfo-2.2.1-28.el5_7.2.i386.rpm freetype-demos-2.2.1-28.el5_7.2.i386.rpm freetype-devel-2.2.1-28.el5_7.2.i386.rpm
x86_64: freetype-debuginfo-2.2.1-28.el5_7.2.i386.rpm freetype-debuginfo-2.2.1-28.el5_7.2.x86_64.rpm freetype-demos-2.2.1-28.el5_7.2.x86_64.rpm freetype-devel-2.2.1-28.el5_7.2.i386.rpm freetype-devel-2.2.1-28.el5_7.2.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/freetype-2.2.1-28.el5_7.2.src.rpm
i386: freetype-2.2.1-28.el5_7.2.i386.rpm freetype-debuginfo-2.2.1-28.el5_7.2.i386.rpm freetype-demos-2.2.1-28.el5_7.2.i386.rpm freetype-devel-2.2.1-28.el5_7.2.i386.rpm
ia64: freetype-2.2.1-28.el5_7.2.i386.rpm freetype-2.2.1-28.el5_7.2.ia64.rpm freetype-debuginfo-2.2.1-28.el5_7.2.i386.rpm freetype-debuginfo-2.2.1-28.el5_7.2.ia64.rpm freetype-demos-2.2.1-28.el5_7.2.ia64.rpm freetype-devel-2.2.1-28.el5_7.2.ia64.rpm
ppc: freetype-2.2.1-28.el5_7.2.ppc.rpm freetype-2.2.1-28.el5_7.2.ppc64.rpm freetype-debuginfo-2.2.1-28.el5_7.2.ppc.rpm freetype-debuginfo-2.2.1-28.el5_7.2.ppc64.rpm freetype-demos-2.2.1-28.el5_7.2.ppc.rpm freetype-devel-2.2.1-28.el5_7.2.ppc.rpm freetype-devel-2.2.1-28.el5_7.2.ppc64.rpm
s390x: freetype-2.2.1-28.el5_7.2.s390.rpm freetype-2.2.1-28.el5_7.2.s390x.rpm freetype-debuginfo-2.2.1-28.el5_7.2.s390.rpm freetype-debuginfo-2.2.1-28.el5_7.2.s390x.rpm freetype-demos-2.2.1-28.el5_7.2.s390x.rpm freetype-devel-2.2.1-28.el5_7.2.s390.rpm freetype-devel-2.2.1-28.el5_7.2.s390x.rpm
x86_64: freetype-2.2.1-28.el5_7.2.i386.rpm freetype-2.2.1-28.el5_7.2.x86_64.rpm freetype-debuginfo-2.2.1-28.el5_7.2.i386.rpm freetype-debuginfo-2.2.1-28.el5_7.2.x86_64.rpm freetype-demos-2.2.1-28.el5_7.2.x86_64.rpm freetype-devel-2.2.1-28.el5_7.2.i386.rpm freetype-devel-2.2.1-28.el5_7.2.x86_64.rpm
Red Hat Enterprise Linux Desktop (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/freetype-2.3.11-6.el6_1.8.src.rpm
i386: freetype-2.3.11-6.el6_1.8.i686.rpm freetype-debuginfo-2.3.11-6.el6_1.8.i686.rpm
x86_64: freetype-2.3.11-6.el6_1.8.i686.rpm freetype-2.3.11-6.el6_1.8.x86_64.rpm freetype-debuginfo-2.3.11-6.el6_1.8.i686.rpm freetype-debuginfo-2.3.11-6.el6_1.8.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/freetype-2.3.11-6.el6_1.8.src.rpm
i386: freetype-debuginfo-2.3.11-6.el6_1.8.i686.rpm freetype-demos-2.3.11-6.el6_1.8.i686.rpm freetype-devel-2.3.11-6.el6_1.8.i686.rpm
x86_64: freetype-debuginfo-2.3.11-6.el6_1.8.i686.rpm freetype-debuginfo-2.3.11-6.el6_1.8.x86_64.rpm freetype-demos-2.3.11-6.el6_1.8.x86_64.rpm freetype-devel-2.3.11-6.el6_1.8.i686.rpm freetype-devel-2.3.11-6.el6_1.8.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/freetype-2.3.11-6.el6_1.8.src.rpm
x86_64: freetype-2.3.11-6.el6_1.8.i686.rpm freetype-2.3.11-6.el6_1.8.x86_64.rpm freetype-debuginfo-2.3.11-6.el6_1.8.i686.rpm freetype-debuginfo-2.3.11-6.el6_1.8.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/freetype-2.3.11-6.el6_1.8.src.rpm
x86_64: freetype-debuginfo-2.3.11-6.el6_1.8.i686.rpm freetype-debuginfo-2.3.11-6.el6_1.8.x86_64.rpm freetype-demos-2.3.11-6.el6_1.8.x86_64.rpm freetype-devel-2.3.11-6.el6_1.8.i686.rpm freetype-devel-2.3.11-6.el6_1.8.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/freetype-2.3.11-6.el6_1.8.src.rpm
i386: freetype-2.3.11-6.el6_1.8.i686.rpm freetype-debuginfo-2.3.11-6.el6_1.8.i686.rpm freetype-devel-2.3.11-6.el6_1.8.i686.rpm
ppc64: freetype-2.3.11-6.el6_1.8.ppc.rpm freetype-2.3.11-6.el6_1.8.ppc64.rpm freetype-debuginfo-2.3.11-6.el6_1.8.ppc.rpm freetype-debuginfo-2.3.11-6.el6_1.8.ppc64.rpm freetype-devel-2.3.11-6.el6_1.8.ppc.rpm freetype-devel-2.3.11-6.el6_1.8.ppc64.rpm
s390x: freetype-2.3.11-6.el6_1.8.s390.rpm freetype-2.3.11-6.el6_1.8.s390x.rpm freetype-debuginfo-2.3.11-6.el6_1.8.s390.rpm freetype-debuginfo-2.3.11-6.el6_1.8.s390x.rpm freetype-devel-2.3.11-6.el6_1.8.s390.rpm freetype-devel-2.3.11-6.el6_1.8.s390x.rpm
x86_64: freetype-2.3.11-6.el6_1.8.i686.rpm freetype-2.3.11-6.el6_1.8.x86_64.rpm freetype-debuginfo-2.3.11-6.el6_1.8.i686.rpm freetype-debuginfo-2.3.11-6.el6_1.8.x86_64.rpm freetype-devel-2.3.11-6.el6_1.8.i686.rpm freetype-devel-2.3.11-6.el6_1.8.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/freetype-2.3.11-6.el6_1.8.src.rpm
i386: freetype-debuginfo-2.3.11-6.el6_1.8.i686.rpm freetype-demos-2.3.11-6.el6_1.8.i686.rpm
ppc64: freetype-debuginfo-2.3.11-6.el6_1.8.ppc64.rpm freetype-demos-2.3.11-6.el6_1.8.ppc64.rpm
s390x: freetype-debuginfo-2.3.11-6.el6_1.8.s390x.rpm freetype-demos-2.3.11-6.el6_1.8.s390x.rpm
x86_64: freetype-debuginfo-2.3.11-6.el6_1.8.x86_64.rpm freetype-demos-2.3.11-6.el6_1.8.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/freetype-2.3.11-6.el6_1.8.src.rpm
i386: freetype-2.3.11-6.el6_1.8.i686.rpm freetype-debuginfo-2.3.11-6.el6_1.8.i686.rpm freetype-devel-2.3.11-6.el6_1.8.i686.rpm
x86_64: freetype-2.3.11-6.el6_1.8.i686.rpm freetype-2.3.11-6.el6_1.8.x86_64.rpm freetype-debuginfo-2.3.11-6.el6_1.8.i686.rpm freetype-debuginfo-2.3.11-6.el6_1.8.x86_64.rpm freetype-devel-2.3.11-6.el6_1.8.i686.rpm freetype-devel-2.3.11-6.el6_1.8.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/freetype-2.3.11-6.el6_1.8.src.rpm
i386: freetype-debuginfo-2.3.11-6.el6_1.8.i686.rpm freetype-demos-2.3.11-6.el6_1.8.i686.rpm
x86_64: freetype-debuginfo-2.3.11-6.el6_1.8.x86_64.rpm freetype-demos-2.3.11-6.el6_1.8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2011-3439.html https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFOxELiXlSAg2UNWIIRAmg3AJ97Gr0i8TaFnRSHpygUtgufIIvBsgCfQ/lt 9X4xr8MjwZa5fRg3cRkFSu4= =DgiA -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security.
For the oldstable distribution (lenny), this problem has been fixed in version 2.3.7-2+lenny8.
For the stable distribution (squeeze), this problem has been fixed in version 2.4.2-2.1+squeeze3.
For the unstable distribution (sid), this problem has been fixed in version 2.4.8-1. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . ========================================================================== Ubuntu Security Notice USN-1267-1 November 18, 2011
freetype vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS
Summary:
FreeType could be made to crash or run programs as your login if it opened a specially crafted font file. (CVE-2011-3439)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 11.10: libfreetype6 2.4.4-2ubuntu1.1
Ubuntu 11.04: libfreetype6 2.4.4-1ubuntu2.2
Ubuntu 10.10: libfreetype6 2.4.2-2ubuntu0.3
Ubuntu 10.04 LTS: libfreetype6 2.3.11-1ubuntu2.5
Ubuntu 8.04 LTS: libfreetype6 2.3.5-1ubuntu4.8.04.7
After a standard system update you need to restart your session to make all the necessary changes
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201111-0222",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linux enterprise software development kit",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "11"
},
{
"model": "linux enterprise desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "11"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "11"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "3.0 to 5.0 (iphone 3gs"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "iphone 4 and iphone 4s for )"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "3.1 to 5.0 (ipod touch (3rd generation) after )"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "3.2 to 5.0 (ipad for )"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "4.3 to 5.0 (ipad 2 for )"
},
{
"model": "ipad",
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"model": "iphone",
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"model": "ipod touch",
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"model": "iphone os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "4.3.5"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "1.1.0"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "5.0"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "1.0.2"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "1.0.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "1.0.0"
},
{
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1.2"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.10"
},
{
"model": "aura conferencing",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "hat enterprise linux eus 5.6.z server",
"scope": null,
"trust": 0.3,
"vendor": "red",
"version": null
},
{
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.2"
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.8"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux enterprise desktop sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "freetype",
"scope": "eq",
"trust": 0.3,
"vendor": "freetype",
"version": "2.1.10"
},
{
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "linux enterprise sdk sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5"
},
{
"model": "freetype",
"scope": "eq",
"trust": 0.3,
"vendor": "freetype",
"version": "2.4.7"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1.1"
},
{
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1.1"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.3"
},
{
"model": "enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"model": "hat enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1"
},
{
"model": "freetype",
"scope": "eq",
"trust": 0.3,
"vendor": "freetype",
"version": "2.2.10"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.2"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.10"
},
{
"model": "freetype",
"scope": "eq",
"trust": 0.3,
"vendor": "freetype",
"version": "2.3.3"
},
{
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "aura communication manager utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2011"
},
{
"model": "hat enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "freetype",
"scope": "eq",
"trust": 0.3,
"vendor": "freetype",
"version": "2.4.3"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"model": "hat enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"model": "communication server 1000m",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "linux enterprise server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.10"
},
{
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "freetype",
"scope": "eq",
"trust": 0.3,
"vendor": "freetype",
"version": "2.4.5"
},
{
"model": "freetype",
"scope": "eq",
"trust": 0.3,
"vendor": "freetype",
"version": "2.3.11"
},
{
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "hat enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0"
},
{
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1.1"
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.2"
},
{
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.2"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.3"
},
{
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "ipod touch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.3"
},
{
"model": "communication server 1000m signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.8"
},
{
"model": "communication server 1000e signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11.4"
},
{
"model": "hat enterprise linux hpc node optional",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"model": "communication server 1000e",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "freetype",
"scope": "eq",
"trust": 0.3,
"vendor": "freetype",
"version": "2.1.7"
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.5"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.2"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "hat enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"model": "freetype",
"scope": "eq",
"trust": 0.3,
"vendor": "freetype",
"version": "2.4.2"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "linux enterprise server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "freetype",
"scope": "eq",
"trust": 0.3,
"vendor": "freetype",
"version": "2.4"
},
{
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1"
},
{
"model": "linux enterprise server sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.1"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "enterprise linux desktop version",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.1"
},
{
"model": "aura communication manager utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.9"
},
{
"model": "communication server 1000m",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"model": "hat enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1.2"
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "aura application server sip core",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "53002.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.2.1"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.1"
},
{
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "ios beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.4"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"model": "freetype",
"scope": "ne",
"trust": 0.3,
"vendor": "freetype",
"version": "2.4.8"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2011"
},
{
"model": "communication server 1000e signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.5"
},
{
"model": "linux lts lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.1"
},
{
"model": "freetype",
"scope": "eq",
"trust": 0.3,
"vendor": "freetype",
"version": "2.3.4"
},
{
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1"
},
{
"model": "freetype",
"scope": "eq",
"trust": 0.3,
"vendor": "freetype",
"version": "2.0.6"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.2"
},
{
"model": "linux enterprise desktop sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "freetype",
"scope": "eq",
"trust": 0.3,
"vendor": "freetype",
"version": "2.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.7"
},
{
"model": "linux enterprise server for vmware sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "freetype",
"scope": "eq",
"trust": 0.3,
"vendor": "freetype",
"version": "2.1.9"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.2"
},
{
"model": "communication server 1000m",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.5"
},
{
"model": "solaris 10 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.2"
},
{
"model": "communication server 1000m signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "communication server 1000e signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"model": "freetype",
"scope": "eq",
"trust": 0.3,
"vendor": "freetype",
"version": "2.3.5"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0.1"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "freetype",
"scope": "eq",
"trust": 0.3,
"vendor": "freetype",
"version": "2.2"
},
{
"model": "communication server 1000e",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"model": "ipad",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "hat enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "aura conferencing standard",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "freetype",
"scope": "eq",
"trust": 0.3,
"vendor": "freetype",
"version": "2.3.9"
},
{
"model": "communication server 1000m signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.5"
},
{
"model": "hat enterprise linux desktop optional",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "enterprise server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.4"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.2"
},
{
"model": "hat enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.3"
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "aura application server sip core",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "53002.1"
},
{
"model": "communication server 1000e",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.2"
},
{
"model": "hat enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.5"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2"
},
{
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.2.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.6"
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "freetype",
"scope": "eq",
"trust": 0.3,
"vendor": "freetype",
"version": "2.0.9"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.1"
},
{
"model": "freetype",
"scope": "eq",
"trust": 0.3,
"vendor": "freetype",
"version": "2.3.6"
}
],
"sources": [
{
"db": "BID",
"id": "50643"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002837"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-236"
},
{
"db": "NVD",
"id": "CVE-2011-3439"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.0.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:-:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:vmware:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-3439"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "BID",
"id": "50643"
},
{
"db": "PACKETSTORM",
"id": "106986"
}
],
"trust": 0.4
},
"cve": "CVE-2011-3439",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2011-3439",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-51384",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-3439",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201111-236",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-51384",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-51384"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002837"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-236"
},
{
"db": "NVD",
"id": "CVE-2011-3439"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document. Apple iOS is prone to multiple memory corruption vulnerabilities. \nSuccessfully exploiting these issues will allow attackers to execute arbitrary code. Failed exploit attempts may cause denial-of-service conditions. \nThe following Apple systems are vulnerable:\niOS 3.0 through 5.0 for iPhone 3GS, iPhone 4 and iPhone 4S\niOS 3.1 through 5.0 for iPod touch (3rd generation) and later\niOS 3.2 through 5.0 for iPad\niOS 4.3 through 5.0 for iPad 2. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. When accessing a maliciously crafted HTTP or HTTPS URL,\nCFNetwork could navigate to an incorrect server. DigiCert Malaysia has issued certificates with\nweak keys that it is unable to revoke. An attacker with a privileged\nnetwork position could intercept user credentials or other sensitive\ninformation intended for a site with a certificate issued by DigiCert\nMalaysia. This issue is addressed by configuring default system trust\nsettings so that DigiCert Malaysia\u0027s certificates are not trusted. We\nwould like to acknowledge Bruce Morton of Entrust, Inc. for reporting\nthis issue. This issue may lead to a bypass\nof codesigning checks. This issue does not affect devices running\niOS prior to version 4.3. When resolving a maliciously crafted hostname, libinfo could\nreturn an incorrect result. \nCVE-ID\nCVE-2011-3441 : Erling Ellingsen of Facebook, Per Johansson of\nBlocket AB\n\nPasscode Lock\nAvailable for: iOS 4.3 through 5.0 for iPad 2\nImpact: A person with physical access to a locked iPad 2 may be able\nto access some of the user\u0027s data\nDescription: When a Smart Cover is opened while iPad 2 is confirming\npower off in the locked state, the iPad does not request a passcode. \nThis allows some access to the iPad, but data protected by Data\nProtection is inaccessible and apps cannot be launched. \nCVE-ID\nCVE-2011-3440\n\nInstallation note:\n\nThis update is only available through iTunes, and will not appear\nin your computer\u0027s Software Update application, or in the Apple\nDownloads site. Make sure you have an Internet connection and have\ninstalled the latest version of iTunes from www.apple.com/itunes/\n\niTunes will automatically check Apple\u0027s update server on its weekly\nschedule. When an update is detected, it will download it. When\nthe iPhone, iPod touch or iPad is docked, iTunes will present the\nuser with the option to install the update. We recommend applying\nthe update immediately if possible. Selecting Don\u0027t Install will\npresent the option the next time you connect your iPhone, iPod touch,\nor iPad. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes checks for updates. You may manually obtain the\nupdate via the Check for Updates button within iTunes. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 media-libs/freetype \u003c 2.4.8 \u003e= 2.4.8\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in FreeType. Please\nreview the CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll FreeType users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=media-libs/freetype-2.4.8\"\n\nReferences\n==========\n\n[ 1 ] CVE-2010-1797\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1797\n[ 2 ] CVE-2010-2497\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2497\n[ 3 ] CVE-2010-2498\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2498\n[ 4 ] CVE-2010-2499\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2499\n[ 5 ] CVE-2010-2500\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2500\n[ 6 ] CVE-2010-2519\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2519\n[ 7 ] CVE-2010-2520\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2520\n[ 8 ] CVE-2010-2527\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2527\n[ 9 ] CVE-2010-2541\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2541\n[ 10 ] CVE-2010-2805\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2805\n[ 11 ] CVE-2010-2806\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2806\n[ 12 ] CVE-2010-2807\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2807\n[ 13 ] CVE-2010-2808\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2808\n[ 14 ] CVE-2010-3053\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3053\n[ 15 ] CVE-2010-3054\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3054\n[ 16 ] CVE-2010-3311\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3311\n[ 17 ] CVE-2010-3814\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3814\n[ 18 ] CVE-2010-3855\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3855\n[ 19 ] CVE-2011-0226\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0226\n[ 20 ] CVE-2011-3256\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3256\n[ 21 ] CVE-2011-3439\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3439\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201201-09.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: freetype security update\nAdvisory ID: RHSA-2011:1455-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2011-1455.html\nIssue date: 2011-11-16\nCVE Names: CVE-2011-3439 \n=====================================================================\n\n1. Summary:\n\nUpdated freetype packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4, 5, and 6. \n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from the\nCVE link in the References section. \n\n2. Relevant releases/architectures:\n\nRHEL Desktop Workstation (v. 5 client) - i386, x86_64\nRed Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64\nRed Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64\nRed Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop version 4 - i386, x86_64\nRed Hat Enterprise Linux ES version 4 - i386, ia64, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux WS version 4 - i386, ia64, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\n\n3. Description:\n\nFreeType is a free, high-quality, portable font engine that can open and\nmanage font files. It also loads, hints, and renders individual glyphs\nefficiently. The freetype packages for Red Hat Enterprise Linux 4 provide\nboth the FreeType 1 and FreeType 2 font engines. The freetype packages for\nRed Hat Enterprise Linux 5 and 6 provide only the FreeType 2 font engine. \n\nMultiple input validation flaws were found in the way FreeType processed\nCID-keyed fonts. (CVE-2011-3439)\n\nNote: These issues only affected the FreeType 2 font engine. \n\nUsers are advised to upgrade to these updated packages, which contain a\nbackported patch to correct these issues. The X server must be restarted\n(log out, then log back in) for this update to take effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n753799 - CVE-2011-3439 freetype: Multiple security flaws when loading CID-keyed Type 1 fonts\n\n6. Package List:\n\nRed Hat Enterprise Linux AS version 4:\n\nSource:\nftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/freetype-2.1.9-21.el4.src.rpm\n\ni386:\nfreetype-2.1.9-21.el4.i386.rpm\nfreetype-debuginfo-2.1.9-21.el4.i386.rpm\nfreetype-demos-2.1.9-21.el4.i386.rpm\nfreetype-devel-2.1.9-21.el4.i386.rpm\nfreetype-utils-2.1.9-21.el4.i386.rpm\n\nia64:\nfreetype-2.1.9-21.el4.i386.rpm\nfreetype-2.1.9-21.el4.ia64.rpm\nfreetype-debuginfo-2.1.9-21.el4.i386.rpm\nfreetype-debuginfo-2.1.9-21.el4.ia64.rpm\nfreetype-demos-2.1.9-21.el4.ia64.rpm\nfreetype-devel-2.1.9-21.el4.ia64.rpm\nfreetype-utils-2.1.9-21.el4.ia64.rpm\n\nppc:\nfreetype-2.1.9-21.el4.ppc.rpm\nfreetype-2.1.9-21.el4.ppc64.rpm\nfreetype-debuginfo-2.1.9-21.el4.ppc.rpm\nfreetype-debuginfo-2.1.9-21.el4.ppc64.rpm\nfreetype-demos-2.1.9-21.el4.ppc.rpm\nfreetype-devel-2.1.9-21.el4.ppc.rpm\nfreetype-utils-2.1.9-21.el4.ppc.rpm\n\ns390:\nfreetype-2.1.9-21.el4.s390.rpm\nfreetype-debuginfo-2.1.9-21.el4.s390.rpm\nfreetype-demos-2.1.9-21.el4.s390.rpm\nfreetype-devel-2.1.9-21.el4.s390.rpm\nfreetype-utils-2.1.9-21.el4.s390.rpm\n\ns390x:\nfreetype-2.1.9-21.el4.s390.rpm\nfreetype-2.1.9-21.el4.s390x.rpm\nfreetype-debuginfo-2.1.9-21.el4.s390.rpm\nfreetype-debuginfo-2.1.9-21.el4.s390x.rpm\nfreetype-demos-2.1.9-21.el4.s390x.rpm\nfreetype-devel-2.1.9-21.el4.s390x.rpm\nfreetype-utils-2.1.9-21.el4.s390x.rpm\n\nx86_64:\nfreetype-2.1.9-21.el4.i386.rpm\nfreetype-2.1.9-21.el4.x86_64.rpm\nfreetype-debuginfo-2.1.9-21.el4.i386.rpm\nfreetype-debuginfo-2.1.9-21.el4.x86_64.rpm\nfreetype-demos-2.1.9-21.el4.x86_64.rpm\nfreetype-devel-2.1.9-21.el4.x86_64.rpm\nfreetype-utils-2.1.9-21.el4.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop version 4:\n\nSource:\nftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/freetype-2.1.9-21.el4.src.rpm\n\ni386:\nfreetype-2.1.9-21.el4.i386.rpm\nfreetype-debuginfo-2.1.9-21.el4.i386.rpm\nfreetype-demos-2.1.9-21.el4.i386.rpm\nfreetype-devel-2.1.9-21.el4.i386.rpm\nfreetype-utils-2.1.9-21.el4.i386.rpm\n\nx86_64:\nfreetype-2.1.9-21.el4.i386.rpm\nfreetype-2.1.9-21.el4.x86_64.rpm\nfreetype-debuginfo-2.1.9-21.el4.i386.rpm\nfreetype-debuginfo-2.1.9-21.el4.x86_64.rpm\nfreetype-demos-2.1.9-21.el4.x86_64.rpm\nfreetype-devel-2.1.9-21.el4.x86_64.rpm\nfreetype-utils-2.1.9-21.el4.x86_64.rpm\n\nRed Hat Enterprise Linux ES version 4:\n\nSource:\nftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/freetype-2.1.9-21.el4.src.rpm\n\ni386:\nfreetype-2.1.9-21.el4.i386.rpm\nfreetype-debuginfo-2.1.9-21.el4.i386.rpm\nfreetype-demos-2.1.9-21.el4.i386.rpm\nfreetype-devel-2.1.9-21.el4.i386.rpm\nfreetype-utils-2.1.9-21.el4.i386.rpm\n\nia64:\nfreetype-2.1.9-21.el4.i386.rpm\nfreetype-2.1.9-21.el4.ia64.rpm\nfreetype-debuginfo-2.1.9-21.el4.i386.rpm\nfreetype-debuginfo-2.1.9-21.el4.ia64.rpm\nfreetype-demos-2.1.9-21.el4.ia64.rpm\nfreetype-devel-2.1.9-21.el4.ia64.rpm\nfreetype-utils-2.1.9-21.el4.ia64.rpm\n\nx86_64:\nfreetype-2.1.9-21.el4.i386.rpm\nfreetype-2.1.9-21.el4.x86_64.rpm\nfreetype-debuginfo-2.1.9-21.el4.i386.rpm\nfreetype-debuginfo-2.1.9-21.el4.x86_64.rpm\nfreetype-demos-2.1.9-21.el4.x86_64.rpm\nfreetype-devel-2.1.9-21.el4.x86_64.rpm\nfreetype-utils-2.1.9-21.el4.x86_64.rpm\n\nRed Hat Enterprise Linux WS version 4:\n\nSource:\nftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/freetype-2.1.9-21.el4.src.rpm\n\ni386:\nfreetype-2.1.9-21.el4.i386.rpm\nfreetype-debuginfo-2.1.9-21.el4.i386.rpm\nfreetype-demos-2.1.9-21.el4.i386.rpm\nfreetype-devel-2.1.9-21.el4.i386.rpm\nfreetype-utils-2.1.9-21.el4.i386.rpm\n\nia64:\nfreetype-2.1.9-21.el4.i386.rpm\nfreetype-2.1.9-21.el4.ia64.rpm\nfreetype-debuginfo-2.1.9-21.el4.i386.rpm\nfreetype-debuginfo-2.1.9-21.el4.ia64.rpm\nfreetype-demos-2.1.9-21.el4.ia64.rpm\nfreetype-devel-2.1.9-21.el4.ia64.rpm\nfreetype-utils-2.1.9-21.el4.ia64.rpm\n\nx86_64:\nfreetype-2.1.9-21.el4.i386.rpm\nfreetype-2.1.9-21.el4.x86_64.rpm\nfreetype-debuginfo-2.1.9-21.el4.i386.rpm\nfreetype-debuginfo-2.1.9-21.el4.x86_64.rpm\nfreetype-demos-2.1.9-21.el4.x86_64.rpm\nfreetype-devel-2.1.9-21.el4.x86_64.rpm\nfreetype-utils-2.1.9-21.el4.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop (v. 5 client):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/freetype-2.2.1-28.el5_7.2.src.rpm\n\ni386:\nfreetype-2.2.1-28.el5_7.2.i386.rpm\nfreetype-debuginfo-2.2.1-28.el5_7.2.i386.rpm\n\nx86_64:\nfreetype-2.2.1-28.el5_7.2.i386.rpm\nfreetype-2.2.1-28.el5_7.2.x86_64.rpm\nfreetype-debuginfo-2.2.1-28.el5_7.2.i386.rpm\nfreetype-debuginfo-2.2.1-28.el5_7.2.x86_64.rpm\n\nRHEL Desktop Workstation (v. 5 client):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/freetype-2.2.1-28.el5_7.2.src.rpm\n\ni386:\nfreetype-debuginfo-2.2.1-28.el5_7.2.i386.rpm\nfreetype-demos-2.2.1-28.el5_7.2.i386.rpm\nfreetype-devel-2.2.1-28.el5_7.2.i386.rpm\n\nx86_64:\nfreetype-debuginfo-2.2.1-28.el5_7.2.i386.rpm\nfreetype-debuginfo-2.2.1-28.el5_7.2.x86_64.rpm\nfreetype-demos-2.2.1-28.el5_7.2.x86_64.rpm\nfreetype-devel-2.2.1-28.el5_7.2.i386.rpm\nfreetype-devel-2.2.1-28.el5_7.2.x86_64.rpm\n\nRed Hat Enterprise Linux (v. 5 server):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/freetype-2.2.1-28.el5_7.2.src.rpm\n\ni386:\nfreetype-2.2.1-28.el5_7.2.i386.rpm\nfreetype-debuginfo-2.2.1-28.el5_7.2.i386.rpm\nfreetype-demos-2.2.1-28.el5_7.2.i386.rpm\nfreetype-devel-2.2.1-28.el5_7.2.i386.rpm\n\nia64:\nfreetype-2.2.1-28.el5_7.2.i386.rpm\nfreetype-2.2.1-28.el5_7.2.ia64.rpm\nfreetype-debuginfo-2.2.1-28.el5_7.2.i386.rpm\nfreetype-debuginfo-2.2.1-28.el5_7.2.ia64.rpm\nfreetype-demos-2.2.1-28.el5_7.2.ia64.rpm\nfreetype-devel-2.2.1-28.el5_7.2.ia64.rpm\n\nppc:\nfreetype-2.2.1-28.el5_7.2.ppc.rpm\nfreetype-2.2.1-28.el5_7.2.ppc64.rpm\nfreetype-debuginfo-2.2.1-28.el5_7.2.ppc.rpm\nfreetype-debuginfo-2.2.1-28.el5_7.2.ppc64.rpm\nfreetype-demos-2.2.1-28.el5_7.2.ppc.rpm\nfreetype-devel-2.2.1-28.el5_7.2.ppc.rpm\nfreetype-devel-2.2.1-28.el5_7.2.ppc64.rpm\n\ns390x:\nfreetype-2.2.1-28.el5_7.2.s390.rpm\nfreetype-2.2.1-28.el5_7.2.s390x.rpm\nfreetype-debuginfo-2.2.1-28.el5_7.2.s390.rpm\nfreetype-debuginfo-2.2.1-28.el5_7.2.s390x.rpm\nfreetype-demos-2.2.1-28.el5_7.2.s390x.rpm\nfreetype-devel-2.2.1-28.el5_7.2.s390.rpm\nfreetype-devel-2.2.1-28.el5_7.2.s390x.rpm\n\nx86_64:\nfreetype-2.2.1-28.el5_7.2.i386.rpm\nfreetype-2.2.1-28.el5_7.2.x86_64.rpm\nfreetype-debuginfo-2.2.1-28.el5_7.2.i386.rpm\nfreetype-debuginfo-2.2.1-28.el5_7.2.x86_64.rpm\nfreetype-demos-2.2.1-28.el5_7.2.x86_64.rpm\nfreetype-devel-2.2.1-28.el5_7.2.i386.rpm\nfreetype-devel-2.2.1-28.el5_7.2.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/freetype-2.3.11-6.el6_1.8.src.rpm\n\ni386:\nfreetype-2.3.11-6.el6_1.8.i686.rpm\nfreetype-debuginfo-2.3.11-6.el6_1.8.i686.rpm\n\nx86_64:\nfreetype-2.3.11-6.el6_1.8.i686.rpm\nfreetype-2.3.11-6.el6_1.8.x86_64.rpm\nfreetype-debuginfo-2.3.11-6.el6_1.8.i686.rpm\nfreetype-debuginfo-2.3.11-6.el6_1.8.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/freetype-2.3.11-6.el6_1.8.src.rpm\n\ni386:\nfreetype-debuginfo-2.3.11-6.el6_1.8.i686.rpm\nfreetype-demos-2.3.11-6.el6_1.8.i686.rpm\nfreetype-devel-2.3.11-6.el6_1.8.i686.rpm\n\nx86_64:\nfreetype-debuginfo-2.3.11-6.el6_1.8.i686.rpm\nfreetype-debuginfo-2.3.11-6.el6_1.8.x86_64.rpm\nfreetype-demos-2.3.11-6.el6_1.8.x86_64.rpm\nfreetype-devel-2.3.11-6.el6_1.8.i686.rpm\nfreetype-devel-2.3.11-6.el6_1.8.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/freetype-2.3.11-6.el6_1.8.src.rpm\n\nx86_64:\nfreetype-2.3.11-6.el6_1.8.i686.rpm\nfreetype-2.3.11-6.el6_1.8.x86_64.rpm\nfreetype-debuginfo-2.3.11-6.el6_1.8.i686.rpm\nfreetype-debuginfo-2.3.11-6.el6_1.8.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/freetype-2.3.11-6.el6_1.8.src.rpm\n\nx86_64:\nfreetype-debuginfo-2.3.11-6.el6_1.8.i686.rpm\nfreetype-debuginfo-2.3.11-6.el6_1.8.x86_64.rpm\nfreetype-demos-2.3.11-6.el6_1.8.x86_64.rpm\nfreetype-devel-2.3.11-6.el6_1.8.i686.rpm\nfreetype-devel-2.3.11-6.el6_1.8.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/freetype-2.3.11-6.el6_1.8.src.rpm\n\ni386:\nfreetype-2.3.11-6.el6_1.8.i686.rpm\nfreetype-debuginfo-2.3.11-6.el6_1.8.i686.rpm\nfreetype-devel-2.3.11-6.el6_1.8.i686.rpm\n\nppc64:\nfreetype-2.3.11-6.el6_1.8.ppc.rpm\nfreetype-2.3.11-6.el6_1.8.ppc64.rpm\nfreetype-debuginfo-2.3.11-6.el6_1.8.ppc.rpm\nfreetype-debuginfo-2.3.11-6.el6_1.8.ppc64.rpm\nfreetype-devel-2.3.11-6.el6_1.8.ppc.rpm\nfreetype-devel-2.3.11-6.el6_1.8.ppc64.rpm\n\ns390x:\nfreetype-2.3.11-6.el6_1.8.s390.rpm\nfreetype-2.3.11-6.el6_1.8.s390x.rpm\nfreetype-debuginfo-2.3.11-6.el6_1.8.s390.rpm\nfreetype-debuginfo-2.3.11-6.el6_1.8.s390x.rpm\nfreetype-devel-2.3.11-6.el6_1.8.s390.rpm\nfreetype-devel-2.3.11-6.el6_1.8.s390x.rpm\n\nx86_64:\nfreetype-2.3.11-6.el6_1.8.i686.rpm\nfreetype-2.3.11-6.el6_1.8.x86_64.rpm\nfreetype-debuginfo-2.3.11-6.el6_1.8.i686.rpm\nfreetype-debuginfo-2.3.11-6.el6_1.8.x86_64.rpm\nfreetype-devel-2.3.11-6.el6_1.8.i686.rpm\nfreetype-devel-2.3.11-6.el6_1.8.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/freetype-2.3.11-6.el6_1.8.src.rpm\n\ni386:\nfreetype-debuginfo-2.3.11-6.el6_1.8.i686.rpm\nfreetype-demos-2.3.11-6.el6_1.8.i686.rpm\n\nppc64:\nfreetype-debuginfo-2.3.11-6.el6_1.8.ppc64.rpm\nfreetype-demos-2.3.11-6.el6_1.8.ppc64.rpm\n\ns390x:\nfreetype-debuginfo-2.3.11-6.el6_1.8.s390x.rpm\nfreetype-demos-2.3.11-6.el6_1.8.s390x.rpm\n\nx86_64:\nfreetype-debuginfo-2.3.11-6.el6_1.8.x86_64.rpm\nfreetype-demos-2.3.11-6.el6_1.8.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/freetype-2.3.11-6.el6_1.8.src.rpm\n\ni386:\nfreetype-2.3.11-6.el6_1.8.i686.rpm\nfreetype-debuginfo-2.3.11-6.el6_1.8.i686.rpm\nfreetype-devel-2.3.11-6.el6_1.8.i686.rpm\n\nx86_64:\nfreetype-2.3.11-6.el6_1.8.i686.rpm\nfreetype-2.3.11-6.el6_1.8.x86_64.rpm\nfreetype-debuginfo-2.3.11-6.el6_1.8.i686.rpm\nfreetype-debuginfo-2.3.11-6.el6_1.8.x86_64.rpm\nfreetype-devel-2.3.11-6.el6_1.8.i686.rpm\nfreetype-devel-2.3.11-6.el6_1.8.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/freetype-2.3.11-6.el6_1.8.src.rpm\n\ni386:\nfreetype-debuginfo-2.3.11-6.el6_1.8.i686.rpm\nfreetype-demos-2.3.11-6.el6_1.8.i686.rpm\n\nx86_64:\nfreetype-debuginfo-2.3.11-6.el6_1.8.x86_64.rpm\nfreetype-demos-2.3.11-6.el6_1.8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and \ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2011-3439.html\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2011 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFOxELiXlSAg2UNWIIRAmg3AJ97Gr0i8TaFnRSHpygUtgufIIvBsgCfQ/lt\n9X4xr8MjwZa5fRg3cRkFSu4=\n=DgiA\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. \n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 2.3.7-2+lenny8. \n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.4.2-2.1+squeeze3. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.4.8-1. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. ==========================================================================\nUbuntu Security Notice USN-1267-1\nNovember 18, 2011\n\nfreetype vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 11.10\n- Ubuntu 11.04\n- Ubuntu 10.10\n- Ubuntu 10.04 LTS\n- Ubuntu 8.04 LTS\n\nSummary:\n\nFreeType could be made to crash or run programs as your login if it\nopened a specially crafted font file. (CVE-2011-3439)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 11.10:\n libfreetype6 2.4.4-2ubuntu1.1\n\nUbuntu 11.04:\n libfreetype6 2.4.4-1ubuntu2.2\n\nUbuntu 10.10:\n libfreetype6 2.4.2-2ubuntu0.3\n\nUbuntu 10.04 LTS:\n libfreetype6 2.3.11-1ubuntu2.5\n\nUbuntu 8.04 LTS:\n libfreetype6 2.3.5-1ubuntu4.8.04.7\n\nAfter a standard system update you need to restart your session to make\nall the necessary changes",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-3439"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002837"
},
{
"db": "BID",
"id": "50643"
},
{
"db": "VULHUB",
"id": "VHN-51384"
},
{
"db": "PACKETSTORM",
"id": "106986"
},
{
"db": "PACKETSTORM",
"id": "109005"
},
{
"db": "PACKETSTORM",
"id": "109368"
},
{
"db": "PACKETSTORM",
"id": "107049"
},
{
"db": "PACKETSTORM",
"id": "107200"
},
{
"db": "PACKETSTORM",
"id": "107171"
},
{
"db": "PACKETSTORM",
"id": "107115"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-3439",
"trust": 3.5
},
{
"db": "SECUNIA",
"id": "46921",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "48951",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002837",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201111-236",
"trust": 0.7
},
{
"db": "BID",
"id": "50643",
"trust": 0.4
},
{
"db": "PACKETSTORM",
"id": "107200",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "107049",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "107171",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-51384",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "106986",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "109005",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "109368",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "107115",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-51384"
},
{
"db": "BID",
"id": "50643"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002837"
},
{
"db": "PACKETSTORM",
"id": "106986"
},
{
"db": "PACKETSTORM",
"id": "109005"
},
{
"db": "PACKETSTORM",
"id": "109368"
},
{
"db": "PACKETSTORM",
"id": "107049"
},
{
"db": "PACKETSTORM",
"id": "107200"
},
{
"db": "PACKETSTORM",
"id": "107171"
},
{
"db": "PACKETSTORM",
"id": "107115"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-236"
},
{
"db": "NVD",
"id": "CVE-2011-3439"
}
]
},
"id": "VAR-201111-0222",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-51384"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T21:45:03.152000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT5052",
"trust": 0.8,
"url": "http://support.apple.com/kb/ht5052"
},
{
"title": "CVE-2011-3439 Denial of Service (DoS) vulnerability in FreeType",
"trust": 0.8,
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2011_3439_denial_of"
},
{
"title": "Apple iOS \u2018CoreGraphics\u2019 Fixes for arbitrary code execution vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=98683"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002837"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-236"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "CWE-119",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-51384"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002837"
},
{
"db": "NVD",
"id": "CVE-2011-3439"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2011/nov/msg00001.html"
},
{
"trust": 1.7,
"url": "http://support.apple.com/kb/ht5052"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/46921"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/48951"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00008.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00003.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00012.html"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3439"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu988283"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3439"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3439"
},
{
"trust": 0.3,
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2011_3439_denial_of"
},
{
"trust": 0.3,
"url": "http://sourceforge.net/projects/freetype/files/freetype2/2.4.8/readme/view"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100154005"
},
{
"trust": 0.3,
"url": "http://www.apple.com/iphone/softwareupdate/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/ipad/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/iphone/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/ipodtouch/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3256"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3439.html"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/kb/docs/doc-11259"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/#package"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "http://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "http://secunia.com/"
},
{
"trust": 0.2,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3441"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3246"
},
{
"trust": 0.1,
"url": "https://www.apple.com/itunes/"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "http://support.apple.com/kb/ht1222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3442"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2807"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2520"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0226"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2498"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2805"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3311"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2541"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3439"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2527"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0226"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3814"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3311"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2519"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3054"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2520"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2500"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2497"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2519"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2499"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2498"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2527"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2806"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201201-09.xml"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3054"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1797"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3053"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2497"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2806"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3855"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3855"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2500"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2541"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3256"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3053"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2499"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2805"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2808"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3814"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1797"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2808"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2807"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3256.html"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2012-0094.html"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2011-1455.html"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/advisories"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-1267-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/freetype/2.4.2-2ubuntu0.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/freetype/2.3.5-1ubuntu4.8.04.7"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/freetype/2.3.11-1ubuntu2.5"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/freetype/2.4.4-2ubuntu1.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/freetype/2.4.4-1ubuntu2.2"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-51384"
},
{
"db": "BID",
"id": "50643"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002837"
},
{
"db": "PACKETSTORM",
"id": "106986"
},
{
"db": "PACKETSTORM",
"id": "109005"
},
{
"db": "PACKETSTORM",
"id": "109368"
},
{
"db": "PACKETSTORM",
"id": "107049"
},
{
"db": "PACKETSTORM",
"id": "107200"
},
{
"db": "PACKETSTORM",
"id": "107171"
},
{
"db": "PACKETSTORM",
"id": "107115"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-236"
},
{
"db": "NVD",
"id": "CVE-2011-3439"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-51384"
},
{
"db": "BID",
"id": "50643"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002837"
},
{
"db": "PACKETSTORM",
"id": "106986"
},
{
"db": "PACKETSTORM",
"id": "109005"
},
{
"db": "PACKETSTORM",
"id": "109368"
},
{
"db": "PACKETSTORM",
"id": "107049"
},
{
"db": "PACKETSTORM",
"id": "107200"
},
{
"db": "PACKETSTORM",
"id": "107171"
},
{
"db": "PACKETSTORM",
"id": "107115"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-236"
},
{
"db": "NVD",
"id": "CVE-2011-3439"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-11-11T00:00:00",
"db": "VULHUB",
"id": "VHN-51384"
},
{
"date": "2011-11-10T00:00:00",
"db": "BID",
"id": "50643"
},
{
"date": "2011-11-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002837"
},
{
"date": "2011-11-15T05:08:20",
"db": "PACKETSTORM",
"id": "106986"
},
{
"date": "2012-01-24T04:19:22",
"db": "PACKETSTORM",
"id": "109005"
},
{
"date": "2012-02-03T00:18:48",
"db": "PACKETSTORM",
"id": "109368"
},
{
"date": "2011-11-17T02:27:33",
"db": "PACKETSTORM",
"id": "107049"
},
{
"date": "2011-11-22T01:13:45",
"db": "PACKETSTORM",
"id": "107200"
},
{
"date": "2011-11-21T01:26:46",
"db": "PACKETSTORM",
"id": "107171"
},
{
"date": "2011-11-18T16:44:18",
"db": "PACKETSTORM",
"id": "107115"
},
{
"date": "2011-11-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201111-236"
},
{
"date": "2011-11-11T18:55:01.193000",
"db": "NVD",
"id": "CVE-2011-3439"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-26T00:00:00",
"db": "VULHUB",
"id": "VHN-51384"
},
{
"date": "2015-04-13T21:19:00",
"db": "BID",
"id": "50643"
},
{
"date": "2012-04-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002837"
},
{
"date": "2021-06-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201111-236"
},
{
"date": "2021-06-22T14:37:34.237000",
"db": "NVD",
"id": "CVE-2011-3439"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "109005"
},
{
"db": "PACKETSTORM",
"id": "107200"
},
{
"db": "PACKETSTORM",
"id": "107115"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-236"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple iOS of FreeType Vulnerabilities in arbitrary code execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002837"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "arbitrary",
"sources": [
{
"db": "PACKETSTORM",
"id": "109005"
},
{
"db": "PACKETSTORM",
"id": "109368"
},
{
"db": "PACKETSTORM",
"id": "107049"
},
{
"db": "PACKETSTORM",
"id": "107200"
},
{
"db": "PACKETSTORM",
"id": "107171"
},
{
"db": "PACKETSTORM",
"id": "107115"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.