Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2012-220.NASL
HistoryJun 13, 2014 - 12:00 a.m.

openSUSE Security Update : freetype2 (openSUSE-SU-2012:0489-1)

2014-06-1300:00:00
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
16

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.244 Low

EPSS

Percentile

96.6%

JSON

Specially crafted font files could cause buffer overflows in freetype

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2012-220.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(74597);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2012-1126", "CVE-2012-1127", "CVE-2012-1128", "CVE-2012-1129", "CVE-2012-1130", "CVE-2012-1131", "CVE-2012-1132", "CVE-2012-1133", "CVE-2012-1134", "CVE-2012-1135", "CVE-2012-1136", "CVE-2012-1137", "CVE-2012-1138", "CVE-2012-1139", "CVE-2012-1140", "CVE-2012-1141", "CVE-2012-1142", "CVE-2012-1143", "CVE-2012-1144");

  script_name(english:"openSUSE Security Update : freetype2 (openSUSE-SU-2012:0489-1)");
  script_summary(english:"Check for the openSUSE-2012-220 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:"Specially crafted font files could cause buffer overflows in freetype"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.opensuse.org/opensuse-updates/2012-04/msg00029.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected freetype2 packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:freetype2-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:freetype2-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:freetype2-devel-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreetype6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreetype6-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreetype6-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreetype6-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.1");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/04/25");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/03/29");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE12\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE12.1", reference:"freetype2-debugsource-2.4.7-6.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"freetype2-devel-2.4.7-6.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"libfreetype6-2.4.7-6.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"libfreetype6-debuginfo-2.4.7-6.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"freetype2-devel-32bit-2.4.7-6.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"libfreetype6-32bit-2.4.7-6.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"libfreetype6-debuginfo-32bit-2.4.7-6.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "freetype2-debugsource / freetype2-devel / freetype2-devel-32bit / etc");
}
VendorProductVersionCPE
novellopensusefreetype2-devel-32bitp-cpe:/a:novell:opensuse:freetype2-devel-32bit
novellopensuselibfreetype6p-cpe:/a:novell:opensuse:libfreetype6
novellopensuselibfreetype6-32bitp-cpe:/a:novell:opensuse:libfreetype6-32bit
novellopensuselibfreetype6-debuginfop-cpe:/a:novell:opensuse:libfreetype6-debuginfo
novellopensusefreetype2-debugsourcep-cpe:/a:novell:opensuse:freetype2-debugsource
novellopensusefreetype2-develp-cpe:/a:novell:opensuse:freetype2-devel
novellopensuselibfreetype6-debuginfo-32bitp-cpe:/a:novell:opensuse:libfreetype6-debuginfo-32bit
novellopensuse12.1cpe:/o:novell:opensuse:12.1

References

Related

nessus 16
openvas 29
mozilla 1
gentoo 1
suse 6
ubuntu 1
redhat 1
freebsd 2
oraclelinux 1
centos 1
securityvulns 5
debian 1
slackware 1
amazon 1
nvd 19
ubuntucve 19
prion 19
veracode 14
cve 19
cvelist 19
debiancve 19
nessus
nessus
GLSA-201204-04 : FreeType: Multiple vulnerabilities
2012-06-21 00:00:00
Oracle Solaris Third-Party Patch Update : freetype (multiple_denial_of_service_dos1)
2015-01-19 00:00:00
SuSE 10 Security Update : freetype2 (ZYPP Patch Number 8039)
2012-04-12 00:00:00
openvas
openvas
FreeBSD Ports: freetype2
2012-04-30 00:00:00
Gentoo Security Advisory GLSA 201204-04 (FreeType)
2012-04-30 00:00:00
SuSE Update for freetype2 openSUSE-SU-2012:0489-1 (freetype2)
2012-12-13 00:00:00
mozilla
mozilla
Multiple security flaws fixed in FreeType v2.4.9 — Mozilla
2012-04-24 00:00:00
gentoo
gentoo
FreeType: Multiple vulnerabilities
2012-04-17 00:00:00
suse
suse
Security update for freetype2 (important)
2012-04-11 21:08:19
freetype2 update (important)
2012-04-12 10:09:06
Security update for freetype2 (important)
2012-04-18 18:08:39
ubuntu
ubuntu
FreeType vulnerabilities
2012-03-23 00:00:00
redhat
redhat
(RHSA-2012:0467) Important: freetype security update
2012-04-10 00:00:00
freebsd
freebsd
freetype -- multiple vulnerabilities
2012-03-08 00:00:00
mozilla -- multiple vulnerabilities
2012-04-24 00:00:00
oraclelinux
oraclelinux
freetype security update
2012-04-10 00:00:00
centos
centos
freetype security update
2012-04-10 21:09:43
securityvulns
securityvulns
FreeType multiple security vulnerabilitiles
2012-03-09 00:00:00
[SECURITY] [DSA 2428-1] freetype security update
2012-03-09 00:00:00
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2012-05-09 00:00:00
debian
debian
[SECURITY] [DSA 2428-1] freetype security update
2012-03-08 20:48:00
slackware
slackware
[slackware-security] freetype
2012-06-25 15:27:37
amazon
amazon
Important: freetype
2012-04-30 14:46:00
nvd
nvd
CVE-2012-1136
2012-04-25 10:10:18
CVE-2012-1135
2012-04-25 10:10:18
CVE-2012-1134
2012-04-25 10:10:18
ubuntucve
ubuntucve
CVE-2012-1142
2012-03-07 00:00:00
CVE-2012-1136
2012-03-07 00:00:00
CVE-2012-1131
2012-03-07 00:00:00
prion
prion
Memory corruption
2012-04-25 10:10:00
Memory corruption
2012-04-25 10:10:00
Memory corruption
2012-04-25 10:10:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 01:09:33
Denial Of Service (DoS)
2020-04-10 01:09:35
Arbitrary Code Execution
2020-04-10 01:09:33
cve
cve
CVE-2012-1141
2012-04-25 10:10:18
CVE-2012-1132
2012-04-25 10:10:18
CVE-2012-1143
2012-04-25 10:10:18
cvelist
cvelist
CVE-2012-1132
2012-04-25 10:00:00
CVE-2012-1131
2012-04-25 10:00:00
CVE-2012-1138
2012-04-25 10:00:00
debiancve
debiancve
CVE-2012-1134
2012-04-25 10:10:18
CVE-2012-1136
2012-04-25 10:10:18
CVE-2012-1133
2012-04-25 10:10:18

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.244 Low

EPSS

Percentile

96.6%

JSON
Related for OPENSUSE-2012-220.NASL
nessus16openvas29mozilla1gentoo1suse6ubuntu1redhat1freebsd2oraclelinux1centos1securityvulns5debian1slackware1amazon1nvd19ubuntucve19prion19veracode14cve19cvelist19debiancve19