Vulnerabilità: CVE-2006-3467

Integer overflow in FreeType prima 2.2 consente agli aggressori remoti di causare un denial of service (crash) ed eventualmente eseguire codice arbitrario attraverso un file PCF artigianale, come dimostrato dal file di test della Red Hat bad1.pcf, a causa di una correzione parziale di CVE-2006 -1861.


http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
http://www.securityfocus.com/archive/1/444318/100/0/threaded
http://www.securityfocus.com/archive/1/451419/100/200/threaded
http://www.securityfocus.com/archive/1/451404/100/0/threaded
http://www.securityfocus.com/archive/1/451417/100/200/threaded
http://www.securityfocus.com/archive/1/451426/100/200/threaded
http://support.apple.com/kb/HT3438
http://support.avaya.com/elmodocs2/security/ASA-2006-176.htm
http://support.avaya.com/elmodocs2/security/ASA-2006-186.htm
http://support.avaya.com/elmodocs2/security/ASA-2006-284.htm
http://www.vmware.com/download/esx/esx-202-200610-patch.html
http://www.vmware.com/download/esx/esx-213-200610-patch.html
http://www.vmware.com/download/esx/esx-254-200610-patch.html
http://www.debian.org/security/2006/dsa-1178
http://www.debian.org/security/2006/dsa-1193
http://security.gentoo.org/glsa/glsa-200609-04.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:129
http://www.mandriva.com/security/advisories?name=MDKSA-2006:148
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190593
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10673
http://www.redhat.com/support/errata/RHSA-2006-0500.html
http://www.redhat.com/support/errata/RHSA-2006-0634.html
http://www.redhat.com/support/errata/RHSA-2006-0635.html
http://securitytracker.com/id?1016522
http://secunia.com/advisories/21062
http://secunia.com/advisories/21135
http://secunia.com/advisories/21144
http://secunia.com/advisories/21232
http://secunia.com/advisories/21285
http://secunia.com/advisories/21566
http://secunia.com/advisories/21567
http://secunia.com/advisories/21606
http://secunia.com/advisories/21626
http://secunia.com/advisories/21701
http://secunia.com/advisories/21793
http://secunia.com/advisories/21798
http://secunia.com/advisories/21836
http://secunia.com/advisories/22027
http://secunia.com/advisories/22332
http://secunia.com/advisories/22875
http://secunia.com/advisories/22907
http://secunia.com/advisories/23400
http://secunia.com/advisories/23939
http://secunia.com/advisories/27271
http://secunia.com/advisories/33937
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102705-1
http://lists.suse.com/archive/suse-security-announce/2006-Aug/0002.html
http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html
http://www.trustix.org/errata/2006/0052/
http://www.ubuntu.com/usn/usn-324-1
http://www.ubuntu.com/usn/usn-341-1
http://www.vupen.com/english/advisories/2006/4502
http://www.vupen.com/english/advisories/2006/4522
http://www.vupen.com/english/advisories/2007/0381
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3467


E' possibile lasciare un commento come utenti registrati al sito, accedendo tramite social, account wordpress oppure come utenti anonimi. Nel caso in cui si desideri lasciare un commento come utenti anonimi si verrà avvisati via email di un'eventuale risposta solo se si inserisce l'indirizzo email (facoltativo). L'inserimento di qualsiasi dato nei campi dei commenti è totalmente facoltativo. Chiunque decida di inserire un qualsiasi dato accetta il trattamento di questi ultimi per i fini inerenti al servizio ovvero la risposta al commento e le comunicazioni strettamente necessarie.


Rispondi