Debian Security Advisory DSA 1390-1 (t1lib) Network Vulnerability

Summary

The remote host is missing an update to t1lib announced via advisory DSA 1390-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201390-1

Insight

Hamid Ebadi has discovered a buffer overflow the intT1_Env_GetCompletePath routine in t1lib, a Type 1 font rasterizer library. This flaw could allow an attacker to crash and application using the t1lib shared libraries, and potentially execute arbitrary code within such an application's security context. For the stable distribution (etch), this problem has been fixed in version 5.1.0-2etch1 For the old stable distribution (sarge), this problem has been fixed in version 5.0.2-3sarge1 We recommend that you upgrade your t1lib package.

Severity

Classification

CVE CVE-2007-4033
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Debian Security Advisory DSA 1015-1 (sendmail)
Debian Security Advisory DSA 018-1 (tinyproxy)
Debian Security Advisory DSA 100-1 (gzip)
Debian Security Advisory DSA 1052-1 (cgiirc)
Debian Security Advisory DSA 076-1 (most)

Take action and discover your vulnerabilities