Vulnerability CVE-2007-1351 - CERT Civis.Net

Vulnerability Name:

CVE-2007-1351 (CCN-33417)

Assigned:

2007-04-03

Published:

2007-04-03

Updated:

2018-10-16

Summary:

Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.

CVSS v3 Severity:

8.1 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

8.5 High (CVSS v2 Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C)
6.3 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

6.2 Medium (CCN CVSS v2 Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C)
4.6 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Gain Privileges

References:

Source: MITRE
Type: CNA
CVE-2007-1351

Source: MITRE
Type: CNA
CVE-2007-3408

Source: CCN
Type: Apple Web site
About the security content of Safari 3 Beta Update 3.0.4

Source: CONFIRM
Type: UNKNOWN
http://issues.foresightlinux.org/browse/FL-223

Source: IDEFENSE
Type: Patch
20070403 Multiple Vendor X Server BDF Font Parsing Integer Overflow Vulnerability

Source: APPLE
Type: UNKNOWN
APPLE-SA-2007-11-14

Source: APPLE
Type: UNKNOWN
APPLE-SA-2009-02-12

Source: MLIST
Type: UNKNOWN
[xorg-announce] 20070403 various integer overflow vulnerabilites in xserver, libX11 and libXfont

Source: CCN
Type: RHSA-2007-0125
Important: XFree86 security update

Source: REDHAT
Type: UNKNOWN
RHSA-2007:0125

Source: CCN
Type: RHSA-2007-0126
Important: xorg-x11 security update

Source: CCN
Type: RHSA-2007-0132
Important: libXfont security update

Source: CCN
Type: RHSA-2007-0150
Moderate: freetype security update

Source: CCN
Type: SA24741
X.Org X11 Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
24741

Source: SECUNIA
Type: UNKNOWN
24745

Source: SECUNIA
Type: UNKNOWN
24756

Source: CCN
Type: SA24758
XFree86 Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
24758

Source: SECUNIA
Type: UNKNOWN
24765

Source: CCN
Type: SA24768
FreeType BDF Font Integer Overflow Vulnerability

Source: SECUNIA
Type: UNKNOWN
24768

Source: SECUNIA
Type: Vendor Advisory
24770

Source: SECUNIA
Type: UNKNOWN
24771

Source: SECUNIA
Type: UNKNOWN
24772

Source: SECUNIA
Type: UNKNOWN
24776

Source: SECUNIA
Type: UNKNOWN
24791

Source: SECUNIA
Type: UNKNOWN
24885

Source: SECUNIA
Type: UNKNOWN
24889

Source: SECUNIA
Type: UNKNOWN
24921

Source: SECUNIA
Type: UNKNOWN
24996

Source: SECUNIA
Type: UNKNOWN
25004

Source: CCN
Type: SA25006
Sun Solaris X11 Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
25006

Source: SECUNIA
Type: UNKNOWN
25096

Source: SECUNIA
Type: UNKNOWN
25195

Source: CCN
Type: SA25216
Avaya CMS / IR X.Org X11 Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
25216

Source: SECUNIA
Type: UNKNOWN
25305

Source: CCN
Type: SA25495
Avaya Products FreeType BDF Font Integer Overflow Vulnerability

Source: SECUNIA
Type: UNKNOWN
25495

Source: CCN
Type: SA25810
Dia FreeType Font Parsing Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
28333

Source: CCN
Type: SA30161
Gentoo ltsp Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
30161

Source: CCN
Type: SA33937
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
33937

Source: GENTOO
Type: UNKNOWN
GLSA-200705-02

Source: GENTOO
Type: UNKNOWN
GLSA-200705-10

Source: CCN
Type: SECTRACK ID: 1017857
X11 Overflows Let Local Users Gain Root Privileges

Source: SLACKWARE
Type: UNKNOWN
SSA:2007-109-01

Source: CONFIRM
Type: UNKNOWN
http://sourceforge.net/project/shownotes.php?group_id=3157&release_id=498954

Source: CONFIRM
Type: UNKNOWN
http://sourceforge.net/project/shownotes.php?release_id=498954

Source: CCN
Type: SourceForge.net: Files
dia Win32 Installer - File Release Notes and Changelog - Release Name: 0.96.1-6

Source: CCN
Type: Sun Alert ID: 102886
Multiple vulnerabilities in libfreetype, Xsun(1) and Xorg(1)

Source: SUNALERT
Type: UNKNOWN
102886

Source: CONFIRM
Type: UNKNOWN
http://support.apple.com/kb/HT3438

Source: CCN
Type: ASA-2007-141
xorg-x11 security update (RHSA-2007-0126)

Source: CCN
Type: ASA-2007-167
XFree86 security update (RHSA-2007-0125)

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2007-178.htm

Source: CCN
Type: ASA-2007-178
Multiple vulnerabilities in libfreetype Xsun(1)sand Xorg(1) (Sun 102886)

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2007-193.htm

Source: CCN
Type: ASA-2007-193
freetype security update (RHSA-2007-0150)

Source: DEBIAN
Type: UNKNOWN
DSA-1294

Source: DEBIAN
Type: UNKNOWN
DSA-1454

Source: DEBIAN
Type: DSA-1294
xfree86 -- several vulnerabilities

Source: DEBIAN
Type: DSA-1454
freetype -- integer overflow

Source: CCN
Type: GLSA-200705-02
FreeType: User-assisted execution of arbitrary code

Source: CCN
Type: GLSA-200705-10
LibXfont, TightVNC: Multiple vulnerabilities

Source: CCN
Type: GLSA-200805-07
Linux Terminal Server Project: Multiple vulnerabilities

Source: GENTOO
Type: UNKNOWN
GLSA-200805-07

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2007:079

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2007:080

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2007:081

Source: SUSE
Type: UNKNOWN
SUSE-SA:2007:027

Source: SUSE
Type: UNKNOWN
SUSE-SR:2007:006

Source: OPENBSD
Type: UNKNOWN
[3.9] 021: SECURITY FIX: April 4, 2007

Source: OPENBSD
Type: UNKNOWN
[4.0] 011: SECURITY FIX: April 4, 2007

Source: REDHAT
Type: UNKNOWN
RHSA-2007:0126

Source: REDHAT
Type: UNKNOWN
RHSA-2007:0132

Source: REDHAT
Type: UNKNOWN
RHSA-2007:0150

Source: BUGTRAQ
Type: UNKNOWN
20070404 rPSA-2007-0065-1 freetype xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs

Source: BUGTRAQ
Type: UNKNOWN
20070405 FLEA-2007-0009-1: xorg-x11 freetype

Source: BID
Type: Patch
23283

Source: CCN
Type: BID-23283
X.Org LibXFont Multiple Local Integer Overflow Vulnerabilities

Source: BID
Type: UNKNOWN
23300

Source: CCN
Type: BID-23300
ImageMagick XGetPixel/XInitImage Multiple Integer Overflow Vulnerabilities

Source: BID
Type: UNKNOWN
23402

Source: CCN
Type: BID-23402
RETIRED: Freetype Font Files Integer Overflow Vulnerability

Source: SECTRACK
Type: UNKNOWN
1017857

Source: TRUSTIX
Type: UNKNOWN
2007-0013

Source: CCN
Type: TLSA-2007-26
Multiple vulnerabilities in xorg-x11

Source: CCN
Type: USN-448-1
X.org vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-448-1

Source: VUPEN
Type: UNKNOWN
ADV-2007-1217

Source: VUPEN
Type: UNKNOWN
ADV-2007-1264

Source: VUPEN
Type: UNKNOWN
ADV-2007-1548

Source: CCN
Type: X.Org Foundation Web site
X.Org Wiki - Home

Source: XF
Type: UNKNOWN
xorg-bdf-font-bo(33417)

Source: XF
Type: UNKNOWN
xorg-bdf-font-bo(33417)

Source: CONFIRM
Type: UNKNOWN
https://issues.rpath.com/browse/RPL-1213

Source: CCN
Type: iDefense Labs PUBLIC ADVISORY: 04.03.07
Multiple Vendor X Server BDF Font Parsing Integer Overflow Vulnerability

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:11266

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1810

Source: SUSE
Type: SUSE-SA:2007:027
XFree86Xorg security problems

Source: SUSE
Type: SUSE-SR:2007:006
SUSE Security Summary Report

Vulnerable Configuration:

Configuration 1:

cpe:/o:ubuntu:ubuntu_linux:5.10:*:amd64:*:*:*:*:*

OR cpe:/o:ubuntu:ubuntu_linux:5.10:*:i386:*:*:*:*:*

OR cpe:/o:ubuntu:ubuntu_linux:5.10:*:powerpc:*:*:*:*:*

OR cpe:/o:ubuntu:ubuntu_linux:5.10:*:sparc:*:*:*:*:*

OR cpe:/o:ubuntu:ubuntu_linux:6.06_lts:*:amd64:*:*:*:*:*

OR cpe:/o:ubuntu:ubuntu_linux:6.06_lts:*:i386:*:*:*:*:*

OR cpe:/o:ubuntu:ubuntu_linux:6.06_lts:*:powerpc:*:*:*:*:*

OR cpe:/o:ubuntu:ubuntu_linux:6.06_lts:*:sparc:*:*:*:*:*

OR cpe:/o:ubuntu:ubuntu_linux:6.10:*:amd64:*:*:*:*:*

OR cpe:/o:ubuntu:ubuntu_linux:6.10:*:i386:*:*:*:*:*

OR cpe:/o:ubuntu:ubuntu_linux:6.10:*:powerpc:*:*:*:*:*

OR cpe:/o:ubuntu:ubuntu_linux:6.10:*:sparc:*:*:*:*:*

Configuration 2:

cpe:/a:x.org:libxfont:1.2.2:*:*:*:*:*:*:*

OR cpe:/a:xfree86_project:x11r6:4.3.0:*:*:*:*:*:*:*

OR cpe:/a:xfree86_project:x11r6:4.3.0.1:*:*:*:*:*:*:*

OR cpe:/a:xfree86_project:x11r6:4.3.0.2:*:*:*:*:*:*:*

Configuration 3:

cpe:/o:rpath:rpath_linux:1:*:*:*:*:*:*:*

Configuration 4:

cpe:/o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3.0:*:advanced_servers:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3.0:*:workstation:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4.0:*:advanced_server:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4.0:*:enterprise_server:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4.0:*:workstation:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5.0:*:desktop:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5.0:*:desktop_workstation:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5.0:*:server:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*

OR cpe:/o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*

Configuration 5:

cpe:/o:openbsd:openbsd:3.9:*:*:*:*:*:*:*

OR cpe:/o:openbsd:openbsd:4.0:*:*:*:*:*:*:*

Configuration 6:

cpe:/o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:x86_64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:x86_64:*:*:*:*:*

AND

cpe:/a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

Configuration RedHat 6:

cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

Configuration RedHat 7:

cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

Configuration RedHat 8:

cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

Configuration RedHat 9:

cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

Configuration CCN 1:

cpe:/a:x:x.org_x11:7.1:*:*:*:*:*:*:*

AND

cpe:/o:sun:solaris:8::sparc:*:*:*:*:*

OR cpe:/o:sun:solaris:9::sparc:*:*:*:*:*

OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*

OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

OR cpe:/o:sun:solaris:10::64bit:*:*:*:*:*

OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*

OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*

OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*

OR cpe:/a:avaya:intuity_audix_lx:*:*:*:*:*:*:*:*

OR cpe:/a:avaya:message_networking:-:*:*:*:*:*:*:*

OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2007::x86_64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*

OR cpe:/o:turbolinux:turbolinux:fuji:*:*:*:*:*:*:*

OR cpe:/o:turbolinux:turbolinux:*:*:personal:*:*:*:*:*

OR cpe:/o:turbolinux:turbolinux:*:*:home:*:*:*:*:*

OR cpe:/o:turbolinux:turbolinux:*:*:multimedia:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2007.1::x86-64:*:*:*:*:*

OR cpe:/a:avaya:communication_manager:2.0:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*

OR cpe:/a:avaya:communication_manager:2.0.1:*:*:*:*:*:*:*

OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*

OR cpe:/o:opensuse:opensuse:10.2:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:42306	P	Security update for openssl-1_1 (Moderate)	2022-07-04
oval:org.opensuse.security:def:20071351	V	CVE-2007-1351	2022-06-30
oval:org.opensuse.security:def:112255	P	freetype2-devel-2.11.0-1.2 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:26225	P	Security update for libsndfile (Important)	2022-01-05
oval:org.opensuse.security:def:31327	P	Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (Important)	2021-12-14
oval:org.opensuse.security:def:31326	P	Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP3) (Important)	2021-12-14
oval:org.opensuse.security:def:26181	P	Security update for mozilla-nss (Important)	2021-12-06
oval:org.opensuse.security:def:33053	P	Security update for xen (Moderate)	2021-12-01
oval:org.opensuse.security:def:26167	P	Security update for php72 (Moderate)	2021-11-19
oval:org.opensuse.security:def:26158	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:32205	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-10-18
oval:org.opensuse.security:def:105782	P	freetype2-devel-2.11.0-1.2 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:32186	P	Security update for MozillaFirefox (Important)	2021-09-22
oval:org.opensuse.security:def:31683	P	Security update for ghostscript (Critical)	2021-09-21
oval:org.opensuse.security:def:31682	P	Security update for openssl (Low)	2021-09-20
oval:org.opensuse.security:def:26128	P	Security update for postgresql13 (Moderate)	2021-09-16
oval:org.opensuse.security:def:31681	P	Security update for gtk-vnc (Moderate)	2021-09-16
oval:org.opensuse.security:def:31676	P	Security update for openexr (Important)	2021-09-02
oval:org.opensuse.security:def:31254	P	Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP3) (Important)	2021-08-25
oval:org.opensuse.security:def:31255	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)	2021-08-25
oval:org.opensuse.security:def:26104	P	Security update for libcares2 (Important)	2021-08-16
oval:org.opensuse.security:def:42108	P	Security update for the Linux Kernel (Important)	2021-08-05
oval:org.opensuse.security:def:31234	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-07-27
oval:org.opensuse.security:def:31235	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)	2021-07-27
oval:org.opensuse.security:def:42107	P	Security update for qemu (Important)	2021-07-27
oval:org.opensuse.security:def:32142	P	Security update for systemd (Important)	2021-07-21
oval:org.opensuse.security:def:26079	P	Security update for gupnp (Important)	2021-06-18
oval:org.opensuse.security:def:42536	P	freetype2-2.3.7-25.35.36.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36129	P	freetype2-2.3.7-25.35.36.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36405	P	freetype2-devel-2.3.7-25.35.36.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:31181	P	Security update for dhcp (Important)	2021-06-01
oval:org.opensuse.security:def:31627	P	Security update for djvulibre (Important)	2021-05-31
oval:org.opensuse.security:def:31180	P	Security update for djvulibre (Important)	2021-05-31
oval:org.opensuse.security:def:31622	P	Security update for graphviz (Critical)	2021-05-19
oval:org.opensuse.security:def:31623	P	Security update for libxml2 (Important)	2021-05-19
oval:org.opensuse.security:def:31170	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:31169	P	Security update for bind (Important)	2021-05-04
oval:org.opensuse.security:def:31168	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:32081	P	Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP3) (Important)	2021-04-28
oval:org.opensuse.security:def:31607	P	Security update for qemu (Important)	2021-04-16
oval:org.opensuse.security:def:26026	P	Security update for cifs-utils (Moderate)	2021-04-13
oval:org.opensuse.security:def:26027	P	Security update for glibc (Important)	2021-04-13
oval:org.opensuse.security:def:26028	P	Security update for xorg-x11-server (Important)	2021-04-13
oval:org.opensuse.security:def:31367	P	Security update for nghttp2 (Important)	2021-03-24
oval:org.opensuse.security:def:31366	P	Security update for wavpack (Important)	2021-03-24
oval:org.opensuse.security:def:33092	P	Security update for wpa_supplicant (Important)	2021-03-09
oval:org.opensuse.security:def:31732	P	Security update for krb5-appl (Important)	2021-02-19
oval:org.opensuse.security:def:31733	P	Security update for java-1_8_0-openjdk (Moderate)	2021-02-19
oval:org.opensuse.security:def:32261	P	Security update for krb5-appl (Important)	2021-02-19
oval:org.opensuse.security:def:31731	P	Security update for java-1_7_1-ibm (Important)	2021-02-18
oval:org.opensuse.security:def:32120	P	Security update for ImageMagick (Important)	2021-01-22
oval:org.opensuse.security:def:26030	P	Security update for php72 (Moderate)	2021-01-14
oval:org.opensuse.security:def:31626	P	Security update for dovecot22 (Important)	2021-01-04
oval:org.opensuse.security:def:31102	P	Security update for xen (Moderate)	2020-12-29
oval:org.opensuse.security:def:25984	P	Security update for cyrus-sasl (Important)	2020-12-28
oval:org.opensuse.security:def:25983	P	Security update for openexr (Moderate)	2020-12-23
oval:org.opensuse.security:def:32824	P	Security update for xen (Important)	2020-12-07
oval:org.opensuse.security:def:35701	P	ft2demos-2.3.7-25.9 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:41955	P	freetype2-2.3.7-25.10.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:25969	P	Security update for xen (Important)	2020-12-03
oval:org.opensuse.security:def:35548	P	freetype2-2.3.7-25.10.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35899	P	freetype2-2.3.7-25.32.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:41956	P	ft2demos-2.3.7-25.9 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:25970	P	Security update for gdm (Important)	2020-12-03
oval:org.opensuse.security:def:35549	P	ft2demos-2.3.7-25.9 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35700	P	freetype2-2.3.7-25.28.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:25966	P	Security update for python-setuptools (Important)	2020-12-02
oval:org.opensuse.security:def:31017	P	Security update for java-1_7_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:25754	P	Security update for flash-player (Moderate)	2020-12-01
oval:org.opensuse.security:def:25818	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:31837	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:25100	P	Security update for qemu (Important)	2020-12-01
oval:org.opensuse.security:def:31378	P	Security update for openssl1 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25734	P	Security update for python3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32049	P	Security update for kvm (Important)	2020-12-01
oval:org.opensuse.security:def:25876	P	Security update for libssh (Moderate)	2020-12-01
oval:org.opensuse.security:def:32513	P	freetype2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25461	P	Security update for cpio (Moderate)	2020-12-01
oval:org.opensuse.security:def:31387	P	Security update for openvpn-openssl1 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25778	P	Security update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:26686	P	dhcpcd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26548	P	freetype2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25456	P	Security update for ghostscript (Important)	2020-12-01
oval:org.opensuse.security:def:31535	P	Security update for samba (Important)	2020-12-01
oval:org.opensuse.security:def:26584	P	libdrm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32349	P	Security update for sqlite3 (Important)	2020-12-01
oval:org.opensuse.security:def:27368	P	apache2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31595	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:25593	P	Security update for openvpn (Moderate)	2020-12-01
oval:org.opensuse.security:def:31976	P	Security update for jasper (Moderate)	2020-12-01
oval:org.opensuse.security:def:26396	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:32415	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:25678	P	Security update for kernel-firmware (Important)	2020-12-01
oval:org.opensuse.security:def:25327	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:26454	P	Security update for python-Jinja2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32863	P	freetype2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31029	P	Security update for java-1_7_0-ibm (Moderate)	2020-12-01
oval:org.opensuse.security:def:25385	P	Security update for MozillaFirefox (Moderate)	2020-12-01
oval:org.opensuse.security:def:31945	P	Security update for gnutls (Important)	2020-12-01
oval:org.opensuse.security:def:26898	P	freetype2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25112	P	Security update for ovmf (Important)	2020-12-01
oval:org.opensuse.security:def:25526	P	Security update for java-1_7_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:31835	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:32627	P	PackageKit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25679	P	Security update for tcpdump (Moderate)	2020-12-01
oval:org.opensuse.security:def:25303	P	Security update for xorg-x11-server (Important)	2020-12-01
oval:org.opensuse.security:def:26296	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:25881	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:31922	P	Security update for ghostscript-library (Important)	2020-12-01
oval:org.opensuse.security:def:26666	P	amavisd-new on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31905	P	Security update for freeradius-server (Moderate)	2020-12-01
oval:org.opensuse.security:def:31988	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:25251	P	Security update for java-1_7_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:25963	P	Security update for ImageMagick (Important)	2020-12-01
oval:org.opensuse.security:def:25676	P	Security update for postgresql, postgresql96, postgresql10 and postgresql12 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32514	P	ft2demos on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25690	P	Security update for LibVNCServer (Important)	2020-12-01
oval:org.opensuse.security:def:31584	P	Security update for tcpdump	2020-12-01
oval:org.opensuse.security:def:26380	P	Security update for irssi (Moderate)	2020-12-01
oval:org.opensuse.security:def:25779	P	Security update for the SUSE Linux Enterprise 12 kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31792	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:26549	P	ft2demos on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25653	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:31536	P	Security update for samba (Moderate)	2020-12-01
oval:org.opensuse.security:def:25831	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:32474	P	Security update for xorg-x11-server (Important)	2020-12-01
oval:org.opensuse.security:def:25101	P	Security update for procps (Important)	2020-12-01
oval:org.opensuse.security:def:25594	P	Security update for targetcli-fb (Moderate)	2020-12-01
oval:org.opensuse.security:def:26672	P	avahi on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26513	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:25954	P	Security update for libvirt (Moderate)	2020-12-01
oval:org.opensuse.security:def:25328	P	Security update for spice (Moderate)	2020-12-01
oval:org.opensuse.security:def:31478	P	Security update for puppet (Moderate)	2020-12-01
oval:org.opensuse.security:def:26255	P	Security update for libqt4 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32310	P	Security update for quagga (Low)	2020-12-01
oval:org.opensuse.security:def:26730	P	krb5-doc on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25536	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:26357	P	Security update for enigmail (Important)	2020-12-01
oval:org.opensuse.security:def:27127	P	freetype2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25263	P	Security update for glibc (Important)	2020-12-01
oval:org.opensuse.security:def:25677	P	Security update for raptor (Important)	2020-12-01
oval:org.opensuse.security:def:32032	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25955	P	Security update for gstreamer-0_10-plugins-bad (Moderate)	2020-12-01
oval:org.opensuse.security:def:25304	P	Security update for apache2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31383	P	Security update for openvpn (Important)	2020-12-01
oval:org.opensuse.security:def:31923	P	Security update for ghostscript-library (Moderate)	2020-12-01
oval:org.opensuse.security:def:26863	P	apache2-mod_jk on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25441	P	Security update for dhcp (Moderate)	2020-12-01
oval:org.opensuse.security:def:31778	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:31989	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:25252	P	Security update for ipmitool (Important)	2020-12-01
oval:org.opensuse.security:def:25175	P	Security update for libssh (Important)	2020-12-01
oval:org.opensuse.security:def:26239	P	Security update for gimp (Moderate)	2020-12-01
oval:org.opensuse.security:def:25828	P	Security update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:31883	P	Security update for dnsmasq (Moderate)	2020-12-01
oval:org.opensuse.security:def:32665	P	freetype2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31813	P	Security update for apache2-mod_jk (Moderate)	2020-12-01
oval:org.opensuse.security:def:31470	P	Security update for ppp	2020-12-01
oval:org.opensuse.security:def:25930	P	Security update for ImageMagick (Important)	2020-12-01
oval:org.opensuse.security:def:31793	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:26700	P	freetype2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31596	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:25882	P	Security update for python-tornado (Moderate)	2020-12-01
oval:org.opensuse.security:def:25832	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:32475	P	Security update for xscreensaver (Moderate)	2020-12-01
oval:org.opensuse.security:def:25253	P	Security update for tomcat (Important)	2020-12-01
oval:org.opensuse.security:def:31452	P	Security update for postgresql10 (Important)	2020-12-01
oval:org.opensuse.security:def:25791	P	Security update for kernel-source (Moderate)	2020-12-01
oval:org.opensuse.security:def:25729	P	Security update for spamassassin (Important)	2020-12-01
oval:org.opensuse.security:def:31770	P	Security update for MozillaFirefox, mozilla-nss, mozilla-nspr (Important)	2020-12-01
oval:org.opensuse.security:def:26514	P	LibVNCServer on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31016	P	Security update for java-1_7_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:25525	P	Security update for ruby2.1 (Important)	2020-12-01
oval:org.opensuse.security:def:31479	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:26531	P	coolkey on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25817	P	Security update for pidgin-otr (Important)	2020-12-01
oval:org.opensuse.security:def:31836	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:25099	P	Security update for systemd (Important)	2020-12-01
oval:org.opensuse.security:def:25537	P	Security update for gnuplot (Moderate)	2020-12-01
oval:org.opensuse.security:def:31820	P	Security update for augeas (Moderate)	2020-12-01
oval:org.opensuse.security:def:26633	P	python on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32371	P	Security update for tcpdump (Moderate)	2020-12-01
oval:org.opensuse.security:def:27403	P	freetype2-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25264	P	Security update for memcached (Moderate)	2020-12-01
oval:org.opensuse.security:def:31386	P	Security update for openvpn-openssl1 (Important)	2020-12-01
oval:org.opensuse.security:def:25875	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26410	P	Security update for freexl (Important)	2020-12-01
oval:org.opensuse.security:def:31018	P	Security update for java-1_7_0-ibm (Moderate)	2020-12-01
oval:org.opensuse.security:def:25455	P	Security update for libjpeg-turbo (Important)	2020-12-01
oval:org.opensuse.security:def:31384	P	Security update for openvpn (Important)	2020-12-01
oval:org.opensuse.security:def:26308	P	Security update for python modules (Low)	2020-12-01
oval:org.opensuse.security:def:27092	P	binutils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31103	P	Security update for kernel-source (Important)	2020-12-01
oval:org.opensuse.security:def:25442	P	Security update for libcaca (Moderate)	2020-12-01
oval:org.opensuse.security:def:31779	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:25449	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:25176	P	Security update for dpdk (Important)	2020-12-01
oval:org.opensuse.security:def:25829	P	Security update for php5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31884	P	Security update for dosfstools (Moderate)	2020-12-01
oval:org.opensuse.security:def:32666	P	ft2demos on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31028	P	Security update for java-1_7_0-ibm (Moderate)	2020-12-01
oval:org.opensuse.security:def:25384	P	Security update for java-1_7_1-ibm (Moderate)	2020-12-01
oval:org.opensuse.security:def:31471	P	Security update for ppp (Moderate)	2020-12-01
oval:org.opensuse.security:def:25931	P	Security update for libcares2 (Low)	2020-12-01
oval:org.opensuse.security:def:31944	P	Security update for gnutls (Moderate)	2020-12-01
oval:org.opensuse.security:def:26701	P	ft2demos on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25111	P	Security update for openssl-1_0_0 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31962	P	Security update for icu (Moderate)	2020-12-01
oval:org.opensuse.security:def:31834	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:32626	P	OpenEXR on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25450	P	Security update for bluez (Moderate)	2020-12-01
oval:org.opensuse.security:def:26020	P	Security update for libraw (Moderate)	2020-12-01
oval:org.opensuse.security:def:25730	P	Security update for glibc (Important)	2020-12-01
oval:org.opensuse.security:def:31771	P	Security update for MozillaFirefox, MozillaFirefox-branding-SLED, firefox-gcc5, mozilla-nss (Important)	2020-12-01
oval:org.opensuse.security:def:26665	P	acpid on GA media (Moderate)	2020-12-01
oval:org.mitre.oval:def:8204	P	DSA-1454 freetype -- integer overflow	2014-06-23
oval:org.mitre.oval:def:20063	P	DSA-1454-1 freetype - arbitrary code execution	2014-06-23
oval:org.mitre.oval:def:22675	P	ELSA-2007:0132: libXfont security update (Important)	2014-05-26
oval:org.mitre.oval:def:21782	P	ELSA-2007:0150: freetype security update (Moderate)	2014-05-26
oval:org.mitre.oval:def:11266	V	Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.	2013-04-29
oval:com.redhat.rhsa:def:20070125	P	RHSA-2007:0125: XFree86 security update (Important)	2008-03-20
oval:com.redhat.rhsa:def:20070126	P	RHSA-2007:0126: xorg-x11 security update (Important)	2008-03-20
oval:org.debian:def:1454	V	integer overflow	2008-01-07
oval:org.mitre.oval:def:1810	V	Multiple vulnerabilities in libfreetype, Xsun(1) and Xorg(1)	2007-09-06
oval:org.debian:def:1294	V	several vulnerabilities	2007-05-17
oval:com.redhat.rhsa:def:20070150	P	RHSA-2007:0150: freetype security update (Moderate)	2007-04-16
oval:com.redhat.rhsa:def:20070132	P	RHSA-2007:0132: libXfont security update (Important)	2007-04-03