Scribd Logo
Upload

Welcome to Scribd!

  • Vulnera Bili Dad Es 8

    Uploaded by

    Miguel Angel
    25 views1 page
    VULNERABILIDADES

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    VULNERABILIDADES

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    25 views1 page

    Vulnera Bili Dad Es 8

    Uploaded by

    Miguel Angel
    VULNERABILIDADES

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 1

    First Detected: 09/02/2021 at 11:01:52 PM (GMT+0100)

    Last Detected: 11/02/2021 at 09:54:24 PM (GMT+0100)


    Times Detected: 11
    Last Fixed: N/A

    CVSS Environment:
    Asset Group: -
    Collateral Damage Potential: -
    Target Distribution: -
    Confidentiality Requirement: -
    Integrity Requirement: -
    Availability Requirement: -

    THREAT:
    FreeType is a free, high-quality, portable font engine that can open and manage font files. FreeType loads, hints, and renders individual glyphs
    efficiently.
    Security Fix(es): freetype: Heap-based buffer overflow due to integer truncation in Load_SBit_Png (CVE-2020-15999)
    Affected Products: Red Hat Enterprise Linux Server 7 x86_64 Red Hat Enterprise Linux Workstation 7 x86_64
    Red Hat Enterprise Linux Desktop 7 x86_64 Red Hat Enterprise Linux for IBM z Systems 7 s390x Red Hat
    Enterprise Linux for Power, big endian 7 ppc64 Red Hat Enterprise Linux for Scientific Computing 7 x86_64 Red Hat
    Enterprise Linux for Power, little endian 7 ppc64le

    IMPACT:
    On successful exploitation it could allow an attacker to execute code.

    SOLUTION:
    Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system (https://access.redhat.com/
    articles/11258) for details.
    Refer to Red Hat security advisory RHSA-2020:4907 (https://access.redhat.com/errata/RHSA-2020:4907) to address this issue and obtain more
    information.
    Patch:
    Following are links for downloading patches to fix the vulnerabilities:
    RHSA-2020:4907: Red Hat Enterprise Linux (https://access.redhat.com/errata/RHSA-2020:4907)

    COMPLIANCE:
    Not Applicable

    EXPLOITABILITY:
    There is no exploitability information for this vulnerability.

    ASSOCIATED MALWARE:
    There is no malware information for this vulnerability.

    RESULTS:
    Package Installed Version Required Version
    freetype 2.4.11-15.el7.x86_64 2.8-14.el7_9.1

    4 Red Hat Update for kernel (RHSA-2018:1318) CVSS: - CVSS3: 7 Active

    QID: 236763 CVSS Base: 7.2


    Category: RedHat CVSS Temporal: 5.6
    CVE ID: CVE-2017-16939, CVE-2018-1068, CVE-2018-1087, CVE-2018-1091, CVE-2018-8897,
    CVE-2018-1000199
    Vendor Reference: RHSA-2018:1318
    Bugtraq ID: 103459, 103603, 102760, 101954, 103732, 104071, 104127
    Service Modified: 10/05/2018 CVSS3 Base: 7.8
    User Modified: - CVSS3 Temporal: 7
    Edited: No
    PCI Vuln: Yes
    Ticket State:

    First Detected: 09/02/2021 at 11:01:52 PM (GMT+0100)


    Last Detected: 11/02/2021 at 09:54:24 PM (GMT+0100)
    Times Detected: 11
    CO-NO PROD page 202
    Last Fixed: N/A

    You might also like