Synopsis :

These remote packages are missing security patches :
- freetype2-demos
- libfreetype6
- libfreetype6-dev

Description :

Tavis Ormandy discovered that FreeType did not correctly handle certain
large values in font files. If a user were tricked into using a specially
crafted font file, a remote attacker could execute arbitrary code with user
privileges.

Solution :

Upgrade to :
- freetype2-demos-2.3.9-4ubuntu0.1 (Ubuntu 9.04)
- libfreetype6-2.3.9-4ubuntu0.1 (Ubuntu 9.04)
- libfreetype6-dev-2.3.9-4ubuntu0.1 (Ubuntu 9.04)

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)



only registered users with at least 25 hack challenge points can see links:
  click here in order to visit the hack challenges