United States | English [Change]
Welcome, Guest

Nortel response to Sun Solaris Vulnerability in FreeType 2 Font Engine

Description: Sunsolve: http://sunsolve.sun.com/search/document.do?assetkey=1-26-103171-1 Before taking any action please ensure that you are viewing the latest official version of this security advisory by referencing http://www.nortel.com/securityadvisories Sun Microsystems has recently issued Solution document 200033 (formerly Sun Alert 103171) - Security Vulnerability in FreeType 2 Font Engine May Allow Privilege Escalation Due to Heap Overflow. Some Nortel products contain this software as a component and thus are potentially affected by the vulnerabilities addressed. This bulletin provides a multi-product consolidated response for the Nortel products which are potentially affected. This bulletin addresses the following potential vulnerability: An integer overflow leading to a heap overflow vulnerability in the FreeType 2 Font Engine, which is shipped with Solaris, may affect applications that make use of this library. Depending on the application, this may allow a local or remote unprivileged user to crash the application using FreeType (which is a type of Denial of Service), or to execute arbitrary code with the privileges of the application.
Type: Security Advisories
Number: 2008008603, Rev 1
Status: Retired
Date: 2008-06-03


Bulletin Downloads
Title Extension File Size Language
    Nortel response to Sun Solaris Vulnerability in FreeType 2 Font Engine
Checksum: 2e416a082ae3bc962744b9eeb7397d38  [MD5]		 [pdf] 22952 bytes English  




Associated Products
Application Server 5200
BroadBand STP
Bulletin temp product
CDMA Network Manager
CDMA Networks
CDMA SuperNode Data Manager
Circuit Switching
Communication Server 2000
Communication Server 2000 Core Manager
Communication Server 2000 Session Server Trunks
Communication Server 2000-Compact
Communication Server 2100
DMS-100 SSP
DMS-100/200 Local Switching Systems
DMS-250
DMS-500
DMS-Global Services Platform
DMS-STP
DMS-STP/SSP IntegratedNode (INode)
Enterprise Network Management System
Enterprise Policy Manager
Extended Peripheral Module (XPM)
GSM Networks
GSM-UMTS Home Location Register
GSM-UMTS Mobile Switching Center Server
GSM-UMTS SuperNode Data Manager
Integrated Access - Cable
Integrated Element Management System (IEMS)
IP Address Domain Manager
Media Gateway 9000
Media Processing Server (MPS) 100
  
Media Processing Server (MPS) 1000
Media Processing Server (MPS) 500
Meridian SL-100
Multimedia Communication Server 5100
Multiservice Data Manager (MDM)
Optical Manager
Optical Manager Element Adapter
Optical Multiservice Edge 6500
Optical Network Manager
Optivity Policy Services for Business Policy Switch
Optivity Telephony Manager for SL-100
Packet Transit - AAL2
Packet Transit - IP
Packet Trunking - AAL1
Periphonics Common Channel Signaling Server (CCSS)
Periphonics Computer Telephony Extension (CTX)
Periphonics PeriToolsWorkstation
Periphonics Speech Platform
Policy Services application
Preside Management for Metro Optical Networks
Self-Service Portfolio
Spectrum Peripheral Module (SPM)
Speech and Self-Service
Succession Multimedia Communications
SuperNode Data Manager
UMTS Networks
Universal Access - AAL1
Universal Access - IP
VoIP Infrastructure Solutions
Wireless Network Management System (W-NMS)
XA-Core