Sun Solaris FreeType Multiple Vulnerabilities

Secunia ID	SA37246
CVE-ID	CVE-2009-0946
Release Date	04 Nov 2009
Last Change	26 Feb 2010
Criticality	Moderately Critical
Solution Status	Partial Fix
Where	From remote
Impact	DoS (Denial of Service) This includes vulnerabilities ranging from excessive resource consumption (e.g. causing a system to use a lot of memory) to crashing an application or an entire system. System access This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.
Description	Sun has acknowledged some vulnerabilities in Solaris, which potentially can be exploited by malicious people to compromise an application using the libfreetype library. For more information: SA34723 The vulnerabilities are reported in Solaris 8, 9, and 10 for both the SPARC and x86 platforms.
Solution	Apply patches. -- SPARC Platform -- Solaris 10: Apply patch 119812-07 or later. OpenSolaris: Fixed in build snv_124 and later. -- x86 Platform -- Solaris 10: Apply patch 119813-09 or later. OpenSolaris: Fixed in build snv_124 and later. Solaris 8 and Solaris 9: A final resolution is pending completion. Do not process untrusted font files.
Original Advisory	http://sunsolve.sun.com/search/document.do?assetkey=1-66-270268-1