SCIENTIFIC-LINUX-ERRATA Archives

November 2014

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Important: libXfont on SL5.x i386/x86_64
From:
Pat Riehecky <[log in to unmask]>
Reply To:
[log in to unmask]
Date:
Mon, 24 Nov 2014 22:07:32 +0000
Content-Type:
text/plain
Parts/Attachments:
text/plain (37 lines) 
Synopsis:          Important: libXfont security update
Advisory ID:       SLSA-2014:1893-1
Issue Date:        2014-11-24
CVE Numbers:       CVE-2014-0211
                   CVE-2014-0210
                   CVE-2014-0209
--

A use-after-free flaw was found in the way libXfont processed certain font
files when attempting to add a new directory to the font path. A
malicious, local user could exploit this issue to potentially execute
arbitrary code with the privileges of the X.Org server. (CVE-2014-0209)

Multiple out-of-bounds write flaws were found in the way libXfont parsed
replies received from an X.org font server. A malicious X.org server could
cause an X client to crash or, possibly, execute arbitrary code with the
privileges of the X.Org server. (CVE-2014-0210, CVE-2014-0211)

All running X.Org server instances must be restarted for the update to
take effect.
--

SL5
  x86_64
    libXfont-1.2.2-1.0.6.el5_11.i386.rpm
    libXfont-1.2.2-1.0.6.el5_11.x86_64.rpm
    libXfont-debuginfo-1.2.2-1.0.6.el5_11.i386.rpm
    libXfont-debuginfo-1.2.2-1.0.6.el5_11.x86_64.rpm
    libXfont-devel-1.2.2-1.0.6.el5_11.i386.rpm
    libXfont-devel-1.2.2-1.0.6.el5_11.x86_64.rpm
  i386
    libXfont-1.2.2-1.0.6.el5_11.i386.rpm
    libXfont-debuginfo-1.2.2-1.0.6.el5_11.i386.rpm
    libXfont-devel-1.2.2-1.0.6.el5_11.i386.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2