Synopsis:          Important: libXfont security update
Advisory ID:       SLSA-2014:1870-1
Issue Date:        2014-11-18
CVE Numbers:       CVE-2014-0211
                   CVE-2014-0210
                   CVE-2014-0209
--

A use-after-free flaw was found in the way libXfont processed certain font
files when attempting to add a new directory to the font path. A
malicious, local user could exploit this issue to potentially execute
arbitrary code with the privileges of the X.Org server. (CVE-2014-0209)

Multiple out-of-bounds write flaws were found in the way libXfont parsed
replies received from an X.org font server. A malicious X.org server could
cause an X client to crash or, possibly, execute arbitrary code with the
privileges of the X.Org server. (CVE-2014-0210, CVE-2014-0211)

All running X.Org server instances must be restarted for the update to
take effect.
--

SL6
  x86_64
    libXfont-devel-1.4.5-4.el6_6.x86_64.rpm
    libXfont-devel-1.4.5-4.el6_6.i686.rpm
    libXfont-1.4.5-4.el6_6.i686.rpm
    libXfont-1.4.5-4.el6_6.x86_64.rpm
    libXfont-debuginfo-1.4.5-4.el6_6.x86_64.rpm
    libXfont-debuginfo-1.4.5-4.el6_6.i686.rpm
  srpm
    libXfont-1.4.5-4.el6_6.src.rpm
  i386
    libXfont-devel-1.4.5-4.el6_6.i686.rpm
    libXfont-1.4.5-4.el6_6.i686.rpm
    libXfont-debuginfo-1.4.5-4.el6_6.i686.rpm
  noarch
    libXfont-debuginfo-1.4.5-4.el6_6.i686.rpm
    libXfont-debuginfo-1.4.5-4.el6_6.x86_64.rpm
SL7
  x86_64
    libXfont-devel-1.4.7-2.el7_0.i686.rpm
    libXfont-1.4.7-2.el7_0.x86_64.rpm
    libXfont-devel-1.4.7-2.el7_0.x86_64.rpm
    libXfont-1.4.7-2.el7_0.i686.rpm
    libXfont-debuginfo-1.4.7-2.el7_0.i686.rpm
    libXfont-debuginfo-1.4.7-2.el7_0.x86_64.rpm
  srpm
    libXfont-1.4.7-2.el7_0.src.rpm
  noarch
    libXfont-debuginfo-1.4.7-2.el7_0.i686.rpm
    libXfont-debuginfo-1.4.7-2.el7_0.x86_64.rpm

- Scientific Linux Development Team