Synopsis: Important: libXfont security update Advisory ID: SLSA-2014:1870-1 Issue Date: 2014-11-18 CVE Numbers: CVE-2014-0211 CVE-2014-0210 CVE-2014-0209 -- A use-after-free flaw was found in the way libXfont processed certain font files when attempting to add a new directory to the font path. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. (CVE-2014-0209) Multiple out-of-bounds write flaws were found in the way libXfont parsed replies received from an X.org font server. A malicious X.org server could cause an X client to crash or, possibly, execute arbitrary code with the privileges of the X.Org server. (CVE-2014-0210, CVE-2014-0211) All running X.Org server instances must be restarted for the update to take effect. -- SL6 x86_64 libXfont-devel-1.4.5-4.el6_6.x86_64.rpm libXfont-devel-1.4.5-4.el6_6.i686.rpm libXfont-1.4.5-4.el6_6.i686.rpm libXfont-1.4.5-4.el6_6.x86_64.rpm libXfont-debuginfo-1.4.5-4.el6_6.x86_64.rpm libXfont-debuginfo-1.4.5-4.el6_6.i686.rpm srpm libXfont-1.4.5-4.el6_6.src.rpm i386 libXfont-devel-1.4.5-4.el6_6.i686.rpm libXfont-1.4.5-4.el6_6.i686.rpm libXfont-debuginfo-1.4.5-4.el6_6.i686.rpm noarch libXfont-debuginfo-1.4.5-4.el6_6.i686.rpm libXfont-debuginfo-1.4.5-4.el6_6.x86_64.rpm SL7 x86_64 libXfont-devel-1.4.7-2.el7_0.i686.rpm libXfont-1.4.7-2.el7_0.x86_64.rpm libXfont-devel-1.4.7-2.el7_0.x86_64.rpm libXfont-1.4.7-2.el7_0.i686.rpm libXfont-debuginfo-1.4.7-2.el7_0.i686.rpm libXfont-debuginfo-1.4.7-2.el7_0.x86_64.rpm srpm libXfont-1.4.7-2.el7_0.src.rpm noarch libXfont-debuginfo-1.4.7-2.el7_0.i686.rpm libXfont-debuginfo-1.4.7-2.el7_0.x86_64.rpm - Scientific Linux Development Team