Synopsis:          Important: libXfont security update
Advisory ID:       SLSA-2015:1708-1
Issue Date:        2015-09-03
CVE Numbers:       CVE-2015-1802
                   CVE-2015-1803
                   CVE-2015-1804
--

An integer overflow flaw was found in the way libXfont processed certain
Glyph Bitmap Distribution Format (BDF) fonts. A malicious, local user
could use this flaw to crash the X.Org server or, potentially, execute
arbitrary code with the privileges of the X.Org server. (CVE-2015-1802)

An integer truncation flaw was discovered in the way libXfont processed
certain Glyph Bitmap Distribution Format (BDF) fonts. A malicious, local
user could use this flaw to crash the X.Org server or, potentially,
execute arbitrary code with the privileges of the X.Org server.
(CVE-2015-1804)

A NULL pointer dereference flaw was discovered in the way libXfont
processed certain Glyph Bitmap Distribution Format (BDF) fonts. A
malicious, local user could use this flaw to crash the X.Org server.
(CVE-2015-1803)
--

SL6
  x86_64
    libXfont-1.4.5-5.el6_7.x86_64.rpm
    libXfont-debuginfo-1.4.5-5.el6_7.x86_64.rpm
    libXfont-1.4.5-5.el6_7.i686.rpm
    libXfont-debuginfo-1.4.5-5.el6_7.i686.rpm
    libXfont-devel-1.4.5-5.el6_7.i686.rpm
    libXfont-devel-1.4.5-5.el6_7.x86_64.rpm
  i386
    libXfont-1.4.5-5.el6_7.i686.rpm
    libXfont-debuginfo-1.4.5-5.el6_7.i686.rpm
    libXfont-devel-1.4.5-5.el6_7.i686.rpm
SL7
  x86_64
    libXfont-1.4.7-3.el7_1.i686.rpm
    libXfont-1.4.7-3.el7_1.x86_64.rpm
    libXfont-debuginfo-1.4.7-3.el7_1.i686.rpm
    libXfont-debuginfo-1.4.7-3.el7_1.x86_64.rpm
    libXfont-devel-1.4.7-3.el7_1.i686.rpm
    libXfont-devel-1.4.7-3.el7_1.x86_64.rpm

- Scientific Linux Development Team