Advisories ยป MGASA-2014-0278

Updated libxfont packages fix security vulnerabilities

Publication date: 04 Jul 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-0209 , CVE-2014-0210 , CVE-2014-0211

Description

Ilja van Sprundel discovered that libXfont incorrectly handled font
metadata file parsing. A local attacker could use this issue to cause
libXfont to crash, or possibly execute arbitrary code in order to gain
privileges (CVE-2014-0209).

Ilja van Sprundel discovered that libXfont incorrectly handled X Font
Server replies. A malicious font server could return specially-crafted
data that could cause libXfont to crash, or possibly execute arbitrary
code (CVE-2014-0210, CVE-2014-0211).
                

References

SRPMS

3/core

4/core