Updated libxfont packages fix security vulnerabilities
Publication date: 04 Jul 2014Modification date: 04 Jul 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-0209 , CVE-2014-0210 , CVE-2014-0211
Description
Ilja van Sprundel discovered that libXfont incorrectly handled font
metadata file parsing. A local attacker could use this issue to cause
libXfont to crash, or possibly execute arbitrary code in order to gain
privileges (CVE-2014-0209).
Ilja van Sprundel discovered that libXfont incorrectly handled X Font
Server replies. A malicious font server could return specially-crafted
data that could cause libXfont to crash, or possibly execute arbitrary
code (CVE-2014-0210, CVE-2014-0211).
References
- https://bugs.mageia.org/show_bug.cgi?id=13373
- http://www.ubuntu.com/usn/usn-2211-1/
- http://lists.x.org/archives/xorg-announce/2014-May/002431.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0209
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0210
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0211
SRPMS
3/core
- libxfont-1.4.5-3.2.mga3
4/core
- libxfont-1.4.7-1.1.mga4