[go: up one dir, main page]
|
|
Log in / Subscribe / Register

Scientific Linux alert SLSA-2014:1870-1 (libXfont)



From:
    	      Pat Riehecky <riehecky@fnal.gov> 


To:
    	      <scientific-linux-errata@listserv.fnal.gov> 


Subject:
    	      Security ERRATA Important: libXfont on SL6.x, SL7.x i386/srpm/x86_64 


Date:
    	      Tue, 18 Nov 2014 20:43:56 +0000


Message-ID:
    	      <20141118204356.26732.99144@slpackages.fnal.gov>


Synopsis:          Important: libXfont security update
Advisory ID:       SLSA-2014:1870-1
Issue Date:        2014-11-18
CVE Numbers:       CVE-2014-0211
                   CVE-2014-0210
                   CVE-2014-0209
--

A use-after-free flaw was found in the way libXfont processed certain font
files when attempting to add a new directory to the font path. A
malicious, local user could exploit this issue to potentially execute
arbitrary code with the privileges of the X.Org server. (CVE-2014-0209)

Multiple out-of-bounds write flaws were found in the way libXfont parsed
replies received from an X.org font server. A malicious X.org server could
cause an X client to crash or, possibly, execute arbitrary code with the
privileges of the X.Org server. (CVE-2014-0210, CVE-2014-0211)

All running X.Org server instances must be restarted for the update to
take effect.
--

SL6
  x86_64
    libXfont-devel-1.4.5-4.el6_6.x86_64.rpm
    libXfont-devel-1.4.5-4.el6_6.i686.rpm
    libXfont-1.4.5-4.el6_6.i686.rpm
    libXfont-1.4.5-4.el6_6.x86_64.rpm
    libXfont-debuginfo-1.4.5-4.el6_6.x86_64.rpm
    libXfont-debuginfo-1.4.5-4.el6_6.i686.rpm
  srpm
    libXfont-1.4.5-4.el6_6.src.rpm
  i386
    libXfont-devel-1.4.5-4.el6_6.i686.rpm
    libXfont-1.4.5-4.el6_6.i686.rpm
    libXfont-debuginfo-1.4.5-4.el6_6.i686.rpm
  noarch
    libXfont-debuginfo-1.4.5-4.el6_6.i686.rpm
    libXfont-debuginfo-1.4.5-4.el6_6.x86_64.rpm
SL7
  x86_64
    libXfont-devel-1.4.7-2.el7_0.i686.rpm
    libXfont-1.4.7-2.el7_0.x86_64.rpm
    libXfont-devel-1.4.7-2.el7_0.x86_64.rpm
    libXfont-1.4.7-2.el7_0.i686.rpm
    libXfont-debuginfo-1.4.7-2.el7_0.i686.rpm
    libXfont-debuginfo-1.4.7-2.el7_0.x86_64.rpm
  srpm
    libXfont-1.4.7-2.el7_0.src.rpm
  noarch
    libXfont-debuginfo-1.4.7-2.el7_0.i686.rpm
    libXfont-debuginfo-1.4.7-2.el7_0.x86_64.rpm

- Scientific Linux Development Team
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds