Synopsis: Important: libXfont security update
Advisory ID: SLSA-2014:1893-1
Issue Date: 2014-11-24
CVE Numbers: CVE-2014-0211
CVE-2014-0210
CVE-2014-0209
—
A use-after-free flaw was found in the way libXfont processed certain font
files when attempting to add a new directory to the font path. A
malicious, local user could exploit this issue to potentially execute
arbitrary code with the privileges of the X.Org server. (CVE-2014-0209)
Multiple out-of-bounds write flaws were found in the way libXfont parsed
replies received from an X.org font server. A malicious X.org server could
cause an X client to crash or, possibly, execute arbitrary code with the
privileges of the X.Org server. (CVE-2014-0210, CVE-2014-0211)
All running X.Org server instances must be restarted for the update to
take effect.
—
SL5
x86_64
libXfont-1.2.2-1.0.6.el5_11.i386.rpm
libXfont-1.2.2-1.0.6.el5_11.x86_64.rpm
libXfont-debuginfo-1.2.2-1.0.6.el5_11.i386.rpm
libXfont-debuginfo-1.2.2-1.0.6.el5_11.x86_64.rpm
libXfont-devel-1.2.2-1.0.6.el5_11.i386.rpm
libXfont-devel-1.2.2-1.0.6.el5_11.x86_64.rpm
i386
libXfont-1.2.2-1.0.6.el5_11.i386.rpm
libXfont-debuginfo-1.2.2-1.0.6.el5_11.i386.rpm
libXfont-devel-1.2.2-1.0.6.el5_11.i386.rpm
– Scientific Linux Development Team
