what you don't know can hurt you

Debian Security Advisory 2927-1

Debian Security Advisory 2927-1
Posted May 15, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2927-1 - Ilja van Sprundel of IOActive discovered several security issues in the X.Org libXfont library, which may allow a local, authenticated user to attempt to raise privileges; or a remote attacker who can control the font server to attempt to execute code with the privileges of the X server.

tags | advisory, remote, local
systems | linux, debian
advisories | CVE-2014-0209, CVE-2014-0210, CVE-2014-0211
SHA-256 | cdba8e46fc8703f628140a96e5b5758b282928e4bd48ee7dcfc5f3a27f9546c8

Debian Security Advisory 2927-1

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2927-1 security@debian.org
http://www.debian.org/security/ Salvatore Bonaccorso
May 13, 2014 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : libxfont
CVE ID : CVE-2014-0209 CVE-2014-0210 CVE-2014-0211

Ilja van Sprundel of IOActive discovered several security issues in the
X.Org libXfont library, which may allow a local, authenticated user to
attempt to raise privileges; or a remote attacker who can control the
font server to attempt to execute code with the privileges of the X
server.

CVE-2014-0209

Integer overflow of allocations in font metadata file parsing could
allow a local user who is already authenticated to the X server to
overwrite other memory in the heap.

CVE-2014-0210

libxfont does not validate length fields when parsing xfs protocol
replies allowing to write past the bounds of allocated memory when
storing the returned data from the font server.

CVE-2014-0211

Integer overflows calculating memory needs for xfs replies could
result in allocating too little memory and then writing the returned
data from the font server past the end of the allocated buffer.

For the oldstable distribution (squeeze), these problems have been fixed in
version 1:1.4.1-5.

For the stable distribution (wheezy), these problems have been fixed in
version 1:1.4.5-4.

For the unstable distribution (sid), these problems have been fixed in
version 1:1.4.7-2.

We recommend that you upgrade your libxfont packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCgAGBQJTcpOwAAoJEAVMuPMTQ89EAMcP/RAQrmwMUCRDwR/Xiz13sc9P
w1xR0K2srs3WP/i/EcBn8rWJH+4CnoCDsOeTlyfD2e748FZD1JmKDNFsWxi8t7h7
f7LnuQARbKHbscGiGRe0NFY6cNMDgjINfjMhNZfmxfxWxotNrKvJNBBec0mWKJZT
K70Nj0SLKOGQF5zsQQcLjnlzH+UfklQ8druT+ToHx0SiMobQOsV97Go32nTTuGEX
R/V+XaX+AdOnJO9GPw7qWI1/2nmrw2E/nHdak3Q7yVICGCSCNGiUfursHVNKYEA5
CEyk3Y0K1Ydb0dycNbEOJDTMZJUE2Nbxd64EZ0zx+bYdxM1Zoyht4Dm8MBRq0FXI
K5XZlf4D//TuKNvw5p4cX7sbRlO/guDtKhyvSgUKSIk1ELXSsuYwnU2Eb4lAN/p7
7GKJ+u6UXUO3b7Nz4G8mCqLENPyqAbSh7t0TB/GtZFfZ+VLSBNmuOa7BwnmlPg1J
Vcl19w5ua3XkCP86CL4cnsGRycPyt/ml8LSuO3WBhHC1np4t1i/oCOIDYtEJlnRf
9FkN20dxqgc1zKDS7QdJof5q0PKOMjcJ5jUR2l+++BRO+0fQuYoqv38B9WMG7Ljd
upRU+64CeljuEcZDYnRAqApRhmHn4Tu8AYP9lqoXIdY/Rpgqo4ytHq70QVeqq68s
QspMgBVG6UVqa12tpy+w
=cqfo
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    0 Files
  • 17
    May 17th
    0 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close