-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2014:013 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : libxfont Date : January 21, 2014 Affected: Business Server 1.0, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: A vulnerability has been discovered and corrected in libxfont: Stack-based buffer overflow in the bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont 1.1 through 1.4.6 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in a character name in a BDF font file (CVE-2013-6462). The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6462 _______________________________________________________________________ Updated Packages: Mandriva Enterprise Server 5: 21ddd5d021a3721894d8e91769e665e1 mes5/i586/libxfont1-1.3.3-1.2mdvmes5.2.i586.rpm 7279ba4ef6c459df5526e8fd47f8b546 mes5/i586/libxfont1-devel-1.3.3-1.2mdvmes5.2.i586.rpm e57c2ac9880cacb6a8c5555de20242a8 mes5/i586/libxfont1-static-devel-1.3.3-1.2mdvmes5.2.i586.rpm 5c5414a45107d891f13b3694b853bb24 mes5/SRPMS/libxfont-1.3.3-1.2mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: 7bcfca76e624e2fa6856425fe341759b mes5/x86_64/lib64xfont1-1.3.3-1.2mdvmes5.2.x86_64.rpm 9da93243f5c64b958a49716d014598f6 mes5/x86_64/lib64xfont1-devel-1.3.3-1.2mdvmes5.2.x86_64.rpm 9246fa2da72cfdc0632b71d133dedb12 mes5/x86_64/lib64xfont1-static-devel-1.3.3-1.2mdvmes5.2.x86_64.rpm 5c5414a45107d891f13b3694b853bb24 mes5/SRPMS/libxfont-1.3.3-1.2mdvmes5.2.src.rpm Mandriva Business Server 1/X86_64: 8987c8fe13c56daf372157d7af320fa6 mbs1/x86_64/lib64xfont1-1.4.5-2.1.mbs1.x86_64.rpm 5e0a2e81d72fdc0acb4d9cd6ebc102c2 mbs1/x86_64/lib64xfont1-devel-1.4.5-2.1.mbs1.x86_64.rpm aeae88972fbbc4f41cd1540c05506661 mbs1/x86_64/lib64xfont1-static-devel-1.4.5-2.1.mbs1.x86_64.rpm f3e0098239e7e631e0419d302598dacd mbs1/SRPMS/libxfont-1.4.5-2.1.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFS3kCRmqjQ0CJFipgRApmUAJ9LaGz9/zzlykfhq9zAaX+QFDjAAACfegxP KTaV2JDJGCb6clUQC2tY3Tw= =xAAU -----END PGP SIGNATURE-----