Debian: xfstt multiple vulnerabilities

    Date 01 Aug 2003
    Posted By LinuxSecurity Advisories
    There are multiple vulnerabilities in xfstt.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 360-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.                             Matt Zimmerman
    August 1st, 2003               
    - --------------------------------------------------------------------------
    Package        : xfstt
    Vulnerability  : several
    Problem-Type   : remote
    Debian-specific: no
    CVE Ids        : CAN-2003-0581, CAN-2003-0625
    xfstt, a TrueType font server for the X window system was found to
    contain two classes of vulnerabilities:
    - - CAN-2003-0581: a remote attacker could send requests crafted to
      trigger any of several buffer overruns, causing a denial of service or
      possibly executing arbitrary code on the server with the privileges
      of the "nobody" user.
    - - CAN-2003-0625: certain invalid data sent during the connection
      handshake could allow a remote attacker to read certain regions of
      memory belonging to the xfstt process.  This information could be
      used for fingerprinting, or to aid in exploitation of a different
    For the current stable distribution (woody) these problems have been
    fixed in version 1.2.1-3.
    For the unstable distribution (sid), CAN-2003-0581 is fixed in xfstt
    1.5-1, and CAN-2003-0625 will be fixed soon.
    We recommend that you update your xfstt package.
    Upgrade Instructions
    - --------------------
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    Debian GNU/Linux 3.0 alias woody
    - --------------------------------
      Source archives:
          Size/MD5 checksum:      501 962c048c51ad11527a2968dcab0f70cc
          Size/MD5 checksum:   106104 9a5cd36572b2b422e3f13c1c076256b2
      Alpha architecture:
          Size/MD5 checksum:    79490 a5be8fb0fca57ea3397f56060b2e4746
      ARM architecture:
          Size/MD5 checksum:    65656 dee8ba57aec56b3ad9f1a160c4aa928b
      Intel IA-32 architecture:
          Size/MD5 checksum:    66590 0fd927a55db3a257dd1e4c1f1b76ebe4
      Intel IA-64 architecture:
          Size/MD5 checksum:   101308 5b61105d87ac63565f3e653c10935554
      HP Precision architecture:
          Size/MD5 checksum:    74966 f3f8cc0f9b62340a805cda547b04e90b
      Motorola 680x0 architecture:
          Size/MD5 checksum:    65276 e3c46415661c96a46a5a461b8cb7c72c
      Big endian MIPS architecture:
          Size/MD5 checksum:    77998 6008f0a2f2c5133b55db5df1c3d2e6c5
      Little endian MIPS architecture:
          Size/MD5 checksum:    77912 8827f5bdde0e85013ea221b9feb60ae9
      PowerPC architecture:
          Size/MD5 checksum:    65970 d1793d80f35e87b7b094e4343158325e
      IBM S/390 architecture:
          Size/MD5 checksum:    66458 2bd0811824f8a5c90fd77cb2f3d18fcf
      Sun Sparc architecture:
          Size/MD5 checksum:    66234 ba8c136d18589a8265e265b7b89008c3
      These files will probably be moved into the stable distribution on
      its next revision.
    - ---------------------------------------------------------------------------------
    For apt-get: deb stable/updates main
    For dpkg-ftp: dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and

    LinuxSecurity Poll

    Do you feel that the Lawful Access to Encrypted Data Act, which aims to force encryption backdoors, is a threat to US citizens' privacy?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"106","title":"Yes - I am a privacy advocate and I am strongly opposed to this bill.","votes":"19","type":"x","order":"1","pct":95,"resources":[]},{"id":"107","title":"I'm undecided - it has its pros and cons.","votes":"1","type":"x","order":"2","pct":5,"resources":[]},{"id":"108","title":"No - I support this bill and feel that it will help protect against crime and threats to our national security. ","votes":"0","type":"x","order":"3","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200


    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.