Date:         Mon, 24 Nov 2014 22:07:32 +0000
Reply-To:     scientific-linux-users@listserv.fnal.gov
Sender:       Security Errata for Scientific Linux
              
From:         Pat Riehecky 
Subject:      Security ERRATA Important: libXfont on SL5.x i386/x86_64
MIME-Version: 1.0

Synopsis:          Important: libXfont security update
Advisory ID:       SLSA-2014:1893-1
Issue Date:        2014-11-24
CVE Numbers:       CVE-2014-0211
                   CVE-2014-0210
                   CVE-2014-0209
--

A use-after-free flaw was found in the way libXfont processed certain font
files when attempting to add a new directory to the font path. A
malicious, local user could exploit this issue to potentially execute
arbitrary code with the privileges of the X.Org server. (CVE-2014-0209)

Multiple out-of-bounds write flaws were found in the way libXfont parsed
replies received from an X.org font server. A malicious X.org server could
cause an X client to crash or, possibly, execute arbitrary code with the
privileges of the X.Org server. (CVE-2014-0210, CVE-2014-0211)

All running X.Org server instances must be restarted for the update to
take effect.
--

SL5
  x86_64
    libXfont-1.2.2-1.0.6.el5_11.i386.rpm
    libXfont-1.2.2-1.0.6.el5_11.x86_64.rpm
    libXfont-debuginfo-1.2.2-1.0.6.el5_11.i386.rpm
    libXfont-debuginfo-1.2.2-1.0.6.el5_11.x86_64.rpm
    libXfont-devel-1.2.2-1.0.6.el5_11.i386.rpm
    libXfont-devel-1.2.2-1.0.6.el5_11.x86_64.rpm
  i386
    libXfont-1.2.2-1.0.6.el5_11.i386.rpm
    libXfont-debuginfo-1.2.2-1.0.6.el5_11.i386.rpm
    libXfont-devel-1.2.2-1.0.6.el5_11.i386.rpm

- Scientific Linux Development Team