Explore top 10 tips to secure your open-source projects now. Read More
×
Date: Tue, 18 Nov 2014 20:43:56 +0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific LinuxFrom: Pat Riehecky Subject: Security ERRATA Important: libXfont on SL6.x, SL7.x i386/srpm/x86_64 MIME-Version: 1.0 Synopsis: Important: libXfont security update Advisory ID: SLSA-2014:1870-1 Issue Date: 2014-11-18 CVE Numbers: CVE-2014-0211 CVE-2014-0210 CVE-2014-0209 -- A use-after-free flaw was found in the way libXfont processed certain font files when attempting to add a new directory to the font path. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. (CVE-2014-0209) Multiple out-of-bounds write flaws were found in the way libXfont parsed replies received from an X.org font server. A malicious X.org server could cause an X client to crash or, possibly, execute arbitrary code with the privileges of the X.Org server. (CVE-2014-0210, CVE-2014-0211) All running X.Org server instances must be restarted for the update to take effect. -- SL6 x86_64 libXfont-devel-1.4.5-4.el6_6.x86_64.rpm libXfont-devel-1.4.5-4.el6_6.i686.rpm libXfont-1.4.5-4.el6_6.i686.rpm libXfont-1.4.5-4.el6_6.x86_64.rpm libXfont-debuginfo-1.4.5-4.el6_6.x86_64.rpm libXfont-debuginfo-1.4.5-4.el6_6.i686.rpm srpm libXfont-1.4.5-4.el6_6.src.rpm i386 libXfont-devel-1.4.5-4.el6_6.i686.rpm libXfont-1.4.5-4.el6_6.i686.rpm libXfont-debuginfo-1.4.5-4.el6_6.i686.rpm noarch libXfont-debuginfo-1.4.5-4.el6_6.i686.rpm libXfont-debuginfo-1.4.5-4.el6_6.x86_64.rpm SL7 x86_64 libXfont-devel-1.4.7-2.el7_0.i686.rpm libXfont-1.4.7-2.el7_0.x86_64.rpm libXfont-devel-1.4.7-2.el7_0.x86_64.rpm libXfont-1.4.7-2.el7_0.i686.rpm libXfont-debuginfo-1.4.7-2.el7_0.i686.rpm libXfont-debuginfo-1.4.7-2.el7_0.x86_64.rpm srpm libXfont-1.4.7-2.el7_0.src.rpm noarch libXfont-debuginfo-1.4.7-2.el7_0.i686.rpm libXfont-debuginfo-1.4.7-2.el7_0.x86_64.rpm - Scientific Linux Development Team