[gentoo-announce] [ GLSA 201406-11 ] libXfont: Multiple vulnerabilities - gentoo-announce

From:	Mikle Kolyada <zlogene@g.o>
To:	gentoo-announce@g.o
Subject:	[gentoo-announce] [ GLSA 201406-11 ] libXfont: Multiple vulnerabilities
Date:	Sat, 14 Jun 2014 09:15:39
Message-Id:	`539C1369.2010005@gentoo.org`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 201406-11

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                            http://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

 Severity: High

8

    Title: libXfont: Multiple vulnerabilities

9

     Date: June 14, 2014

10

     Bugs: #510250

11

       ID: 201406-11

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

Multiple vulnerabilities have been found in libXfont, the worst of

19

which allow for local privilege escalation. 

20

21

Background

22

==========

23

24

libXfont is an X11 font rasterisation library. 

25

26

Affected packages

27

=================

28

29

    -------------------------------------------------------------------

30

     Package              /     Vulnerable     /            Unaffected

31

    -------------------------------------------------------------------

32

  1  x11-libs/libXfont            < 1.4.8                    >= 1.4.8 

33

34

Description

35

===========

36

37

Multiple vulnerabilities have been discovered in libXfont. Please

38

review the CVE identifiers referenced below for details.

39

40

Impact

41

======

42

43

A context-dependent attacker could use a specially crafted file to gain

44

privileges, cause a Denial of Service condition or possibly execute

45

arbitrary code with the privileges of the process.

46

47

Workaround

48

==========

49

50

There is no known workaround at this time.

51

52

Resolution

53

==========

54

55

All libXfont users should upgrade to the latest version:

56

57

  # emerge --sync

58

  # emerge --ask --oneshot --verbose ">=x11-libs/libXfont-1.4.8"

59

60

References

61

==========

62

63

[ 1 ] CVE-2014-0209

64

      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0209

65

[ 2 ] CVE-2014-0210

66

      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0210

67

[ 3 ] CVE-2014-0211

68

      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0211

69

70

Availability

71

============

72

73

This GLSA and any updates to it are available for viewing at

74

the Gentoo Security Website:

75

76

 http://security.gentoo.org/glsa/glsa-201406-11.xml

77

78

Concerns?

79

=========

80

81

Security is a primary focus of Gentoo Linux and ensuring the

82

confidentiality and security of our users' machines is of utmost

83

importance to us. Any security concerns should be addressed to

84

security@g.o or alternatively, you may file a bug at

85

https://bugs.gentoo.org.

86

87

License

88

=======

89

90

Copyright 2014 Gentoo Foundation, Inc; referenced text

91

belongs to its owner(s).

92

93

The contents of this document are licensed under the

94

Creative Commons - Attribution / Share Alike license.

95

96

http://creativecommons.org/licenses/by-sa/2.5

Gentoo Archives: gentoo-announce

Attachments

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 201406-11
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	http://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: High
8	Title: libXfont: Multiple vulnerabilities
9	Date: June 14, 2014
10	Bugs: #510250
11	ID: 201406-11
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	Multiple vulnerabilities have been found in libXfont, the worst of
19	which allow for local privilege escalation.
20
21	Background
22	==========
23
24	libXfont is an X11 font rasterisation library.
25
26	Affected packages
27	=================
28
29	-------------------------------------------------------------------
30	Package / Vulnerable / Unaffected
31	-------------------------------------------------------------------
32	1 x11-libs/libXfont < 1.4.8 >= 1.4.8
33
34	Description
35	===========
36
37	Multiple vulnerabilities have been discovered in libXfont. Please
38	review the CVE identifiers referenced below for details.
39
40	Impact
41	======
42
43	A context-dependent attacker could use a specially crafted file to gain
44	privileges, cause a Denial of Service condition or possibly execute
45	arbitrary code with the privileges of the process.
46
47	Workaround
48	==========
49
50	There is no known workaround at this time.
51
52	Resolution
53	==========
54
55	All libXfont users should upgrade to the latest version:
56
57	# emerge --sync
58	# emerge --ask --oneshot --verbose ">=x11-libs/libXfont-1.4.8"
59
60	References
61	==========
62
63	[ 1 ] CVE-2014-0209
64	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0209
65	[ 2 ] CVE-2014-0210
66	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0210
67	[ 3 ] CVE-2014-0211
68	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0211
69
70	Availability
71	============
72
73	This GLSA and any updates to it are available for viewing at
74	the Gentoo Security Website:
75
76	http://security.gentoo.org/glsa/glsa-201406-11.xml
77
78	Concerns?
79	=========
80
81	Security is a primary focus of Gentoo Linux and ensuring the
82	confidentiality and security of our users' machines is of utmost
83	importance to us. Any security concerns should be addressed to
84	security@g.o or alternatively, you may file a bug at
85	https://bugs.gentoo.org.
86
87	License
88	=======
89
90	Copyright 2014 Gentoo Foundation, Inc; referenced text
91	belongs to its owner(s).
92
93	The contents of this document are licensed under the
94	Creative Commons - Attribution / Share Alike license.
95
96	http://creativecommons.org/licenses/by-sa/2.5