Описание
ELSA-2015-1708: libXfont security update (IMPORTANT)
[1.4.5-5]
- CVE-2015-1802: missing range check in bdfReadProperties (bug 1258892)
- CVE-2015-1803: crash on invalid read in bdfReadCharacters (bug 1258892)
- CVE-2015-1804: out-of-bounds memory access in bdfReadCharacters (bug 1258892)
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
libXfont
1.4.5-5.el6_7
libXfont-devel
1.4.5-5.el6_7
Oracle Linux i686
libXfont
1.4.5-5.el6_7
libXfont-devel
1.4.5-5.el6_7
Oracle Linux sparc64
libXfont
1.4.5-5.el6_7
libXfont-devel
1.4.5-5.el6_7
Oracle Linux 7
Oracle Linux x86_64
libXfont
1.4.7-3.el7_1
libXfont-devel
1.4.7-3.el7_1
Связанные CVE
Связанные уязвимости
The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly handle character bitmaps it cannot read, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a crafted BDF font file.
The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly handle character bitmaps it cannot read, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a crafted BDF font file.
The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly handle character bitmaps it cannot read, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a crafted BDF font file.