Описание
Recommended update for libXfont
This update for libXfont fixes the following issues:
- The original fix for CVE-2015-1804 prevented DWIDTH to be negative. However, the spec states that 'DWIDTH [...] is a vector indicating the position of the next glyph's origin relative to the origin of this glyph'. Consequently, negative DWIDTH values should be allowed. (bsc#958383)
Список пакетов
SUSE Linux Enterprise Desktop 12
libXfont1-1.4.7-7.1
SUSE Linux Enterprise Desktop 12 SP1
libXfont1-1.4.7-7.1
SUSE Linux Enterprise Server 12
libXfont1-1.4.7-7.1
SUSE Linux Enterprise Server 12 SP1
libXfont1-1.4.7-7.1
SUSE Linux Enterprise Server for SAP Applications 12
libXfont1-1.4.7-7.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
libXfont1-1.4.7-7.1
SUSE Linux Enterprise Software Development Kit 12
libXfont-devel-1.4.7-7.1
SUSE Linux Enterprise Software Development Kit 12 SP1
libXfont-devel-1.4.7-7.1
Ссылки
- Link for SUSE-RU-2016:0031-1
- E-Mail link for SUSE-RU-2016:0031-1
- SUSE Security Ratings
- SUSE Bug 958383
- SUSE CVE CVE-2015-1804 page
Описание
The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly perform type conversion for metrics values, which allows remote authenticated users to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via a crafted BDF font file.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libXfont1-1.4.7-7.1
SUSE Linux Enterprise Desktop 12:libXfont1-1.4.7-7.1
SUSE Linux Enterprise Server 12 SP1:libXfont1-1.4.7-7.1
SUSE Linux Enterprise Server 12:libXfont1-1.4.7-7.1
Ссылки
- CVE-2015-1804
- SUSE Bug 921978