openSUSE-SU-2015:2300-1

Опубликовано: 18 дек. 2015

Источник: suse-cvrf

Описание

Security update for libXfont

This update for libXfont fixes the following issue:

A negative DWIDTH is legal. This was broken by the security fix for CVE-2015-1804. (boo#958383).

Список пакетов

openSUSE Leap 42.1

libXfont-1.5.1-7.1

libXfont-devel-1.5.1-7.1

libXfont-devel-32bit-1.5.1-7.1

libXfont1-1.5.1-7.1

libXfont1-32bit-1.5.1-7.1

Ссылки

https://lists.opensuse.org/opensuse-updates/2015-12/msg00074.html
E-Mail link for openSUSE-SU-2015:2300-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly perform type conversion for metrics values, which allows remote authenticated users to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via a crafted BDF font file.

Затронутые продукты

openSUSE Leap 42.1:libXfont-1.5.1-7.1

openSUSE Leap 42.1:libXfont-devel-1.5.1-7.1

openSUSE Leap 42.1:libXfont-devel-32bit-1.5.1-7.1

openSUSE Leap 42.1:libXfont1-1.5.1-7.1

Ссылки

https://www.suse.com/security/cve/CVE-2015-1804.html
CVE-2015-1804
https://bugzilla.suse.com/921978
SUSE Bug 921978

openSUSE-SU-2015:2300-1

Описание

Список пакетов

openSUSE Leap 42.1

Ссылки

Уязвимость: CVE-2015-1804

Описание

Затронутые продукты

Ссылки