Package name
libxfont
Date
2014-07-09
Advisory ID
MDVSA-2014:132
Affected versions
MBS1 x86_64

Problem description

Updated libxfont packages fix security vulnerabilities:

Ilja van Sprundel discovered that libXfont incorrectly handled font
metadata file parsing. A local attacker could use this issue to cause
libXfont to crash, or possibly execute arbitrary code in order to
gain privileges (CVE-2014-0209).

Ilja van Sprundel discovered that libXfont incorrectly handled X Font
Server replies. A malicious font server could return specially-crafted
data that could cause libXfont to crash, or possibly execute arbitrary
code (CVE-2014-0210, CVE-2014-0211).

Updated packages

MBS1 x86_64

 4f39de10316b1527b1c32d5f756dcef9  mbs1/x86_64/lib64xfont1-1.4.5-2.2.mbs1.x86_64.rpm
 d68016ac4f6fde1544dec8564fa88957  mbs1/x86_64/lib64xfont1-devel-1.4.5-2.2.mbs1.x86_64.rpm
 6cce20596a6edab6490899c04a0cb6ea  mbs1/x86_64/lib64xfont1-static-devel-1.4.5-2.2.mbs1.x86_64.rpm 
 f86ce76eddbbe9fac7ed98a2b39afc73  mbs1/SRPMS/libxfont-1.4.5-2.2.mbs1.src.rpm

References