Rapid7 Vulnerability & Exploit Database

RHSA-2015:1708: libXfont security update

Back to Search

RHSA-2015:1708: libXfont security update

Severity
9
CVSS
(AV:N/AC:M/Au:S/C:C/I:C/A:C)
Published
03/20/2015
Created
07/25/2018
Added
09/07/2015
Modified
07/04/2017

Description

The libXfont package provides the X.Org libXfont runtime library. X.Org isan open source implementation of the X Window System.An integer overflow flaw was found in the way libXfont processed certainGlyph Bitmap Distribution Format (BDF) fonts. A malicious, local user coulduse this flaw to crash the X.Org server or, potentially, execute arbitrarycode with the privileges of the X.Org server. (CVE-2015-1802)An integer truncation flaw was discovered in the way libXfont processedcertain Glyph Bitmap Distribution Format (BDF) fonts. A malicious, localuser could use this flaw to crash the X.Org server or, potentially, executearbitrary code with the privileges of the X.Org server. (CVE-2015-1804)A NULL pointer dereference flaw was discovered in the way libXfontprocessed certain Glyph Bitmap Distribution Format (BDF) fonts.A malicious, local user could use this flaw to crash the X.Org server.(CVE-2015-1803)All libXfont users are advised to upgrade to this updated package, whichcontains backported patches to correct these issues.

Solution(s)

  • redhat-upgrade-libxfont
  • redhat-upgrade-libxfont-debuginfo
  • redhat-upgrade-libxfont-devel

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;