GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Sat Jun 14, 2014 9:26 am Post subject: [ GLSA 201406-11 ] libXfont: Multiple vulnerabilities |
|
|
Gentoo Linux Security Advisory
Title: libXfont: Multiple vulnerabilities (GLSA 201406-11)
Severity: high
Exploitable: local, remote
Date: June 14, 2014
Bug(s): #510250
ID: 201406-11
Synopsis
Multiple vulnerabilities have been found in libXfont, the worst of
which allow for local privilege escalation.
Background
libXfont is an X11 font rasterisation library.
Affected Packages
Package: x11-libs/libXfont
Vulnerable: < 1.4.8
Unaffected: >= 1.4.8
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in libXfont. Please review
the CVE identifiers referenced below for details.
Impact
A context-dependent attacker could use a specially crafted file to gain
privileges, cause a Denial of Service condition or possibly execute
arbitrary code with the privileges of the process.
Workaround
There is no known workaround at this time.
Resolution
All libXfont users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=x11-libs/libXfont-1.4.8"
|
References
CVE-2014-0209
CVE-2014-0210
CVE-2014-0211 |
|