Ubuntu Security Notice USN-2536-1
18th March, 2015
libxfont vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary
libXfont could be made to crash or run programs as an administrator
if it opened a specially crafted bdf font file.
Software description
- libxfont
– X11 font rasterisation library
Details
Ilja van Sprundel, Alan Coopersmith, and William Robinet discovered that
libXfont incorrectly handled malformed bdf fonts. A local attacker could
use this issue to cause libXfont to crash, or possibly execute arbitrary
code in order to gain privileges.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 14.10:
-
libxfont1
1:1.4.99.901-1ubuntu0.1
- Ubuntu 14.04 LTS:
-
libxfont1
1:1.4.7-1ubuntu0.2
- Ubuntu 12.04 LTS:
-
libxfont1
1:1.4.4-1ubuntu0.3
- Ubuntu 10.04 LTS:
-
libxfont1
1:1.4.1-1ubuntu0.4
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to reboot your computer to make
all the necessary changes.