[ MDVSA-2015:145 ] libxfont

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:145
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : libxfont
 Date    : March 29, 2015
 Affected: Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Updated libxfont packages fix security vulnerabilities:
 
 Ilja van Sprundel discovered that libXfont incorrectly handled font
 metadata file parsing. A local attacker could use this issue to cause
 libXfont to crash, or possibly execute arbitrary code in order to
 gain privileges (CVE-2014-0209).
 
 Ilja van Sprundel discovered that libXfont incorrectly handled X Font
 Server replies. A malicious font server could return specially-crafted
 data that could cause libXfont to crash, or possibly execute arbitrary
 code (CVE-2014-02

Leave a Reply