libXfont-1.4.5-5.AXS4
エラータID: AXSA:2015-460:01
Release date:
Wednesday, September 16, 2015 - 16:03
Subject:
libXfont-1.4.5-5.AXS4
Affected Channels:
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
High
Description:
The libXfont package provides the X.Org libXfont runtime library. X.Org is
an open source implementation of the X Window System.
Security issues fixed with this release:
CVE-2015-1802
CVE-2015-1803
CVE-2015-1804
Solution:
Update package.
CVEs:
CVE-2015-1802
The bdfReadProperties function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 allows remote authenticated users to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a (1) negative or (2) large property count in a BDF font file.
The bdfReadProperties function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 allows remote authenticated users to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a (1) negative or (2) large property count in a BDF font file.
CVE-2015-1803
The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly handle character bitmaps it cannot read, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a crafted BDF font file.
The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly handle character bitmaps it cannot read, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a crafted BDF font file.
CVE-2015-1804
The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly perform type conversion for metrics values, which allows remote authenticated users to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via a crafted BDF font file.
The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly perform type conversion for metrics values, which allows remote authenticated users to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via a crafted BDF font file.
Additional Info:
N/A
Download:
SRPMS
- libXfont-1.4.5-5.AXS4.src.rpm
MD5: 27e4ea653d2b936ca1ca545cea2d1511
SHA-256: f205a8d2bd8a25e398973a5e9f123a3d022847fccdbe946b9b3c1fb5d22b899f
Size: 489.01 kB
Asianux Server 4 for x86
- libXfont-1.4.5-5.AXS4.i686.rpm
MD5: 4a61265f0e6db4dd3fbdab0e53edba89
SHA-256: 0d818ee2606c9da34c510823d9b2a633017c15aad3e8b89b7eebfa21c6ded12d
Size: 144.59 kB
Asianux Server 4 for x86_64
- libXfont-1.4.5-5.AXS4.x86_64.rpm
MD5: 640d2c1aa0b11af7b0771865b40ce067
SHA-256: 8dbf7dfa7d01f96497f8d746b0be1dc6658e3222e63c5f1e4d353cb991e9e04f
Size: 136.22 kB
日本語