libXfont-1.4.5-5.AXS4

エラータID: AXSA:2015-460:01

リリース日: 
2015/09/16 Wednesday - 16:03
題名: 
libXfont-1.4.5-5.AXS4
影響のあるチャネル: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

* CVE-2015-1802:
The bdfReadProperties function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 allows remote authenticated users to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a (1) negative or (2) large property count in a BDF font file.

* CVE-2015-1803:
The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly handle character bitmaps it cannot read, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a crafted BDF font file.

* CVE-2015-1804:
The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly perform type conversion for metrics values, which allows remote authenticated users to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via a crafted BDF font file.

解決策: 

Update packages

CVE: 
CVE-2015-1802
The bdfReadProperties function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 allows remote authenticated users to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a (1) negative or (2) large property count in a BDF font file.
CVE-2015-1803
The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly handle character bitmaps it cannot read, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a crafted BDF font file.
CVE-2015-1804
The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly perform type conversion for metrics values, which allows remote authenticated users to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via a crafted BDF font file.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. libXfont-1.4.5-5.AXS4.src.rpm
    MD5: 27e4ea653d2b936ca1ca545cea2d1511
    SHA-256: f205a8d2bd8a25e398973a5e9f123a3d022847fccdbe946b9b3c1fb5d22b899f
    Size: 489.01 kB

Asianux Server 4 for x86
  1. libXfont-1.4.5-5.AXS4.i686.rpm
    MD5: 4a61265f0e6db4dd3fbdab0e53edba89
    SHA-256: 0d818ee2606c9da34c510823d9b2a633017c15aad3e8b89b7eebfa21c6ded12d
    Size: 144.59 kB

Asianux Server 4 for x86_64
  1. libXfont-1.4.5-5.AXS4.x86_64.rpm
    MD5: 640d2c1aa0b11af7b0771865b40ce067
    SHA-256: 8dbf7dfa7d01f96497f8d746b0be1dc6658e3222e63c5f1e4d353cb991e9e04f
    Size: 136.22 kB