Bug 3594 - [UPDATE REQUEST] [UPSTREAM UPDATE] libXfont
: [UPDATE REQUEST] [UPSTREAM UPDATE] libXfont
Status: RESOLVED FIXED
Product: Server Bugs
Classification: ROSA Server
Component: Main Packages
: unspecified
: All Linux
: Normal normal
: ---
Assigned To: Andrew Lukoshko
: ROSA Server Bugs
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-01-13 18:35 MSK by Andrew Lukoshko
Modified: 2014-01-16 06:11 MSK (History)
1 user (show)

See Also:
RPM Package:
ISO-related:
Bad POT generating:
Upstream:
vladimir.potapov: qa_verified+
vladimir.potapov: secteam_verified?


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andrew Lukoshko 2014-01-13 18:35:27 MSK
A stack-based buffer overflow flaw was found in the way the libXfont library parsed Glyph Bitmap Distribution Format (BDF) fonts. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. (CVE-2013-6462)

http://rhn.redhat.com/errata/RHSA-2014-0018.html

https://abf.rosalinux.ru/build_lists/1513793
https://abf.rosalinux.ru/build_lists/1513794
Comment 1 Vladimir Potapov 2014-01-16 06:11:17 MSK
libXfont-1.4.5-3.res6
************************** RHEL Advisory **************************
A stack-based buffer overflow flaw was found in the way the libXfont library parsed Glyph Bitmap Distribution Format (BDF) fonts. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. (CVE-2013-6462)
*******************************************************************
QA Verified