Important CentOS libXfont Security Update

Metadata

high
8.5
libXfont-1.4.5-5.el6_7.i686.rpm, libXfont-1.4.5-5.el6_7.src.rpm, libXfont-1.4.5-5.el6_7.x86_64.rpm, libXfont-1.4.7-3.el7_1.i686.rpm, libXfont-1.4.7-3.el7_1.src.rpm, libXfont-1.4.7-3.el7_1.x86_64.rpm, libXfont-devel-1.4.5-5.el6_7.i686.rpm, libXfont-devel-1.4.5-5.el6_7.x86_64.rpm, libXfont-devel-1.4.7-3.el7_1.i686.rpm, libXfont-devel-1.4.7-3.el7_1.x86_64.rpm
CVE-2015-1802, CVE-2015-1803, CVE-2015-1804
rhn.redhat.com, lists.centos.org, lists.centos.org
2015-09-03
2017-07-27 19:09
ALAS-2015-597
CVE-2015-1802 libxfont
CVE-2015-1804 libxfont
CVE-2015-1803 libxfont
CVE-2015-1803
CVE-2015-1804
CVE-2015-1802
2017-04-01 19:09
2017-01-05 20:13

Description


An updated libXfont package that fixes three security issues is now
available for Red Hat Enterprise Linux 6 and 7.

Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

The libXfont package provides the X.Org libXfont runtime library. X.Org is
an open source implementation of the X Window System.

An integer overflow flaw was found in the way libXfont processed certain
Glyph Bitmap Distribution Format (BDF) fonts. A malicious, local user could
use this flaw to crash the X.Org server or, potentially, execute arbitrary
code with the privileges of the X.Org server. (CVE-2015-1802)

An integer truncation flaw was discovered in the way libXfont processed
certain Glyph Bitmap Distribution Format (BDF) fonts. A malicious, local
user could use this flaw to crash the X.Org server or, potentially, execute
arbitrary code with the privileges of the X.Org server. (CVE-2015-1804)

A NULL pointer dereference flaw was discovered in the way libXfont
processed certain Glyph Bitmap Distribution Format (BDF) fonts.
A malicious, local user could use this flaw to crash the X.Org server.
(CVE-2015-1803)

All libXfont users are advised to upgrade to this updated package, which
contains backported patches to correct these issues.
Please see https://www.redhat.com/footer/terms-of-use.html

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
6 libXfont libXfont-1.4.5-5.el6_7.i686.rpm
libXfont libXfont-1.4.5-5.el6_7.src.rpm
libXfont libXfont-1.4.5-5.el6_7.x86_64.rpm
libXfont-devel libXfont-devel-1.4.5-5.el6_7.i686.rpm
libXfont-devel libXfont-devel-1.4.5-5.el6_7.x86_64.rpm
7 libXfont libXfont-1.4.7-3.el7_1.x86_64.rpm
libXfont libXfont-1.4.7-3.el7_1.i686.rpm
libXfont libXfont-1.4.7-3.el7_1.src.rpm
libXfont-devel libXfont-devel-1.4.7-3.el7_1.i686.rpm
libXfont-devel libXfont-devel-1.4.7-3.el7_1.x86_64.rpm