diff options
| author | kwm <kwm@FreeBSD.org> | 2015-03-18 17:07:05 +0800 |
|---|---|---|
| committer | kwm <kwm@FreeBSD.org> | 2015-03-18 17:07:05 +0800 |
| commit | 73e0f3882a8e19484cd9ebee1576b960bc0264cf (patch) | |
| tree | ea09cbda367330d930dfba4cce936a75a2503403 /security/vuxml | |
| parent | 29f7f9d95078c542fa1a52a3043f793a9ddf8ca1 (diff) | |
| download | freebsd-ports-gnome-73e0f3882a8e19484cd9ebee1576b960bc0264cf.tar.gz freebsd-ports-gnome-73e0f3882a8e19484cd9ebee1576b960bc0264cf.tar.zst freebsd-ports-gnome-73e0f3882a8e19484cd9ebee1576b960bc0264cf.zip | |
Record new libXfont security issues.
Diffstat (limited to 'security/vuxml')
| -rw-r--r-- | security/vuxml/vuln.xml | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index f1c69be96f1f..2e24ca33314f 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -57,6 +57,49 @@ Notes: --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="f7d79fac-cd49-11e4-898f-bcaec565249c"> + <topic>libXfont -- BDF parsing issues</topic> + <affects> + <package> + <name>libXfont</name> + <range><lt>1.5.1</lt></range> + </package> + <package> + <name>libXfont</name> + <range><ge>1.4.99</ge><lt>1.5.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Alan Coopersmith reports:</p> + <blockquote cite="http://lists.x.org/archives/xorg-announce/2015-March/002550.html"> + <p>Ilja van Sprundel, a security researcher with IOActive, has + discovered an issue in the parsing of BDF font files by libXfont. + Additional testing by Alan Coopersmith and William Robinet with + the American Fuzzy Lop (afl) tool uncovered two more issues in + the parsing of BDF font files.</p> + + <p>As libXfont is used by the X server to read font files, and an + unprivileged user with access to the X server can tell the X + server to read a given font file from a path of their choosing, + these vulnerabilities have the potential to allow unprivileged + users to run code with the privileges of the X server + (often root access).</p> + </blockquote> + </body> + </description> + <references> + <url>http://lists.x.org/archives/xorg-announce/2015-March/002550.html</url> + <cvename>CVE-2015-1802</cvename> + <cvename>CVE-2015-1803</cvename> + <cvename>CVE-2015-1804</cvename> + </references> + <dates> + <discovery>2015-03-17</discovery> + <entry>2015-03-18</entry> + </dates> + </vuln> + <vuln vid="8b3ecff5-c9b2-11e4-b71f-00bd5af88c00"> <topic>Adobe Flash Player -- critical vulnerabilities</topic> <affects> |