diff options
| author | zeising <zeising@FreeBSD.org> | 2014-01-08 18:42:04 +0800 |
|---|---|---|
| committer | zeising <zeising@FreeBSD.org> | 2014-01-08 18:42:04 +0800 |
| commit | 4c5a0efb817c9ea2e12761696c47ceeab39a54c4 (patch) | |
| tree | 623bc4d80a1204ec8883718342a8679de36527b3 /security | |
| parent | c9e9072e006e0c6f5512c56e16c3cce34b6e6fd1 (diff) | |
| download | freebsd-ports-gnome-4c5a0efb817c9ea2e12761696c47ceeab39a54c4.tar.gz freebsd-ports-gnome-4c5a0efb817c9ea2e12761696c47ceeab39a54c4.tar.zst freebsd-ports-gnome-4c5a0efb817c9ea2e12761696c47ceeab39a54c4.zip | |
Update libXfont to 1.4.7
This is a security fix and it is important to update, since it might lead to
a privilege escalation if the X server is run as root (which is the default)
Security: CVE-2013-6462
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 109d6b87988b..83143a44a33f 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -51,6 +51,40 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="28c575fa-784e-11e3-8249-001cc0380077"> + <topic>libXfont -- Stack buffer overflow in parsing of BDF font files in libXfont</topic> + <affects> + <package> + <name>libXfont</name> + <range><lt>1.4.7,1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>freedesktop.org reports:</p> + <blockquote cite="http://lists.x.org/archives/xorg-announce/2014-January/002389.html"> + <p>A BDF font file containing a longer than expected string can cause + a buffer overflow on the stack. Testing in X servers built with + Stack Protector restulted in an immediate crash when reading a + user-proveded specially crafted font.</p> + <p>As libXfont is used to read user-specified font files in all X + servers distributed by X.Org, including the Xorg server which is + often run with root privileges or as setuid-root in order to access + hardware, this bug may lead to an unprivileged user acquiring root + privileges in some systems.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2013-6462</cvename> + <url>http://lists.x.org/archives/xorg-announce/2014-January/002389.html</url> + </references> + <dates> + <discovery>2013-12-24</discovery> + <entry>2014-01-08</entry> + </dates> + </vuln> + <vuln vid="5aaa257e-772d-11e3-a65a-3c970e169bc2"> <topic>openssl -- multiple vulnerabilities</topic> <affects> |