Sigurnosni nedostatak programskog paketa libxfont

Preporuke

by ncert - 8. siječnja 2014.8. siječnja 2014.0

Detalji os-a: WN7
Važnost: IMP
Operativni sustavi: L
Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-2078-1
January 07, 2014

libxfont vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 13.10
– Ubuntu 13.04
– Ubuntu 12.10
– Ubuntu 12.04 LTS
– Ubuntu 10.04 LTS

Summary:

libXfont could be made to crash or run programs as an administrator if it
opened a specially crafted font file.

Software Description:
– libxfont: X11 font rasterisation library

Details:

It was discovered that libXfont incorrectly handled certain malformed BDF
fonts. An attacker could use a specially crafted font file to cause
libXfont to crash, or possibly execute arbitrary code in order to gain
privileges. The default compiler options for affected releases should
reduce the vulnerability to a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 13.10:
libxfont1 1:1.4.6-1ubuntu0.1

Ubuntu 13.04:
libxfont1 1:1.4.5-2ubuntu0.13.04.1

Ubuntu 12.10:
libxfont1 1:1.4.5-2ubuntu0.12.10.1

Ubuntu 12.04 LTS:
libxfont1 1:1.4.4-1ubuntu0.1

Ubuntu 10.04 LTS:
libxfont1 1:1.4.1-1ubuntu0.2

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2078-1
CVE-2013-6462

Package Information:
https://launchpad.net/ubuntu/+source/libxfont/1:1.4.6-1ubuntu0.1
https://launchpad.net/ubuntu/+source/libxfont/1:1.4.5-2ubuntu0.13.04.1
https://launchpad.net/ubuntu/+source/libxfont/1:1.4.5-2ubuntu0.12.10.1
https://launchpad.net/ubuntu/+source/libxfont/1:1.4.4-1ubuntu0.1
https://launchpad.net/ubuntu/+source/libxfont/1:1.4.1-1ubuntu0.2

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird – http://www.enigmail.net/

iQIcBAEBCgAGBQJSzEz0AAoJEGVp2FWnRL6TNtMP/AkNG7/4R+hntyLKXuLpQMfu
wloldok1XDdpVHUq541J06Hz380IIT6kb1VmtkIpSG25BJtcUzfzPJdIXls0piPz
y9G//a/OlH9dTHWb/cIb45UlaPJhGyJ/Q3w0ckS7bxulKpvDvOVeAkL1DyH5yEJn
PJx+7MtCysBvwFXr1EIQymbCNYAghCwaMGFsTH/W1w+8qianFZyIXdflHQIhBq7X
XDu2fXF31k8jynm1rZ4dzYtD4VC79ETtXJAQOG6p0SXKdfGpdov/eE+21/lK42uD
0Eu+n6ahY4kPyutLR1erl3wf6h3sxlrMtj42ixxKDOw6MML3BfssaUgXlxjILRu1
dBlBVBolZqnNFyGLfgG/p1o0hH6kbm5CK9Q2rQAVf0J76U2bab3+IvPiWQuRCQ2f
zVGRCnpBfQD11Lef+SERWW1FJnTQfZbz3DjJF3uBulFVFaQY4miKfKcSubhOTBSj
Xf4dZzCikT1otkoGLJxCLC4amDdVqzqIQtwC0BRVyzN7MG6j0nczkvSj7t9YuX34
Pg/ZM/DpItthYEgZH75u6fFo9N4ATH59omFrwYbXb5Gc4tnOS93eFd9SPQWW6BM+
GJZlTvRona+Bm5LVuiHFGMUQIVma1NfmEKLjBC2Os6THrZL36VRdg0xf74DcJVF5
SgK9Juf1VmbiwaVn+6lv
=ktrb
—–END PGP SIGNATURE—–
—

Autor	Marijo Plepelic
Cert id	NCERT-REF-2014-01-0004-ADV
Cve	CERT-CVE-DUMMY
ID izvornika	CERT-ORIGID-DUMMY
Proizvod	CERT-DUMMY-PRODUCT
Izvor	http://www.adobe.com/

Sigurnosni nedostatak programskog paketa libxfont

Archives

More in Preporuke

Ranjivost programskog paketa ruby193-ruby