- Detalji os-a: WN7
- Važnost: IMP
- Operativni sustavi: L
- Kategorije: LUB
==========================================================================
Ubuntu Security Notice USN-2211-1
May 14, 2014
libxfont vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 14.04 LTS
– Ubuntu 13.10
– Ubuntu 12.10
– Ubuntu 12.04 LTS
– Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in libXfont.
Software Description:
– libxfont: X11 font rasterisation library
Details:
Ilja van Sprundel discovered that libXfont incorrectly handled font
metadata file parsing. A local attacker could use this issue to cause
libXfont to crash, or possibly execute arbitrary code in order to gain
privileges. (CVE-2014-0209)
Ilja van Sprundel discovered that libXfont incorrectly handled X Font
Server replies. A malicious font server could return specially-crafted data
that could cause libXfont to crash, or possibly execute arbitrary code.
This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, Ubuntu 12.10
and Ubuntu 13.10. (CVE-2014-0210, CVE-2014-0211)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
libxfont1 1:1.4.7-1ubuntu0.1
Ubuntu 13.10:
libxfont1 1:1.4.6-1ubuntu0.2
Ubuntu 12.10:
libxfont1 1:1.4.5-2ubuntu0.12.10.2
Ubuntu 12.04 LTS:
libxfont1 1:1.4.4-1ubuntu0.2
Ubuntu 10.04 LTS:
libxfont1 1:1.4.1-1ubuntu0.3
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2211-1
CVE-2014-0209, CVE-2014-0210, CVE-2014-0211
Package Information:
https://launchpad.net/ubuntu/+source/libxfont/1:1.4.7-1ubuntu0.1
https://launchpad.net/ubuntu/+source/libxfont/1:1.4.6-1ubuntu0.2
https://launchpad.net/ubuntu/+source/libxfont/1:1.4.5-2ubuntu0.12.10.2
https://launchpad.net/ubuntu/+source/libxfont/1:1.4.4-1ubuntu0.2
https://launchpad.net/ubuntu/+source/libxfont/1:1.4.1-1ubuntu0.3
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird – http://www.enigmail.net/
iQIcBAEBCgAGBQJTc4FWAAoJEGVp2FWnRL6TNIEQAKYsZiuGQpSWEJcmwWkrCVql
CAhmNFcL7RkolBwcR9b5mp6trAc3Ix0jIAge0WYkC6sV3+JC1TgcPVKdB4blWUVf
i2n5cPwJcCtUv3mI/PfPrlAXJmIzwEJzzPtndaBKQYZKg87ApZ/Ey+UhiUBPE1Ly
VSf0My4cy/vZerF4bRXJ7EEun2sjEyoMcap7Cx3of89yGSMcAupD3ecC+gBfNbpN
oHQUCJzWj/X9ea+l5LKkUnXWq/Fnpm/JtdwfQd5u0LeWA81g2g2GLFpfMh7cOKXJ
7AzDuHlN9EJpLfgnUimNAgxtH5xqoAcxGnfcfEV0MO9MHyhIY74qTRd/CJTon/Sq
u4M4CLGTHTE/fz0vHWWv/2OxzNOzvTSpuhZyhhcH3qr4k85lEY/N5H9qm0Mpk/Ra
a+sAaxIsirdHWPSVc3ijBjaNjEcS0V9ctugqoeZgAyWkM+KNxDYXanbE26NxPl7q
DXJ1Q0tiahK1eRfAKWB6q9q1h/wY8dZ3UKZg3POg1Wraffh1zP2sNBhham0eq3SB
ePKoCutNnzo2Sagg2px12S9w1yFi7v/YV+Q48LPsfKXHnhtJoEe2HU1Cyu3JPtau
7macLFsC1INgq5q+jKpo352TiKu3iE4IWmDpaeJy37hcPk1bQSAnREzXzTj4yWvc
4nX+Rp/pcszOVP9ZvA8w
=df2d
—–END PGP SIGNATURE—–
—
| Autor | Marijo Plepelic |
| Cert id | NCERT-REF-2014-05-0020-ADV |
| Cve | CERT-CVE-DUMMY |
| ID izvornika | CERT-ORIGID-DUMMY |
| Proizvod | CERT-DUMMY-PRODUCT |
| Izvor | http://www.adobe.com/ |
