Oval Definition:oval:com.redhat.rhsa:def:20151708
Revision Date:2015-09-03Version:636
Title:RHSA-2015:1708: libXfont security update (Important)
Description:The libXfont package provides the X.Org libXfont runtime library. X.Org is an open source implementation of the X Window System.

  • An integer overflow flaw was found in the way libXfont processed certain Glyph Bitmap Distribution Format (BDF) fonts. A malicious, local user could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with the privileges of the X.Org server. (CVE-2015-1802)

  • An integer truncation flaw was discovered in the way libXfont processed certain Glyph Bitmap Distribution Format (BDF) fonts. A malicious, local user could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with the privileges of the X.Org server. (CVE-2015-1804)

  • A NULL pointer dereference flaw was discovered in the way libXfont processed certain Glyph Bitmap Distribution Format (BDF) fonts. A malicious, local user could use this flaw to crash the X.Org server. (CVE-2015-1803)

    All libXfont users are advised to upgrade to this updated package, which contains backported patches to correct these issues.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2015-1802
    CVE-2015-1803
    CVE-2015-1804
    RHSA-2015:1708
    RHSA-2015:1708-00
    RHSA-2015:1708-01
    Platform(s):Red Hat Enterprise Linux 6
    Red Hat Enterprise Linux 7
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 6 is installed
  • AND
  • libXfont is earlier than 0:1.4.5-5.el6_7
  • AND libXfont is signed with Red Hat redhatrelease2 key
  • libXfont-devel is earlier than 0:1.4.5-5.el6_7
  • AND libXfont-devel is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 7 is installed
  • AND
  • libXfont is earlier than 0:1.4.7-3.el7_1
  • AND libXfont is signed with Red Hat redhatrelease2 key
  • libXfont-devel is earlier than 0:1.4.7-3.el7_1
  • AND libXfont-devel is signed with Red Hat redhatrelease2 key
    • Definition Synopsis
  • Release Information
  • Red Hat Enterprise Linux 6 Client is installed
  • OR Red Hat Enterprise Linux 6 Server is installed
  • OR Red Hat Enterprise Linux 6 Workstation is installed
  • OR Red Hat Enterprise Linux 6 ComputeNode is installed
  • AND
  • libXfont is earlier than 0:1.4.5-5.el6_7
  • AND libXfont is signed with Red Hat redhatrelease2 key
  • libXfont-devel is earlier than 0:1.4.5-5.el6_7
  • AND libXfont-devel is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 7 Client is installed
  • OR Red Hat Enterprise Linux 7 Server is installed
  • OR Red Hat Enterprise Linux 7 Workstation is installed
  • OR Red Hat Enterprise Linux 7 ComputeNode is installed
  • AND
  • libXfont is earlier than 0:1.4.7-3.el7_1
  • AND libXfont is signed with Red Hat redhatrelease2 key
  • libXfont-devel is earlier than 0:1.4.7-3.el7_1
  • AND libXfont-devel is signed with Red Hat redhatrelease2 key
    • BACK