Oval Definition:oval:org.opensuse.security:def:55494
Revision Date:2020-12-01Version:1
Title:Security update for libXfont (Important)
Description:



LibXFont was updated to fix security problems.

Following security issues were fixed: - CVE-2015-1802: The bdf parser reads a count for the number of properties defined in a font from the font file, and allocates arrays with entries for each property based on that count. It never checked to see if that count was negative, or large enough to overflow when multiplied by the size of the structures being allocated, and could thus allocate the wrong buffer size, leading to out of bounds writes.

- CVE-2015-1803: If the bdf parser failed to parse the data for the bitmap for any character, it would proceed with an invalid pointer to the bitmap data and later crash when trying to read the bitmap from that pointer.

- CVE-2015-1804: The bdf parser read metrics values as 32-bit integers, but stored them into 16-bit integers. Overflows could occur in various operations leading to out-of-bounds memory access.
Family:unixClass:patch
Status:Reference(s):1000396
1001299
1001759
1013721
1013732
1017902
1049483
1052311
1052368
1061599
1107116
1107121
1111331
1114674
1117951
1135273
1137001
792444
898812
898884
914463
918995
918998
919341
919464
921978
922705
922706
CVE-2009-0793
CVE-2012-5611
CVE-2012-5612
CVE-2012-5613
CVE-2012-5615
CVE-2013-4276
CVE-2013-6473
CVE-2013-6474
CVE-2013-6475
CVE-2013-6476
CVE-2014-2707
CVE-2014-4336
CVE-2014-4337
CVE-2014-4338
CVE-2014-6277
CVE-2014-6278
CVE-2015-0311
CVE-2015-1802
CVE-2015-1803
CVE-2015-1804
CVE-2015-2044
CVE-2015-2045
CVE-2015-2151
CVE-2015-2265
CVE-2015-2756
CVE-2015-3258
CVE-2015-3279
CVE-2016-0634
CVE-2016-0753
CVE-2016-10109
CVE-2016-7543
CVE-2016-9800
CVE-2016-9801
CVE-2017-1000112
CVE-2017-7533
CVE-2018-12126
CVE-2018-12127
CVE-2018-12130
CVE-2018-16428
CVE-2018-16429
CVE-2018-18311
CVE-2019-11091
CVE-2019-12450
SUSE-SU-2015:0702-1
SUSE-SU-2015:0747-1
SUSE-SU-2016:2872-1
SUSE-SU-2017:0286-1
SUSE-SU-2017:2042-1
SUSE-SU-2017:2424-1
SUSE-SU-2018:4188-1
SUSE-SU-2019:0512-1
SUSE-SU-2019:1347-1
SUSE-SU-2019:1722-1
SUSE-SU-2019:2264-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.1
SUSE Linux Enterprise Desktop 11 SP2
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Desktop 12 SP4
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE OpenStack Cloud 6
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND Package Information
  • bash-4.4-lp150.7 is installed
  • OR bash-doc-4.4-lp150.7 is installed
  • OR bash-lang-4.4-lp150.7 is installed
  • OR libreadline7-7.0-lp150.7 is installed
  • OR readline-doc-7.0-lp150.7 is installed
    • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • bluez-5.48-lp151.8.3 is installed
  • OR bluez-auto-enable-devices-5.48-lp151.8.3 is installed
  • OR bluez-cups-5.48-lp151.8.3 is installed
  • OR bluez-devel-5.48-lp151.8.3 is installed
  • OR bluez-devel-32bit-5.48-lp151.8.3 is installed
  • OR bluez-test-5.48-lp151.8.3 is installed
  • OR libbluetooth3-5.48-lp151.8.3 is installed
  • OR libbluetooth3-32bit-5.48-lp151.8.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP2 is installed
  • AND Package Information
  • libmysqlclient15-5.0.96-0.6 is installed
  • OR libmysqlclient15-32bit-5.0.96-0.6 is installed
  • OR libmysqlclient_r15-5.0.96-0.6 is installed
  • OR libmysqlclient_r15-32bit-5.0.96-0.6 is installed
  • OR mysql-5.0.96-0.6 is installed
  • OR mysql-client-5.0.96-0.6 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP3 is installed
  • AND Package Information
  • xen-4.2.5_04-0.9 is installed
  • OR xen-doc-html-4.2.5_04-0.9 is installed
  • OR xen-doc-pdf-4.2.5_04-0.9 is installed
  • OR xen-kmp-default-4.2.5_04_3.0.101_0.47.52-0.9 is installed
  • OR xen-kmp-pae-4.2.5_04_3.0.101_0.47.52-0.9 is installed
  • OR xen-libs-4.2.5_04-0.9 is installed
  • OR xen-libs-32bit-4.2.5_04-0.9 is installed
  • OR xen-tools-4.2.5_04-0.9 is installed
  • OR xen-tools-domU-4.2.5_04-0.9 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 is installed
  • AND Package Information
  • libXfont-1.4.7-4 is installed
  • OR libXfont1-1.4.7-4 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP3 is installed
  • AND Package Information
  • glib2-2.48.2-12.12 is installed
  • OR glib2-lang-2.48.2-12.12 is installed
  • OR glib2-tools-2.48.2-12.12 is installed
  • OR libgio-2_0-0-2.48.2-12.12 is installed
  • OR libgio-2_0-0-32bit-2.48.2-12.12 is installed
  • OR libgio-fam-2.48.2-12.12 is installed
  • OR libglib-2_0-0-2.48.2-12.12 is installed
  • OR libglib-2_0-0-32bit-2.48.2-12.12 is installed
  • OR libgmodule-2_0-0-2.48.2-12.12 is installed
  • OR libgmodule-2_0-0-32bit-2.48.2-12.12 is installed
  • OR libgobject-2_0-0-2.48.2-12.12 is installed
  • OR libgobject-2_0-0-32bit-2.48.2-12.12 is installed
  • OR libgthread-2_0-0-2.48.2-12.12 is installed
  • OR libgthread-2_0-0-32bit-2.48.2-12.12 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP4 is installed
  • AND Package Information
  • bluez-5.13-5.7 is installed
  • OR bluez-cups-5.13-5.7 is installed
  • OR libbluetooth3-5.13-5.7 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1 is installed
  • AND Package Information
  • cups-filters-1.0.58-8 is installed
  • OR cups-filters-cups-browsed-1.0.58-8 is installed
  • OR cups-filters-foomatic-rip-1.0.58-8 is installed
  • OR cups-filters-ghostscript-1.0.58-8 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1-LTSS is installed
  • AND Package Information
  • kernel-default-3.12.74-60.64.51 is installed
  • OR kernel-default-base-3.12.74-60.64.51 is installed
  • OR kernel-default-devel-3.12.74-60.64.51 is installed
  • OR kernel-default-man-3.12.74-60.64.51 is installed
  • OR kernel-devel-3.12.74-60.64.51 is installed
  • OR kernel-macros-3.12.74-60.64.51 is installed
  • OR kernel-source-3.12.74-60.64.51 is installed
  • OR kernel-syms-3.12.74-60.64.51 is installed
  • OR kernel-xen-3.12.74-60.64.51 is installed
  • OR kernel-xen-base-3.12.74-60.64.51 is installed
  • OR kernel-xen-devel-3.12.74-60.64.51 is installed
  • OR kgraft-patch-3_12_74-60_64_51-default-1-2 is installed
  • OR kgraft-patch-3_12_74-60_64_51-xen-1-2 is installed
  • OR kgraft-patch-SLE12-SP1_Update_18-1-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND Package Information
  • gpg2-2.0.24-3 is installed
  • OR gpg2-lang-2.0.24-3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND Package Information
  • bash-4.3-83.23 is installed
  • OR bash-doc-4.3-83.23 is installed
  • OR libreadline6-6.3-83.23 is installed
  • OR libreadline6-32bit-6.3-83.23 is installed
  • OR readline-doc-6.3-83.23 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND Package Information
  • libssh2-1-1.4.3-20.9 is installed
  • OR libssh2-1-32bit-1.4.3-20.9 is installed
  • OR libssh2_org-1.4.3-20.9 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-LTSS is installed
  • AND ucode-intel-20180425-13.20 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND Package Information
  • giflib-progs-5.0.5-12 is installed
  • OR libgif6-5.0.5-12 is installed
  • OR libgif6-32bit-5.0.5-12 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-BCL is installed
  • AND Package Information
  • libpython3_4m1_0-3.4.6-25.29 is installed
  • OR python3-3.4.6-25.29 is installed
  • OR python3-base-3.4.6-25.29 is installed
  • OR python3-curses-3.4.6-25.29 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND Package Information
  • ghostscript-9.27-23.31 is installed
  • OR ghostscript-x11-9.27-23.31 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND Package Information
  • ceph-12.2.7+git.1531910353.c0ef85b854-2.12 is installed
  • OR ceph-common-12.2.7+git.1531910353.c0ef85b854-2.12 is installed
  • OR libcephfs2-12.2.7+git.1531910353.c0ef85b854-2.12 is installed
  • OR librados2-12.2.7+git.1531910353.c0ef85b854-2.12 is installed
  • OR libradosstriper1-12.2.7+git.1531910353.c0ef85b854-2.12 is installed
  • OR librbd1-12.2.7+git.1531910353.c0ef85b854-2.12 is installed
  • OR librgw2-12.2.7+git.1531910353.c0ef85b854-2.12 is installed
  • OR python-cephfs-12.2.7+git.1531910353.c0ef85b854-2.12 is installed
  • OR python-rados-12.2.7+git.1531910353.c0ef85b854-2.12 is installed
  • OR python-rbd-12.2.7+git.1531910353.c0ef85b854-2.12 is installed
  • OR python-rgw-12.2.7+git.1531910353.c0ef85b854-2.12 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND apache2-mod_jk-1.2.40-5 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 6 is installed
  • AND ruby2.1-rubygem-activemodel-4_2-4.2.2-5 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND Package Information
  • grafana-4.5.1-1.8 is installed
  • OR kafka-0.10.2.2-5 is installed
  • OR logstash-2.4.1-5 is installed
  • OR monasca-installer-20180608_12.47-9 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 8 is installed
  • AND ucode-intel-20191112a-13.56 is installed
    • BACK