CentOS Local Security Checks : CentOS Update for libXfont CESA-2014:0018 centos5

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.881860

Categoría: CentOS Local Security Checks

Título: CentOS Update for libXfont CESA-2014:0018 centos5

Resumen: The remote host is missing an update for the 'libXfont'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'libXfont'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The libXfont packages provide the X.Org libXfont runtime library. X.Org is
an open source implementation of the X Window System.

A stack-based buffer overflow flaw was found in the way the libXfont
library parsed Glyph Bitmap Distribution Format (BDF) fonts. A malicious,
local user could exploit this issue to potentially execute arbitrary code
with the privileges of the X.Org server. (CVE-2013-6462)

Users of libXfont should upgrade to these updated packages, which contain
a backported patch to resolve this issue. All running X.Org server
instances must be restarted for the update to take effect.

Affected Software/OS:
libXfont on CentOS 5

Solution:
Please install the updated packages.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2013-6462
BugTraq ID: 64694
http://www.securityfocus.com/bid/64694
Debian Security Information: DSA-2838 (Google Search)
http://www.debian.org/security/2014/dsa-2838
http://seclists.org/oss-sec/2014/q1/33
http://lists.x.org/archives/xorg-announce/2014-January/002389.html
http://osvdb.org/101842
RedHat Security Advisories: RHSA-2014:0018
http://rhn.redhat.com/errata/RHSA-2014-0018.html
http://secunia.com/advisories/56240
http://secunia.com/advisories/56336
http://secunia.com/advisories/56357
http://secunia.com/advisories/56371
SuSE Security Announcement: openSUSE-SU-2014:0073 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-01/msg00050.html
SuSE Security Announcement: openSUSE-SU-2014:0075 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-01/msg00052.html
http://www.ubuntu.com/usn/USN-2078-1
XForce ISS Database: libxfont-cve20136462-bo(90123)
https://exchange.xforce.ibmcloud.com/vulnerabilities/90123

Copyright Copyright (C) 2014 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.881860
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for libXfont CESA-2014:0018 centos5
Resumen:	The remote host is missing an update for the 'libXfont'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'libXfont' package(s) announced via the referenced advisory. Vulnerability Insight: The libXfont packages provide the X.Org libXfont runtime library. X.Org is an open source implementation of the X Window System. A stack-based buffer overflow flaw was found in the way the libXfont library parsed Glyph Bitmap Distribution Format (BDF) fonts. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. (CVE-2013-6462) Users of libXfont should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running X.Org server instances must be restarted for the update to take effect. Affected Software/OS: libXfont on CentOS 5 Solution: Please install the updated packages. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2013-6462 BugTraq ID: 64694 http://www.securityfocus.com/bid/64694 Debian Security Information: DSA-2838 (Google Search) http://www.debian.org/security/2014/dsa-2838 http://seclists.org/oss-sec/2014/q1/33 http://lists.x.org/archives/xorg-announce/2014-January/002389.html http://osvdb.org/101842 RedHat Security Advisories: RHSA-2014:0018 http://rhn.redhat.com/errata/RHSA-2014-0018.html http://secunia.com/advisories/56240 http://secunia.com/advisories/56336 http://secunia.com/advisories/56357 http://secunia.com/advisories/56371 SuSE Security Announcement: openSUSE-SU-2014:0073 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-01/msg00050.html SuSE Security Announcement: openSUSE-SU-2014:0075 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-01/msg00052.html http://www.ubuntu.com/usn/USN-2078-1 XForce ISS Database: libxfont-cve20136462-bo(90123) https://exchange.xforce.ibmcloud.com/vulnerabilities/90123
Copyright	Copyright (C) 2014 Greenbone AG