Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2014-0278)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2014.0278

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2014-0278)

Resumen: The remote host is missing an update for the 'libxfont' package(s) announced via the MGASA-2014-0278 advisory.

Descripción: Summary:
The remote host is missing an update for the 'libxfont' package(s) announced via the MGASA-2014-0278 advisory.

Vulnerability Insight:
Ilja van Sprundel discovered that libXfont incorrectly handled font
metadata file parsing. A local attacker could use this issue to cause
libXfont to crash, or possibly execute arbitrary code in order to gain
privileges (CVE-2014-0209).

Ilja van Sprundel discovered that libXfont incorrectly handled X Font
Server replies. A malicious font server could return specially-crafted
data that could cause libXfont to crash, or possibly execute arbitrary
code (CVE-2014-0210, CVE-2014-0211).

Affected Software/OS:
'libxfont' package(s) on Mageia 3, Mageia 4.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-0209
BugTraq ID: 67382
http://www.securityfocus.com/bid/67382
Bugtraq: 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/534161/100/0/threaded
Debian Security Information: DSA-2927 (Google Search)
http://www.debian.org/security/2014/dsa-2927
http://seclists.org/fulldisclosure/2014/Dec/23
http://www.mandriva.com/security/advisories?name=MDVSA-2015:145
http://lists.x.org/archives/xorg-announce/2014-May/002431.html
RedHat Security Advisories: RHSA-2014:1893
http://rhn.redhat.com/errata/RHSA-2014-1893.html
http://secunia.com/advisories/59154
SuSE Security Announcement: openSUSE-SU-2014:0711 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-05/msg00073.html
http://www.ubuntu.com/usn/USN-2211-1
Common Vulnerability Exposure (CVE) ID: CVE-2014-0210
Common Vulnerability Exposure (CVE) ID: CVE-2014-0211

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2014.0278
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2014-0278)
Resumen:	The remote host is missing an update for the 'libxfont' package(s) announced via the MGASA-2014-0278 advisory.
Descripción:	Summary: The remote host is missing an update for the 'libxfont' package(s) announced via the MGASA-2014-0278 advisory. Vulnerability Insight: Ilja van Sprundel discovered that libXfont incorrectly handled font metadata file parsing. A local attacker could use this issue to cause libXfont to crash, or possibly execute arbitrary code in order to gain privileges (CVE-2014-0209). Ilja van Sprundel discovered that libXfont incorrectly handled X Font Server replies. A malicious font server could return specially-crafted data that could cause libXfont to crash, or possibly execute arbitrary code (CVE-2014-0210, CVE-2014-0211). Affected Software/OS: 'libxfont' package(s) on Mageia 3, Mageia 4. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-0209 BugTraq ID: 67382 http://www.securityfocus.com/bid/67382 Bugtraq: 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/534161/100/0/threaded Debian Security Information: DSA-2927 (Google Search) http://www.debian.org/security/2014/dsa-2927 http://seclists.org/fulldisclosure/2014/Dec/23 http://www.mandriva.com/security/advisories?name=MDVSA-2015:145 http://lists.x.org/archives/xorg-announce/2014-May/002431.html RedHat Security Advisories: RHSA-2014:1893 http://rhn.redhat.com/errata/RHSA-2014-1893.html http://secunia.com/advisories/59154 SuSE Security Announcement: openSUSE-SU-2014:0711 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-05/msg00073.html http://www.ubuntu.com/usn/USN-2211-1 Common Vulnerability Exposure (CVE) ID: CVE-2014-0210 Common Vulnerability Exposure (CVE) ID: CVE-2014-0211
Copyright	Copyright (C) 2022 Greenbone AG