Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.871447
Category:Red Hat Local Security Checks
Title:RedHat Update for libXfont RHSA-2015:1708-01
Summary:The remote host is missing an update for the 'libXfont'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'libXfont'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The libXfont package provides the X.Org libXfont runtime library. X.Org is
an open source implementation of the X Window System.

An integer overflow flaw was found in the way libXfont processed certain
Glyph Bitmap Distribution Format (BDF) fonts. A malicious, local user could
use this flaw to crash the X.Org server or, potentially, execute arbitrary
code with the privileges of the X.Org server. (CVE-2015-1802)

An integer truncation flaw was discovered in the way libXfont processed
certain Glyph Bitmap Distribution Format (BDF) fonts. A malicious, local
user could use this flaw to crash the X.Org server or, potentially, execute
arbitrary code with the privileges of the X.Org server. (CVE-2015-1804)

A NULL pointer dereference flaw was discovered in the way libXfont
processed certain Glyph Bitmap Distribution Format (BDF) fonts.
A malicious, local user could use this flaw to crash the X.Org server.
(CVE-2015-1803)

All libXfont users are advised to upgrade to this updated package, which
contains backported patches to correct these issues.

Affected Software/OS:
libXfont on Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Server (v. 7),
Red Hat Enterprise Linux Workstation (v. 6)

Solution:
Please Install the Updated Packages.

CVSS Score:
8.5

CVSS Vector:
AV:N/AC:M/Au:S/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2015-1802
BugTraq ID: 73277
http://www.securityfocus.com/bid/73277
Debian Security Information: DSA-3194 (Google Search)
http://www.debian.org/security/2015/dsa-3194
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152497.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152838.html
https://security.gentoo.org/glsa/201507-21
http://www.mandriva.com/security/advisories?name=MDVSA-2015:145
http://www.x.org/wiki/Development/Security/Advisory-2015-03-17/
RedHat Security Advisories: RHSA-2015:1708
http://rhn.redhat.com/errata/RHSA-2015-1708.html
http://www.securitytracker.com/id/1031935
SuSE Security Announcement: SUSE-SU-2015:0674 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00002.html
SuSE Security Announcement: SUSE-SU-2015:0702 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00005.html
SuSE Security Announcement: openSUSE-SU-2015:0614 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00032.html
http://www.ubuntu.com/usn/USN-2536-1
Common Vulnerability Exposure (CVE) ID: CVE-2015-1803
BugTraq ID: 73280
http://www.securityfocus.com/bid/73280
Common Vulnerability Exposure (CVE) ID: CVE-2015-1804
BugTraq ID: 73279
http://www.securityfocus.com/bid/73279
SuSE Security Announcement: openSUSE-SU-2015:2300 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-12/msg00074.html
CopyrightCopyright (C) 2015 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.