Path to this page:
Subject: CVS commit: pkgsrc/emulators/suse131_x11
From: OBATA Akio
Date: 2014-05-23 15:18:56
Message id: 20140523131856.C0A7896@cvs.netbsd.org
Log Message:
Apply openSUSE Security Update: openSUSE-SU-2014:0711-1
libXfont: Fixed multiple vulnerabilities
An update that fixes three vulnerabilities is now available.
Description:
libxfont was updated to fix multiple vulnerabilities:
- Integer overflow of allocations in font metadata file parsing
(CVE-2014-0209).
- Unvalidated length fields when parsing xfs protocol replies
(CVE-2014-0210).
- Integer overflows calculating memory needs for xfs replies
(CVE-2014-0211).
These vulnerabilities could be used by a local, authenticated user to
raise privileges
or by a remote attacker with control of the font server to execute code
with the privileges of the X server.
Files: