Executive Summary

Summary
Title libXfont: Multiple vulnerabilities
Informations
Name GLSA-201402-23 First vendor Publication 2014-02-21
Vendor Gentoo Last vendor Modification 2014-02-21
Severity (Vendor) High Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

Multiple vulnerabilities have been found in libXfont, the worst of which allow for local privilege escalation.

Background

libXfont is an X11 font rasterisation library.

Description

Multiple vulnerabilities have been discovered in libXfont. Please review the CVE identifiers referenced below for details.

Impact

A local attacker could use a specially crafted file to gain privileges or cause a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All libXfont users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-libs/libXfont-1.4.7 "

References

[ 1 ] CVE-2011-2895 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2895
[ 2 ] CVE-2013-6462 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6462

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201402-23.xml

Original Source

Url : http://security.gentoo.org/glsa/glsa-201402-23.xml

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:14612
 
Oval ID: oval:org.mitre.oval:def:14612
Title: USN-1191-1 -- libXfont vulnerability
Description: libxfont: X11 font rasterisation library libXfont could be made to run programs as an administrator if it opened a specially crafted file.
Family: unix Class: patch
Reference(s): USN-1191-1
CVE-2011-2895
Version: 5
Platform(s): Ubuntu 11.04
Ubuntu 10.04
Ubuntu 10.10
Product(s): libXfont
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14918
 
Oval ID: oval:org.mitre.oval:def:14918
Title: DSA-2293-1 libxfont -- buffer overflow
Description: Tomas Hoger found a buffer overflow in the X.Org libXfont library, which may allow for a local privilege escalation through crafted font files.
Family: unix Class: patch
Reference(s): DSA-2293-1
CVE-2011-2895
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): libxfont
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21257
 
Oval ID: oval:org.mitre.oval:def:21257
Title: DSA-2838-1 libxfont - buffer overflow
Description: It was discovered that a buffer overflow in the processing of Glyph Bitmap Distribution fonts (BDF) could result in the execution of arbitrary code.
Family: unix Class: patch
Reference(s): DSA-2838-1
CVE-2013-6462
Version: 5
Platform(s): Debian GNU/Linux 6.0
Debian GNU/Linux 7
Debian GNU/kFreeBSD 6.0
Debian GNU/kFreeBSD 7
Product(s): libxfont
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21406
 
Oval ID: oval:org.mitre.oval:def:21406
Title: USN-2078-1 -- libxfont vulnerability
Description: libXfont could be made to crash or run programs as an administrator if it opened a specially crafted font file.
Family: unix Class: patch
Reference(s): USN-2078-1
CVE-2013-6462
Version: 5
Platform(s): Ubuntu 13.10
Ubuntu 13.04
Ubuntu 12.10
Ubuntu 12.04
Ubuntu 10.04
Product(s): libxfont
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21902
 
Oval ID: oval:org.mitre.oval:def:21902
Title: RHSA-2014:0018: libXfont security update (Important)
Description: Stack-based buffer overflow in the bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont 1.1 through 1.4.6 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in a character name in a BDF font file.
Family: unix Class: patch
Reference(s): RHSA-2014:0018-00
CESA-2014:0018
CVE-2013-6462
Version: 6
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
CentOS Linux 5
CentOS Linux 6
Product(s): libXfont
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22062
 
Oval ID: oval:org.mitre.oval:def:22062
Title: RHSA-2011:1154: libXfont security update (Important)
Description: The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896.
Family: unix Class: patch
Reference(s): RHSA-2011:1154-01
CESA-2011:1154
CVE-2011-2895
Version: 4
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
CentOS Linux 5
CentOS Linux 6
Product(s): libXfont
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23366
 
Oval ID: oval:org.mitre.oval:def:23366
Title: DEPRECATED: ELSA-2011:1154: libXfont security update (Important)
Description: The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896.
Family: unix Class: patch
Reference(s): ELSA-2011:1154-01
CVE-2011-2895
Version: 7
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): libXfont
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23404
 
Oval ID: oval:org.mitre.oval:def:23404
Title: ELSA-2011:1154: libXfont security update (Important)
Description: The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896.
Family: unix Class: patch
Reference(s): ELSA-2011:1154-01
CVE-2011-2895
Version: 6
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): libXfont
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23621
 
Oval ID: oval:org.mitre.oval:def:23621
Title: DEPRECATED: ELSA-2014:0018: libXfont security update (Important)
Description: Stack-based buffer overflow in the bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont 1.1 through 1.4.6 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in a character name in a BDF font file.
Family: unix Class: patch
Reference(s): ELSA-2014:0018-00
CVE-2013-6462
Version: 7
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): libXfont
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24123
 
Oval ID: oval:org.mitre.oval:def:24123
Title: ELSA-2014:0018: libXfont security update (Important)
Description: Stack-based buffer overflow in the bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont 1.1 through 1.4.6 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in a character name in a BDF font file.
Family: unix Class: patch
Reference(s): ELSA-2014:0018-00
CVE-2013-6462
Version: 6
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): libXfont
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25384
 
Oval ID: oval:org.mitre.oval:def:25384
Title: SUSE-SU-2014:0219-1 -- Security update for xorg-x11
Description: This update fixes a stack buffer overflow in xorg-x11 in the bdfReadCharacters() function. CVE-2013-6462 has been assigned to this issue. Security Issue reference: * CVE-2013-6462 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6462 >
Family: unix Class: patch
Reference(s): SUSE-SU-2014:0219-1
CVE-2013-6462
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Desktop 11
Product(s): xorg-x11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27335
 
Oval ID: oval:org.mitre.oval:def:27335
Title: DEPRECATED: ELSA-2014-0018 -- libxfont security update (important)
Description: [1.4.5-3] - cve-2013-6462.patch: sscanf overflow (bug 1049684) - sscanf-hardening.patch: Some other sscanf hardening fixes (1049684)
Family: unix Class: patch
Reference(s): ELSA-2014-0018
CVE-2013-6462
Version: 4
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): libXfont
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28127
 
Oval ID: oval:org.mitre.oval:def:28127
Title: DEPRECATED: ELSA-2011-1154 -- libXfont security update (important)
Description: [1.4.1-2] - cve-2011-2895.patch: LZW decompression heap corruption
Family: unix Class: patch
Reference(s): ELSA-2011-1154
CVE-2011-2895
Version: 4
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): libXfont
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Application 24
Os 1
Os 1
Os 21

OpenVAS Exploits

Date Description
2012-07-30 Name : CentOS Update for freetype CESA-2011:1161 centos4 x86_64
File : nvt/gb_CESA-2011_1161_freetype_centos4_x86_64.nasl
2012-07-30 Name : CentOS Update for xorg-x11 CESA-2011:1155 centos4 x86_64
File : nvt/gb_CESA-2011_1155_xorg-x11_centos4_x86_64.nasl
2012-07-30 Name : CentOS Update for libXfont CESA-2011:1154 centos5 x86_64
File : nvt/gb_CESA-2011_1154_libXfont_centos5_x86_64.nasl
2012-05-18 Name : Mac OS X Multiple Vulnerabilities (2012-002)
File : nvt/gb_macosx_su12-002.nasl
2012-02-12 Name : FreeBSD Ports: FreeBSD
File : nvt/freebsd_FreeBSD14.nasl
2012-02-06 Name : Mac OS X Multiple Vulnerabilities (2012-001)
File : nvt/gb_macosx_su12-001.nasl
2011-11-08 Name : Mandriva Update for gimp MDVSA-2011:167 (gimp)
File : nvt/gb_mandriva_MDVSA_2011_167.nasl
2011-10-21 Name : Mandriva Update for libxfont MDVSA-2011:153 (libxfont)
File : nvt/gb_mandriva_MDVSA_2011_153.nasl
2011-10-16 Name : FreeBSD Security Advisory (FreeBSD-SA-11:04.compress.asc)
File : nvt/freebsdsa_compress.nasl
2011-10-14 Name : Mandriva Update for cups MDVSA-2011:146 (cups)
File : nvt/gb_mandriva_MDVSA_2011_146.nasl
2011-09-23 Name : CentOS Update for libXfont CESA-2011:1154 centos5 i386
File : nvt/gb_CESA-2011_1154_libXfont_centos5_i386.nasl
2011-09-21 Name : FreeBSD Ports: libXfont
File : nvt/freebsd_libXfont.nasl
2011-09-21 Name : Debian Security Advisory DSA 2293-1 (libxfont)
File : nvt/deb_2293_1.nasl
2011-08-19 Name : CentOS Update for freetype CESA-2011:1161 centos4 i386
File : nvt/gb_CESA-2011_1161_freetype_centos4_i386.nasl
2011-08-18 Name : CentOS Update for xorg-x11 CESA-2011:1155 centos4 i386
File : nvt/gb_CESA-2011_1155_xorg-x11_centos4_i386.nasl
2011-08-18 Name : RedHat Update for freetype RHSA-2011:1161-01
File : nvt/gb_RHSA-2011_1161-01_freetype.nasl
2011-08-18 Name : Ubuntu Update for libxfont USN-1191-1
File : nvt/gb_ubuntu_USN_1191_1.nasl
2011-08-12 Name : RedHat Update for libXfont RHSA-2011:1154-01
File : nvt/gb_RHSA-2011_1154-01_libXfont.nasl
2011-08-12 Name : RedHat Update for xorg-x11 RHSA-2011:1155-01
File : nvt/gb_RHSA-2011_1155-01_xorg-x11.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
74927 X.Org libXfont src/fontfile/decompress.c BufCompressedFill() Function LZW Dec...

Information Assurance Vulnerability Management (IAVM)

Date Description
2014-04-17 IAVM : 2014-A-0058 - Multiple Vulnerabilities in Oracle & Sun Systems Product Suite
Severity : Category I - VMSKEY : V0049579

Nessus® Vulnerability Scanner

Date Description
2016-10-13 Name : The remote device is affected by multiple vulnerabilities.
File : appletv_9_1.nasl - Type : ACT_GATHER_INFO
2015-12-11 Name : The remote host is missing a Mac OS X update that fixes multiple security vul...
File : macosx_SecUpd2015-008.nasl - Type : ACT_GATHER_INFO
2015-12-10 Name : The remote host is missing a Mac OS X update that fixes multiple security vul...
File : macosx_10_11_2.nasl - Type : ACT_GATHER_INFO
2015-03-27 Name : The remote Fedora host is missing a security update.
File : fedora_2015-3964.nasl - Type : ACT_GATHER_INFO
2015-03-27 Name : The remote Fedora host is missing a security update.
File : fedora_2015-3948.nasl - Type : ACT_GATHER_INFO
2015-03-23 Name : The remote Fedora host is missing a security update.
File : fedora_2015-3953.nasl - Type : ACT_GATHER_INFO
2015-01-19 Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_xorg_20140326.nasl - Type : ACT_GATHER_INFO
2014-11-26 Name : The remote OracleVM host is missing a security update.
File : oraclevm_OVMSA-2014-0080.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2014-0041.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_libpciaccess0-110905.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_libpciaccess0-110905.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-45.nasl - Type : ACT_GATHER_INFO
2014-04-17 Name : The remote host has a version of Oracle Secure Global Desktop that is affecte...
File : oracle_secure_global_desktop_apr_2014_cpu.nasl - Type : ACT_GATHER_INFO
2014-02-23 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201402-23.nasl - Type : ACT_GATHER_INFO
2014-02-12 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_xorg-x11-devel-140108.nasl - Type : ACT_GATHER_INFO
2014-02-05 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-282.nasl - Type : ACT_GATHER_INFO
2014-01-29 Name : The remote Fedora host is missing a security update.
File : fedora_2014-0467.nasl - Type : ACT_GATHER_INFO
2014-01-22 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-013.nasl - Type : ACT_GATHER_INFO
2014-01-14 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2014-013-01.nasl - Type : ACT_GATHER_INFO
2014-01-13 Name : The remote Fedora host is missing a security update.
File : fedora_2014-0443.nasl - Type : ACT_GATHER_INFO
2014-01-12 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-0018.nasl - Type : ACT_GATHER_INFO
2014-01-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-0018.nasl - Type : ACT_GATHER_INFO
2014-01-12 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0018.nasl - Type : ACT_GATHER_INFO
2014-01-12 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20140110_libXfont_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2014-01-09 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_28c575fa784e11e38249001cc0380077.nasl - Type : ACT_GATHER_INFO
2014-01-08 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2838.nasl - Type : ACT_GATHER_INFO
2014-01-08 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2078-1.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-1154.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-1155.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-1161.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-1834.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110815_freetype_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110811_xorg_x11_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110811_libXfont_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-05-10 Name : The remote host is missing a Mac OS X update that fixes several security issues.
File : macosx_10_7_4.nasl - Type : ACT_GATHER_INFO
2012-02-02 Name : The remote host is missing a Mac OS X update that fixes several security vuln...
File : macosx_10_7_3.nasl - Type : ACT_GATHER_INFO
2012-02-02 Name : The remote host is missing a Mac OS X update that fixes multiple security vul...
File : macosx_SecUpd2012-001.nasl - Type : ACT_GATHER_INFO
2012-01-31 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_fee94342463811e19f4700e0815b8da8.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_freetype2-7872.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_xorg-x11-7759.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libpciaccess0-110905.nasl - Type : ACT_GATHER_INFO
2011-11-07 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-167.nasl - Type : ACT_GATHER_INFO
2011-10-18 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-153.nasl - Type : ACT_GATHER_INFO
2011-10-11 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-146.nasl - Type : ACT_GATHER_INFO
2011-09-23 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-1154.nasl - Type : ACT_GATHER_INFO
2011-08-17 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-1161.nasl - Type : ACT_GATHER_INFO
2011-08-16 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1191-1.nasl - Type : ACT_GATHER_INFO
2011-08-16 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-1161.nasl - Type : ACT_GATHER_INFO
2011-08-15 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2293.nasl - Type : ACT_GATHER_INFO
2011-08-15 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-1155.nasl - Type : ACT_GATHER_INFO
2011-08-12 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_304409c3c3ef11e08aa5485d60cb5385.nasl - Type : ACT_GATHER_INFO
2011-08-12 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-1155.nasl - Type : ACT_GATHER_INFO
2011-08-12 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-1154.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2014-02-23 13:21:09
  • Multiple Updates
2014-02-21 17:18:40
  • First insertion