From 4f2d7949f03e1c198bc888f2d05f421d35c57e21 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Mon, 9 Oct 2017 18:53:29 +0100 Subject: reinit the tree, so we can have metadata --- metadata/glsa/glsa-200609-07.xml | 74 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+) create mode 100644 metadata/glsa/glsa-200609-07.xml (limited to 'metadata/glsa/glsa-200609-07.xml') diff --git a/metadata/glsa/glsa-200609-07.xml b/metadata/glsa/glsa-200609-07.xml new file mode 100644 index 000000000000..ecaa11fb4e76 --- /dev/null +++ b/metadata/glsa/glsa-200609-07.xml @@ -0,0 +1,74 @@ + + + + LibXfont, monolithic X.org: Multiple integer overflows + + Some buffer overflows were discovered in the CID font parser, potentially + resulting in the execution of arbitrary code with elevated privileges. + + libxfont + 2006-09-13 + 2006-09-13: 01 + 145513 + local and remote + + + 1.2.1 + 1.2.1 + + + 7.0 + 7.0 + + + +

+ libXfont is the X.Org Xfont library, some parts are based on the + FreeType code base. +

+ + +

+ Several integer overflows have been found in the CID font parser. +

+ + +

+ A remote attacker could exploit this vulnerability by enticing a user + to load a malicious font file resulting in the execution of arbitrary + code with the permissions of the user running the X server which + typically is the root user. A local user could exploit this + vulnerability to gain elevated privileges. +

+ + +

+ Disable CID-encoded Type 1 fonts by removing the "type1" module and + replacing it with the "freetype" module in xorg.conf. +

+ + +

+ All libXfont users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-libs/libXfont-1.2.1" +

+ All monolithic X.org users are advised to migrate to modular X.org. +

+ + + CVE-2006-3739 + CVE-2006-3740 + + + frilled + + + jaervosz + + + jaervosz + + -- cgit v1.2.3