Sicherheit: Mehrere Probleme in libXfont

Lesezeichen hinzufügen

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============5103073022634991334==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="5r2EwK44DlgB5GXDx8pvwFmBvh25So8kP"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--5r2EwK44DlgB5GXDx8pvwFmBvh25So8kP
Content-Type: text/plain; charset=UTF-
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-2211-1
May 14, 2014

libxfont vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS
- Ubuntu 13.10
- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in libXfont.

Software Description:
- libxfont: X11 font rasterisation library

Details:

Ilja van Sprundel discovered that libXfont incorrectly handled font
metadata file parsing. A local attacker could use this issue to cause
libXfont to crash, or possibly execute arbitrary code in order to gain
privileges. (CVE-2014-0209)

Ilja van Sprundel discovered that libXfont incorrectly handled X Font
Server replies. A malicious font server could return specially-crafted data
that could cause libXfont to crash, or possibly execute arbitrary code.
This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, Ubuntu 12.10
and Ubuntu 13.10. (CVE-2014-0210, CVE-2014-0211)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
libxfont1 1:1.4.7-1ubuntu0.1

Ubuntu 13.10:
libxfont1 1:1.4.6-1ubuntu0.2

Ubuntu 12.10:
libxfont1 1:1.4.5-2ubuntu0.12.10.2

Ubuntu 12.04 LTS:
libxfont1 1:1.4.4-1ubuntu0.2

Ubuntu 10.04 LTS:
libxfont1 1:1.4.1-1ubuntu0.3

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2211-1
CVE-2014-0209, CVE-2014-0210, CVE-2014-0211

Package Information:
https://launchpad.net/ubuntu/+source/libxfont/1:1.4.7-1ubuntu0.1
https://launchpad.net/ubuntu/+source/libxfont/1:1.4.6-1ubuntu0.2
https://launchpad.net/ubuntu/+source/libxfont/1:1.4.5-2ubuntu0.12.10.2
https://launchpad.net/ubuntu/+source/libxfont/1:1.4.4-1ubuntu0.2
https://launchpad.net/ubuntu/+source/libxfont/1:1.4.1-1ubuntu0.3

--5r2EwK44DlgB5GXDx8pvwFmBvh25So8kP
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCgAGBQJTc4FWAAoJEGVp2FWnRL6TNIEQAKYsZiuGQpSWEJcmwWkrCVql
CAhmNFcL7RkolBwcR9b5mp6trAc3Ix0jIAge0WYkC6sV3+JC1TgcPVKdB4blWUVf
i2n5cPwJcCtUv3mI/PfPrlAXJmIzwEJzzPtndaBKQYZKg87ApZ/Ey+UhiUBPE1Ly
VSf0My4cy/vZerF4bRXJ7EEun2sjEyoMcap7Cx3of89yGSMcAupD3ecC+gBfNbpN
oHQUCJzWj/X9ea+l5LKkUnXWq/Fnpm/JtdwfQd5u0LeWA81g2g2GLFpfMh7cOKXJ
7AzDuHlN9EJpLfgnUimNAgxtH5xqoAcxGnfcfEV0MO9MHyhIY74qTRd/CJTon/Sq
u4M4CLGTHTE/fz0vHWWv/2OxzNOzvTSpuhZyhhcH3qr4k85lEY/N5H9qm0Mpk/Ra
a+sAaxIsirdHWPSVc3ijBjaNjEcS0V9ctugqoeZgAyWkM+KNxDYXanbE26NxPl7q
DXJ1Q0tiahK1eRfAKWB6q9q1h/wY8dZ3UKZg3POg1Wraffh1zP2sNBhham0eq3SB
ePKoCutNnzo2Sagg2px12S9w1yFi7v/YV+Q48LPsfKXHnhtJoEe2HU1Cyu3JPtau
7macLFsC1INgq5q+jKpo352TiKu3iE4IWmDpaeJy37hcPk1bQSAnREzXzTj4yWvc
4nX+Rp/pcszOVP9ZvA8w
=df2d
-----END PGP SIGNATURE-----

--5r2EwK44DlgB5GXDx8pvwFmBvh25So8kP--

--===============5103073022634991334==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============5103073022634991334==--