You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa libxfont

Sigurnosni nedostatak programskog paketa libxfont

==========================================================================
Ubuntu Security Notice USN-2078-1
January 07, 2014

libxfont vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 13.10
– Ubuntu 13.04
– Ubuntu 12.10
– Ubuntu 12.04 LTS
– Ubuntu 10.04 LTS

Summary:

libXfont could be made to crash or run programs as an administrator if it
opened a specially crafted font file.

Software Description:
– libxfont: X11 font rasterisation library

Details:

It was discovered that libXfont incorrectly handled certain malformed BDF
fonts. An attacker could use a specially crafted font file to cause
libXfont to crash, or possibly execute arbitrary code in order to gain
privileges. The default compiler options for affected releases should
reduce the vulnerability to a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 13.10:
libxfont1 1:1.4.6-1ubuntu0.1

Ubuntu 13.04:
libxfont1 1:1.4.5-2ubuntu0.13.04.1

Ubuntu 12.10:
libxfont1 1:1.4.5-2ubuntu0.12.10.1

Ubuntu 12.04 LTS:
libxfont1 1:1.4.4-1ubuntu0.1

Ubuntu 10.04 LTS:
libxfont1 1:1.4.1-1ubuntu0.2

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2078-1
CVE-2013-6462

Package Information:
https://launchpad.net/ubuntu/+source/libxfont/1:1.4.6-1ubuntu0.1
https://launchpad.net/ubuntu/+source/libxfont/1:1.4.5-2ubuntu0.13.04.1
https://launchpad.net/ubuntu/+source/libxfont/1:1.4.5-2ubuntu0.12.10.1
https://launchpad.net/ubuntu/+source/libxfont/1:1.4.4-1ubuntu0.1
https://launchpad.net/ubuntu/+source/libxfont/1:1.4.1-1ubuntu0.2

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird – http://www.enigmail.net/

iQIcBAEBCgAGBQJSzEz0AAoJEGVp2FWnRL6TNtMP/AkNG7/4R+hntyLKXuLpQMfu
wloldok1XDdpVHUq541J06Hz380IIT6kb1VmtkIpSG25BJtcUzfzPJdIXls0piPz
y9G//a/OlH9dTHWb/cIb45UlaPJhGyJ/Q3w0ckS7bxulKpvDvOVeAkL1DyH5yEJn
PJx+7MtCysBvwFXr1EIQymbCNYAghCwaMGFsTH/W1w+8qianFZyIXdflHQIhBq7X
XDu2fXF31k8jynm1rZ4dzYtD4VC79ETtXJAQOG6p0SXKdfGpdov/eE+21/lK42uD
0Eu+n6ahY4kPyutLR1erl3wf6h3sxlrMtj42ixxKDOw6MML3BfssaUgXlxjILRu1
dBlBVBolZqnNFyGLfgG/p1o0hH6kbm5CK9Q2rQAVf0J76U2bab3+IvPiWQuRCQ2f
zVGRCnpBfQD11Lef+SERWW1FJnTQfZbz3DjJF3uBulFVFaQY4miKfKcSubhOTBSj
Xf4dZzCikT1otkoGLJxCLC4amDdVqzqIQtwC0BRVyzN7MG6j0nczkvSj7t9YuX34
Pg/ZM/DpItthYEgZH75u6fFo9N4ATH59omFrwYbXb5Gc4tnOS93eFd9SPQWW6BM+
GJZlTvRona+Bm5LVuiHFGMUQIVma1NfmEKLjBC2Os6THrZL36VRdg0xf74DcJVF5
SgK9Juf1VmbiwaVn+6lv
=ktrb
—–END PGP SIGNATURE—–

Top
More in Preporuke
Ranjivost programskog paketa ruby193-ruby

Otklonjena je ranjivost prekoračenja spremnika gomile kod programskog paketa ruby193-ruby za Red Hat OpenStack 3.0. Ranjivost je uzrokovana greškom prilikom...

Close