==========================================================================
Ubuntu Security Notice USN-2211-1
May 14, 2014

libxfont vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 LTS
– Ubuntu 13.10
– Ubuntu 12.10
– Ubuntu 12.04 LTS
– Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in libXfont.

Software Description:
– libxfont: X11 font rasterisation library

Details:

Ilja van Sprundel discovered that libXfont incorrectly handled font
metadata file parsing. A local attacker could use this issue to cause
libXfont to crash, or possibly execute arbitrary code in order to gain
privileges. (CVE-2014-0209)

Ilja van Sprundel discovered that libXfont incorrectly handled X Font
Server replies. A malicious font server could return specially-crafted data
that could cause libXfont to crash, or possibly execute arbitrary code.
This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, Ubuntu 12.10
and Ubuntu 13.10. (CVE-2014-0210, CVE-2014-0211)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
libxfont1 1:1.4.7-1ubuntu0.1

Ubuntu 13.10:
libxfont1 1:1.4.6-1ubuntu0.2

Ubuntu 12.10:
libxfont1 1:1.4.5-2ubuntu0.12.10.2

Ubuntu 12.04 LTS:
libxfont1 1:1.4.4-1ubuntu0.2

Ubuntu 10.04 LTS:
libxfont1 1:1.4.1-1ubuntu0.3

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2211-1
CVE-2014-0209, CVE-2014-0210, CVE-2014-0211

Package Information:
https://launchpad.net/ubuntu/+source/libxfont/1:1.4.7-1ubuntu0.1
https://launchpad.net/ubuntu/+source/libxfont/1:1.4.6-1ubuntu0.2
https://launchpad.net/ubuntu/+source/libxfont/1:1.4.5-2ubuntu0.12.10.2
https://launchpad.net/ubuntu/+source/libxfont/1:1.4.4-1ubuntu0.2
https://launchpad.net/ubuntu/+source/libxfont/1:1.4.1-1ubuntu0.3

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird – http://www.enigmail.net/

iQIcBAEBCgAGBQJTc4FWAAoJEGVp2FWnRL6TNIEQAKYsZiuGQpSWEJcmwWkrCVql
CAhmNFcL7RkolBwcR9b5mp6trAc3Ix0jIAge0WYkC6sV3+JC1TgcPVKdB4blWUVf
i2n5cPwJcCtUv3mI/PfPrlAXJmIzwEJzzPtndaBKQYZKg87ApZ/Ey+UhiUBPE1Ly
VSf0My4cy/vZerF4bRXJ7EEun2sjEyoMcap7Cx3of89yGSMcAupD3ecC+gBfNbpN
oHQUCJzWj/X9ea+l5LKkUnXWq/Fnpm/JtdwfQd5u0LeWA81g2g2GLFpfMh7cOKXJ
7AzDuHlN9EJpLfgnUimNAgxtH5xqoAcxGnfcfEV0MO9MHyhIY74qTRd/CJTon/Sq
u4M4CLGTHTE/fz0vHWWv/2OxzNOzvTSpuhZyhhcH3qr4k85lEY/N5H9qm0Mpk/Ra
a+sAaxIsirdHWPSVc3ijBjaNjEcS0V9ctugqoeZgAyWkM+KNxDYXanbE26NxPl7q
DXJ1Q0tiahK1eRfAKWB6q9q1h/wY8dZ3UKZg3POg1Wraffh1zP2sNBhham0eq3SB
ePKoCutNnzo2Sagg2px12S9w1yFi7v/YV+Q48LPsfKXHnhtJoEe2HU1Cyu3JPtau
7macLFsC1INgq5q+jKpo352TiKu3iE4IWmDpaeJy37hcPk1bQSAnREzXzTj4yWvc
4nX+Rp/pcszOVP9ZvA8w
=df2d
—–END PGP SIGNATURE—–
—