[OE-core] [PATCH] libxfont: fix for CVE-2014-0209 CVE-2014-0210 CVE-2014-0211
Burton, Ross
ross.burton at intel.com
Wed Jul 23 08:27:03 UTC 2014
On 23 July 2014 09:04, <jackie.huang at windriver.com> wrote:
> 0001-CVE-2014-0209-integer-overflow-of-realloc-size-in-Fo.patch
> CVE-2014-0209:
> Multiple integer overflows in the (1) FontFileAddEntry and
> (2) lexAlias functions in X.Org libXfont before 1.4.8 and
> 1.4.9x before 1.4.99.901 might allow local users to gain
> privileges by adding a directory with a large fonts.dir or
> fonts.alias file to the font path, which triggers a heap-based
> buffer overflow, related to metadata.
>
> CVE-2014-0210:
> Multiple buffer overflows in X.Org libXfont before 1.4.8 and
> 1.4.9x before 1.4.99.901 allow remote font servers to execute
> arbitrary code via a crafted xfs protocol reply to the
> (1) _fs_recv_conn_setup, (2) fs_read_open_font,
> (3) fs_read_query_info, (4) fs_read_extent_info,
> (5) fs_read_glyphs, (6) fs_read_list, or
> (7) fs_read_list_info function.
>
> CVE-2014-0211:
> Multiple integer overflows in the (1) fs_get_reply,
> (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions
> in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901
> allow remote font servers to execute arbitrary code via
> a crafted xfs reply, which triggers a buffer overflow.
I sent an upgrade to 1.5.0 yesterday, which has all of these integrated.
Ross
More information about the Openembedded-core
mailing list