[OE-core] [PATCH] libxfont: fix for CVE-2014-0209 CVE-2014-0210 CVE-2014-0211
Huang, Jie (Jackie)
Jackie.Huang at windriver.com
Wed Jul 23 08:31:48 UTC 2014
> -----Original Message-----
> From: Burton, Ross [mailto:ross.burton at intel.com]
> Sent: Wednesday, July 23, 2014 4:27 PM
> To: Huang, Jie (Jackie)
> Cc: OE-core
> Subject: Re: [OE-core] [PATCH] libxfont: fix for CVE-2014-0209 CVE-2014-0210 CVE-2014-0211
>
> On 23 July 2014 09:04, <jackie.huang at windriver.com> wrote:
> > 0001-CVE-2014-0209-integer-overflow-of-realloc-size-in-Fo.patch
> > CVE-2014-0209:
> > Multiple integer overflows in the (1) FontFileAddEntry and
> > (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x
> > before 1.4.99.901 might allow local users to gain privileges by adding
> > a directory with a large fonts.dir or fonts.alias file to the font
> > path, which triggers a heap-based buffer overflow, related to
> > metadata.
> >
> > CVE-2014-0210:
> > Multiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x
> > before 1.4.99.901 allow remote font servers to execute arbitrary code
> > via a crafted xfs protocol reply to the
> > (1) _fs_recv_conn_setup, (2) fs_read_open_font,
> > (3) fs_read_query_info, (4) fs_read_extent_info,
> > (5) fs_read_glyphs, (6) fs_read_list, or
> > (7) fs_read_list_info function.
> >
> > CVE-2014-0211:
> > Multiple integer overflows in the (1) fs_get_reply,
> > (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org
> > libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font
> > servers to execute arbitrary code via a crafted xfs reply, which
> > triggers a buffer overflow.
>
> I sent an upgrade to 1.5.0 yesterday, which has all of these integrated.
Oh, sorry I didn't notice that, thanks for reminding.
Thanks,
Jackie
>
> Ross
More information about the Openembedded-core
mailing list