SB2014051418 - Buffer overflow in libxfont (Alpine package)
Published: May 14, 2014
Security Bulletin ID
SB2014051418
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Buffer overflow (CVE-ID: CVE-2014-0210)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Multiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs protocol reply to the (1) _fs_recv_conn_setup, (2) fs_read_open_font, (3) fs_read_query_info, (4) fs_read_extent_info, (5) fs_read_glyphs, (6) fs_read_list, or (7) fs_read_list_info function.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=0c9f25da7cad183991206441ffd79f4f5b67cf1c
- https://git.alpinelinux.org/aports/commit/?id=1476a4f2f4f84290a60b64a79123454f8227f80a
- https://git.alpinelinux.org/aports/commit/?id=29880316e4d89974619a59348463b0c4a9bfd613
- https://git.alpinelinux.org/aports/commit/?id=57ccd1954ce23cc940ad1c1e29cbf4919d516d8a