Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2014-0210

Published: 13 May 2014

Multiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs protocol reply to the (1) _fs_recv_conn_setup, (2) fs_read_open_font, (3) fs_read_query_info, (4) fs_read_extent_info, (5) fs_read_glyphs, (6) fs_read_list, or (7) fs_read_list_info function.

Notes

AuthorNote
mdeslaur 
trusty and later are built with --disable-fc, so this shouldn't
be an issue. Adding patch anyway for completeness' sake.

Priority

Medium

Status

Package Release Status
libxfont
Launchpad, Ubuntu, Debian 		lucid
Released (1:1.4.1-1ubuntu0.3)
precise
Released (1:1.4.4-1ubuntu0.2)
quantal
Released (1:1.4.5-2ubuntu0.12.10.2)
saucy
Released (1:1.4.6-1ubuntu0.2)
trusty Not vulnerable
(1:1.4.7-1)
upstream
Released (1.4.8)
Patches:
upstream: http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=891e084b26837162b12f841060086a105edde86d
upstream: http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=cbb64aef35960b2882be721f4b8fbaa0fb649d12
upstream: http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=491291cabf78efdeec8f18b09e14726a9030cc8f
upstream: http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=a3f21421537620fc4e1f844a594a4bcd9f7e2bd8
upstream: http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=520683652564c2a4e42328ae23eef9bb63271565
upstream: http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=5fa73ac18474be3032ee7af9c6e29deab163ea39
upstream: http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d338f81df1e188eb16e1d6aeea7f4800f89c1218

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading