|
|
Log in / Subscribe / Register

libxfont: privilege escalation

Package(s):libxfont CVE #(s):CVE-2015-1802 CVE-2015-1803 CVE-2015-1804
Created:March 17, 2015 Updated:December 21, 2015
Description: From the X.org advisory:

Ilja van Sprundel, a security researcher with IOActive, has discovered an issue in the parsing of BDF font files by libXfont. Additional testing by Alan Coopersmith and William Robinet with the American Fuzzy Lop (afl) tool uncovered two more issues in the parsing of BDF font files.

As libXfont is used by the X server to read font files, and an unprivileged user with access to the X server can tell the X server to read a given font file from a path of their choosing, these vulnerabilities have the potential to allow unprivileged users to run code with the privileges of the X server (often root access).

Alerts:
openSUSE openSUSE-SU-2015:2300-1 libXfont 2015-12-18
Oracle ELSA-2015-1708 libXfont 2015-09-03
Oracle ELSA-2015-1708 libXfont 2015-09-03
Gentoo 201507-21 libXfont 2015-07-22
Scientific Linux SLSA-2015:1708-1 libXfont 2015-09-03
CentOS CESA-2015:1708 libXfont 2015-09-03
Red Hat RHSA-2015:1708-01 libXfont 2015-09-03
CentOS CESA-2015:1708 libXfont 2015-09-03
SUSE SUSE-SU-2015:0702-1 libXfont 2015-04-10
SUSE SUSE-SU-2015:0674-1 xorg-x11-libs 2015-04-07
Mandriva MDVSA-2015:145-1 libxfont 2015-03-30
Debian-LTS DLA-183-1 libxfont 2015-03-28
Mandriva MDVSA-2015:145 libxfont 2015-03-29
Arch Linux ASA-201503-15 libxfont 2015-03-17
openSUSE openSUSE-SU-2015:0614-1 libXfont 2015-03-27
Mageia MGASA-2015-0113 libxfont 2015-03-24
Fedora FEDORA-2015-4230 libXfont 2015-03-23
Ubuntu USN-2536-1 libxfont 2015-03-18
Debian DSA-3194-1 libxfont 2015-03-17
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds