Ubuntu alert USN-2536-1 (libxfont)
| From: | Marc Deslauriers <marc.deslauriers@canonical.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-2536-1] libXfont vulnerabilities | |
| Date: | Wed, 18 Mar 2015 11:04:53 -0400 | |
| Message-ID: | <55099415.4030309@canonical.com> |
========================================================================== Ubuntu Security Notice USN-2536-1 March 18, 2015 libxfont vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS Summary: libXfont could be made to crash or run programs as an administrator if it opened a specially crafted bdf font file. Software Description: - libxfont: X11 font rasterisation library Details: Ilja van Sprundel, Alan Coopersmith, and William Robinet discovered that libXfont incorrectly handled malformed bdf fonts. A local attacker could use this issue to cause libXfont to crash, or possibly execute arbitrary code in order to gain privileges. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.10: libxfont1 1:1.4.99.901-1ubuntu0.1 Ubuntu 14.04 LTS: libxfont1 1:1.4.7-1ubuntu0.2 Ubuntu 12.04 LTS: libxfont1 1:1.4.4-1ubuntu0.3 Ubuntu 10.04 LTS: libxfont1 1:1.4.1-1ubuntu0.4 After a standard system update you need to reboot your computer to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-2536-1 CVE-2015-1802, CVE-2015-1803, CVE-2015-1804 Package Information: https://launchpad.net/ubuntu/+source/libxfont/1:1.4.99.90... https://launchpad.net/ubuntu/+source/libxfont/1:1.4.7-1ub... https://launchpad.net/ubuntu/+source/libxfont/1:1.4.4-1ub... https://launchpad.net/ubuntu/+source/libxfont/1:1.4.1-1ub... -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security...