CVE ID: CVE-2011-2895 libXfont contains a compress / LZW decompresser implementation based on the original BSD compress code. A specially crafted LZW stream can cause a buffer overflow in an application using libXfont that is used to open untrusted font files, such as the X server (often run with elevated privileges) when a client adds a local directory to the font path. Successful exploitation may possibly lead to a local privilege escalation. This is fixed in libXfont-1.4.4. Please add arches as you see fit.
Arches, please stabilize x11-libs/libXfont-1.4.4
take a look at bug 378875
ppc done
ppc64 stable
(In reply to comment #2) > take a look at bug 378875 amd64 ok with exception for bug that I've posted
Stable for HPPA.
amd64 done. Thanks Agostino
Arch tested on x86, all good here ...
Created attachment 283373 [details] libXfont.report
x86 stable, thanks David
alpha/arm/ia64/s390/sh/sparc stable
Thanks, folks. GLSA request filed.
CVE-2011-2895 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2895): The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896.
This issue was resolved and addressed in GLSA 201402-23 at http://security.gentoo.org/glsa/glsa-201402-23.xml by GLSA coordinator Chris Reffett (creffett).