Summary: | <x11-libs/libXfont-1.4.4: local privilege escalation (CVE-2011-2895) | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Chí-Thanh Christopher Nguyễn <chithanh> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | major | CC: | x11 | ||||
Priority: | Normal | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
URL: | http://lists.freedesktop.org/archives/xorg-announce/2011-August/001721.html | ||||||
Whiteboard: | B1 [glsa] | ||||||
Package list: | Runtime testing required: | --- | |||||
Attachments: |
|
Description
Chí-Thanh Christopher Nguyễn
2011-08-11 15:34:30 UTC
Arches, please stabilize x11-libs/libXfont-1.4.4 take a look at bug 378875 ppc done ppc64 stable (In reply to comment #2) > take a look at bug 378875 amd64 ok with exception for bug that I've posted Stable for HPPA. amd64 done. Thanks Agostino Arch tested on x86, all good here ... Created attachment 283373 [details]
libXfont.report
x86 stable, thanks David alpha/arm/ia64/s390/sh/sparc stable Thanks, folks. GLSA request filed. CVE-2011-2895 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2895): The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896. This issue was resolved and addressed in GLSA 201402-23 at http://security.gentoo.org/glsa/glsa-201402-23.xml by GLSA coordinator Chris Reffett (creffett). |