Summary: | <x11-libs/libXfont-1.4.7 sscanf overflow (CVE-2013-6462) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Chí-Thanh Christopher Nguyễn <chithanh> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | critical | CC: | alexander, x11 |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://lists.x.org/archives/xorg-announce/2014-January/002389.html | ||
Whiteboard: | A1 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Chí-Thanh Christopher Nguyễn
2014-01-07 17:22:01 UTC
libXfont-1.4.7 has been committed which fixes the issue, and can be stabilized if no serious issues are reported with it. No problems reported so far. Arches, please stabilize =x11-libs/libXfont-1.4.7 Stable for HPPA. ia64 stable arm stable amd64 stable x86 stable ppc64 stable ppc stable alpha stable sparc stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. Vulnerable versions have been removed. added to existing glsa request CVE-2013-6462 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6462): Stack-based buffer overflow in the bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont 1.1 through 1.4.6 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in a character name in a BDF font file. This issue was resolved and addressed in GLSA 201402-23 at http://security.gentoo.org/glsa/glsa-201402-23.xml by GLSA coordinator Chris Reffett (creffett). |