USN-2536-1: libXfont vulnerabilities

18 March 2015

libxfont vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS
  • Ubuntu 10.04 LTS

Summary

libXfont could be made to crash or run programs as an administrator if it opened a specially crafted bdf font file.

Software Description

  • libxfont - X11 font rasterisation library

Details

Ilja van Sprundel, Alan Coopersmith, and William Robinet discovered that libXfont incorrectly handled malformed bdf fonts. A local attacker could use this issue to cause libXfont to crash, or possibly execute arbitrary code in order to gain privileges.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.10
libxfont1 - 1:1.4.99.901-1ubuntu0.1
Ubuntu 14.04 LTS
libxfont1 - 1:1.4.7-1ubuntu0.2
Ubuntu 12.04 LTS
libxfont1 - 1:1.4.4-1ubuntu0.3
Ubuntu 10.04 LTS
libxfont1 - 1:1.4.1-1ubuntu0.4

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make all the necessary changes.

References