Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 / 13.10 : libxfont vulnerability (USN-2078-1)

Ubuntu Security Notice (C) 2014 Canonical, Inc. / NASL script (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing a security-related patch.

Description :

It was discovered that libXfont incorrectly handled certain malformed
BDF fonts. An attacker could use a specially crafted font file to
cause libXfont to crash, or possibly execute arbitrary code in order
to gain privileges. The default compiler options for affected releases
should reduce the vulnerability to a denial of service.

Solution :

Update the affected libxfont1 package.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 71855 ()

Bugtraq ID:

CVE ID: CVE-2013-6462