This script is Copyright (C) 2014 Tenable Network Security, Inc.
The remote openSUSE host is missing a security update.
libxfont was updated to fix multiple vulnerabilities :
- Integer overflow of allocations in font metadata file
- Unvalidated length fields when parsing xfs protocol
- Integer overflows calculating memory needs for xfs
These vulnerabilities could be used by a local, authenticated user to
raise privileges or by a remote attacker with control of the font
server to execute code with the privileges of the X server.
See also :
Update the affected libXfont packages.
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.5
Public Exploit Available : false