SuSE 11.3 Security Update : xorg-x11-libs (SAT Patch Number 10487)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote SuSE 11 host is missing one or more security updates.

Description :

LibXFont was updated to fix security problems that could be used by
local attackers to gain X server privileges (root).

The following security issues have been fixed :

- The bdf parser reads a count for the number of
properties defined in a font from the font file, and
allocates arrays with entries for each property based on
that count. It never checked to see if that count was
negative, or large enough to overflow when multiplied by
the size of the structures being allocated, and could
thus allocate the wrong buffer size, leading to out of
bounds writes. (CVE-2015-1802)

- If the bdf parser failed to parse the data for the
bitmap for any character, it would proceed with an
invalid pointer to the bitmap data and later crash when
trying to read the bitmap from that pointer.
(CVE-2015-1803)

- The bdf parser read metrics values as 32-bit integers,
but stored them into 16-bit integers. Overflows could
occur in various operations leading to out-of-bounds
memory access. (CVE-2015-1804)

See also :

https://bugzilla.novell.com/show_bug.cgi?id=921978
http://support.novell.com/security/cve/CVE-2015-1802.html
http://support.novell.com/security/cve/CVE-2015-1803.html
http://support.novell.com/security/cve/CVE-2015-1804.html

Solution :

Apply SAT patch number 10487.

Risk factor :

High / CVSS Base Score : 8.5
(CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C)

Family: SuSE Local Security Checks

Nessus Plugin ID: 82641 ()

Bugtraq ID:

CVE ID: CVE-2015-1802
CVE-2015-1803
CVE-2015-1804

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now