SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-200705-10 (LibXfont, TightVNC: Multiple vulnerabilities)
The libXfont code is prone to several integer overflows, in functions ProcXCMiscGetXIDList(), bdfReadCharacters() and FontFileInitTable().
TightVNC contains a local copy of this code and is also affected.
A local attacker could use a specially crafted BDF Font to gain root privileges on the vulnerable host.
There is no known workaround at this time.
SolutionAll libXfont users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=x11-libs/libXfont-1.2.7-r1' All TightVNC users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=net-misc/tightvnc-1.2.9-r4'