openSUSE Security Update : libXfont (openSUSE-SU-2014:0711-1)
High Nessus Plugin ID 75371
SynopsisThe remote openSUSE host is missing a security update.
Descriptionlibxfont was updated to fix multiple vulnerabilities :
- Integer overflow of allocations in font metadata file parsing (CVE-2014-0209).
- Unvalidated length fields when parsing xfs protocol replies (CVE-2014-0210).
- Integer overflows calculating memory needs for xfs replies (CVE-2014-0211).
These vulnerabilities could be used by a local, authenticated user to raise privileges or by a remote attacker with control of the font server to execute code with the privileges of the X server.
SolutionUpdate the affected libXfont packages.