Mandriva Linux Security Advisory : libxfont (MDVSA-2014:132)
High Nessus Plugin ID 76440
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionUpdated libxfont packages fix security vulnerabilities :
Ilja van Sprundel discovered that libXfont incorrectly handled font metadata file parsing. A local attacker could use this issue to cause libXfont to crash, or possibly execute arbitrary code in order to gain privileges (CVE-2014-0209).
Ilja van Sprundel discovered that libXfont incorrectly handled X Font Server replies. A malicious font server could return specially crafted data that could cause libXfont to crash, or possibly execute arbitrary code (CVE-2014-0210, CVE-2014-0211).
SolutionUpdate the affected lib64xfont1, lib64xfont1-devel and / or lib64xfont1-static-devel packages.