[Bug 1203719] New: CVE-2015-1804 libXfont: out-of-bounds memory access in bdfReadCharacters

List overview All Threads
Download

newer

older

Broken dependencies:...

[Bug 1203715] New: CVE-2015-1802...

Red Hat Bugzilla

19 Mar 2015 19 Mar '15

2:14 p.m.

https://bugzilla.redhat.com/show_bug.cgi?id=1203719

Bug ID: 1203719 Summary: CVE-2015-1804 libXfont: out-of-bounds memory access in bdfReadCharacters Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team@redhat.com Reporter: mprpic@redhat.com CC: btissoir@redhat.com, fonts-bugs@lists.fedoraproject.org, sandmann@redhat.com

The bdf parser read metrics values as 32-bit integers, but stored them into 16-bit integers. Overflows could occur in various operations leading to out-of-bounds memory access.

A local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server.

Upstream advisory:

http://seclists.org/oss-sec/2015/q1/865

Upstream patch:

http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=2351c83a77a478b49cb...

-- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=er2MnEzbkS&a=cc_unsubscribe

Show replies by date

Red Hat Bugzilla

19 Mar 19 Mar

2:15 p.m.

New subject: [Bug 1203719] CVE-2015-1804 libXfont: out-of-bounds memory access in bdfReadCharacters

https://bugzilla.redhat.com/show_bug.cgi?id=1203719

Martin Prpic mprpic@redhat.com changed:

What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1203720

Referenced Bugs:

https://bugzilla.redhat.com/show_bug.cgi?id=1203720 [Bug 1203720] CVE-2015-1802 CVE-2015-1803 libXfont: various flaws [fedora-all]

-- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=S9x42iRP28&a=cc_unsubscribe

Red Hat Bugzilla

2:15 p.m.

New subject: [Bug 1203719] CVE-2015-1804 libXfont: out-of-bounds memory access in bdfReadCharacters

https://bugzilla.redhat.com/show_bug.cgi?id=1203719

--- Comment #1 from Martin Prpic mprpic@redhat.com ---

Created libXfont tracking bugs for this issue:

Affects: fedora-all [bug 1203720]

-- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=8synfSNzBe&a=cc_unsubscribe

Red Hat Bugzilla

2:17 p.m.

New subject: [Bug 1203719] CVE-2015-1804 libXfont: out-of-bounds memory access in bdfReadCharacters

https://bugzilla.redhat.com/show_bug.cgi?id=1203719

Martin Prpic mprpic@redhat.com changed:

What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1203722

-- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=YgpVl1DAJL&a=cc_unsubscribe

Red Hat Bugzilla

23 Mar 23 Mar

7:17 a.m.

New subject: [Bug 1203719] CVE-2015-1804 libXfont: out-of-bounds memory access in bdfReadCharacters

https://bugzilla.redhat.com/show_bug.cgi?id=1203719 Bug 1203719 depends on bug 1203720, which changed state.

Bug 1203720 Summary: CVE-2015-1804 CVE-2015-1802 CVE-2015-1803 libXfont: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1203720

-- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=s2PuZS31mz&a=cc_unsubscribe

Red Hat Bugzilla

7:17 a.m.

New subject: [Bug 1203719] CVE-2015-1804 libXfont: out-of-bounds memory access in bdfReadCharacters

https://bugzilla.redhat.com/show_bug.cgi?id=1203719

--- Comment #2 from Fedora Update System updates@fedoraproject.org --- libXfont-1.5.1-1.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.

-- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=9xfnDSq0sd&a=cc_unsubscribe

Red Hat Bugzilla

31 Mar 31 Mar

7:54 a.m.

New subject: [Bug 1203719] CVE-2015-1804 libXfont: out-of-bounds memory access in bdfReadCharacters

https://bugzilla.redhat.com/show_bug.cgi?id=1203719

Stefan Cornelius scorneli@redhat.com changed:

-- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=zarqgVe78T&a=cc_unsubscribe

Red Hat Bugzilla

4 Apr 4 Apr

3:15 p.m.

New subject: [Bug 1203719] CVE-2015-1804 libXfont: out-of-bounds memory access in bdfReadCharacters

https://bugzilla.redhat.com/show_bug.cgi?id=1203719

Taylor Frazier tfrazier@redhat.com changed:

What |Removed |Added ---------------------------------------------------------------------------- CC| |tfrazier@redhat.com

-- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=c03Ywy2Ddy&a=cc_unsubscribe

Red Hat Bugzilla

9 Apr 9 Apr

11:26 a.m.

New subject: [Bug 1203719] CVE-2015-1804 libXfont: out-of-bounds memory access in bdfReadCharacters

https://bugzilla.redhat.com/show_bug.cgi?id=1203719

Stefan Cornelius scorneli@redhat.com changed:

--- Doc Text *updated* --- An integer truncation flaw was discovered in the way libXfont processed certain Glyph Bitmap Distribution Format (BDF) fonts. A malicious, local user could exploit this issue to crash the X.Org server or potentially execute arbitrary code with the privileges of the X.Org server.

-- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=xtujckLE5D&a=cc_unsubscribe

Red Hat Bugzilla

11:47 a.m.

New subject: [Bug 1203719] CVE-2015-1804 libXfont: out-of-bounds memory access in bdfReadCharacters

https://bugzilla.redhat.com/show_bug.cgi?id=1203719

Stefan Cornelius scorneli@redhat.com changed:

-- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=l2zFWr6Q0o&a=cc_unsubscribe

Red Hat Bugzilla

10 Apr 10 Apr

2:27 p.m.

New subject: [Bug 1203719] CVE-2015-1804 libXfont: out-of-bounds memory access in bdfReadCharacters

https://bugzilla.redhat.com/show_bug.cgi?id=1203719

--- Doc Text *updated* by Martin Prpic mprpic@redhat.com --- An integer truncation flaw was discovered in the way libXfont processed certain Glyph Bitmap Distribution Format (BDF) fonts. A malicious, local user could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with the privileges of the X.Org server.

-- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=JYVNiSjcPS&a=cc_unsubscribe

Red Hat Bugzilla

13 Jul 13 Jul

8:02 a.m.

New subject: [Bug 1203719] CVE-2015-1804 libXfont: out-of-bounds memory access in bdfReadCharacters

https://bugzilla.redhat.com/show_bug.cgi?id=1203719

Peter Hutterer peter.hutterer@redhat.com changed:

What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1241939

Referenced Bugs:

https://bugzilla.redhat.com/show_bug.cgi?id=1241939 [Bug 1241939] bdftopcf: bdf input, xtfont4.bdf, corrupt

-- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=Hx1iUqjTQL&a=cc_unsubscribe

Red Hat Bugzilla

6:31 p.m.

New subject: [Bug 1203719] CVE-2015-1804 libXfont: out-of-bounds memory access in bdfReadCharacters

https://bugzilla.redhat.com/show_bug.cgi?id=1203719

Benjamin Tissoires btissoir@redhat.com changed:

What |Removed |Added ---------------------------------------------------------------------------- Blocks|1241939 |

Referenced Bugs:

https://bugzilla.redhat.com/show_bug.cgi?id=1241939 [Bug 1241939] bdftopcf: bdf input, xtfont4.bdf, corrupt

-- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=VvRwU8u2PP&a=cc_unsubscribe

Red Hat Bugzilla

1 Sep 1 Sep

2:19 p.m.

New subject: [Bug 1203719] CVE-2015-1804 libXfont: out-of-bounds memory access in bdfReadCharacters

https://bugzilla.redhat.com/show_bug.cgi?id=1203719

Stefan Cornelius scorneli@redhat.com changed:

What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1258892

-- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=VRtANB1o29&a=cc_unsubscribe _______________________________________________ fonts-bugs mailing list fonts-bugs@lists.fedoraproject.org http://lists.fedoraproject.org/postorius/fonts-bugs@lists.fedoraproject.org

Red Hat Bugzilla

2:19 p.m.

New subject: [Bug 1203719] CVE-2015-1804 libXfont: out-of-bounds memory access in bdfReadCharacters

https://bugzilla.redhat.com/show_bug.cgi?id=1203719

Stefan Cornelius scorneli@redhat.com changed:

What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1258893

-- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=1LERpedyya&a=cc_unsubscribe _______________________________________________ fonts-bugs mailing list fonts-bugs@lists.fedoraproject.org http://lists.fedoraproject.org/postorius/fonts-bugs@lists.fedoraproject.org

Red Hat Bugzilla

2:19 p.m.

New subject: [Bug 1203719] CVE-2015-1804 libXfont: out-of-bounds memory access in bdfReadCharacters

https://bugzilla.redhat.com/show_bug.cgi?id=1203719

Stefan Cornelius scorneli@redhat.com changed:

What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1258894

-- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=sVKlfTAynl&a=cc_unsubscribe _______________________________________________ fonts-bugs mailing list fonts-bugs@lists.fedoraproject.org http://lists.fedoraproject.org/postorius/fonts-bugs@lists.fedoraproject.org

Red Hat Bugzilla

2:20 p.m.

New subject: [Bug 1203719] CVE-2015-1804 libXfont: out-of-bounds memory access in bdfReadCharacters

https://bugzilla.redhat.com/show_bug.cgi?id=1203719

Stefan Cornelius scorneli@redhat.com changed:

What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1258895

-- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=kBcndBSyor&a=cc_unsubscribe _______________________________________________ fonts-bugs mailing list fonts-bugs@lists.fedoraproject.org http://lists.fedoraproject.org/postorius/fonts-bugs@lists.fedoraproject.org

Red Hat Bugzilla

3 Sep 3 Sep

12:26 p.m.

New subject: [Bug 1203719] CVE-2015-1804 libXfont: out-of-bounds memory access in bdfReadCharacters

https://bugzilla.redhat.com/show_bug.cgi?id=1203719

--- Comment #4 from errata-xmlrpc errata-xmlrpc@redhat.com --- This issue has been addressed in the following products:

Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 6

Via RHSA-2015:1708 https://rhn.redhat.com/errata/RHSA-2015-1708.html

-- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=KdkwIWvZ3t&a=cc_unsubscribe _______________________________________________ fonts-bugs mailing list fonts-bugs@lists.fedoraproject.org http://lists.fedoraproject.org/postorius/fonts-bugs@lists.fedoraproject.org

Red Hat Bugzilla

7 Sep 7 Sep

6:07 a.m.

New subject: [Bug 1203719] CVE-2015-1804 libXfont: out-of-bounds memory access in bdfReadCharacters

https://bugzilla.redhat.com/show_bug.cgi?id=1203719

ddu@redhat.com changed:

What |Removed |Added ---------------------------------------------------------------------------- CC| |ddu@redhat.com

--- Comment #5 from ddu@redhat.com --- Hi guys,

Does this problem CVE affect libXfont shipped with RHEL5?

Best regards, Dapeng

-- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=uv1buty5g8&a=cc_unsubscribe _______________________________________________ fonts-bugs mailing list fonts-bugs@lists.fedoraproject.org http://lists.fedoraproject.org/postorius/fonts-bugs@lists.fedoraproject.org

Red Hat Bugzilla

3:08 p.m.

New subject: [Bug 1203719] CVE-2015-1804 libXfont: out-of-bounds memory access in bdfReadCharacters

https://bugzilla.redhat.com/show_bug.cgi?id=1203719

Matt Goldman magoldma@redhat.com changed:

What |Removed |Added ---------------------------------------------------------------------------- CC| |magoldma@redhat.com

--- Comment #6 from Matt Goldman magoldma@redhat.com --- Dapeng,

Yes, from the whiteboard RHEL 5 is affected:

rhel-5/libXfont=affected

However, RHEL 5 has entered Production Phase 3 as of January 31, 2014. As per our errata policy:

"During the Production 3 Phase, Critical impact Security Advisories (RHSAs) and selected Urgent Priority Bug Fix Advisories (RHBAs) may be released as they become available." Red Hat Enterprise Linux Life Cycle https://access.redhat.com/support/policy/updates/errata#Production_3_Phase

This means that Red Hat will not be addressing Low, Moderate, or Important impact CVE's in relation to RHEL 5.

-- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=XxEqa0dA3K&a=cc_unsubscribe _______________________________________________ fonts-bugs mailing list fonts-bugs@lists.fedoraproject.org http://lists.fedoraproject.org/postorius/fonts-bugs@lists.fedoraproject.org

Red Hat Bugzilla

1 Oct 1 Oct

9:29 a.m.

New subject: [Bug 1203719] CVE-2015-1804 libXfont: out-of-bounds memory access in bdfReadCharacters

https://bugzilla.redhat.com/show_bug.cgi?id=1203719

Stefan Cornelius scorneli@redhat.com changed:

-- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=1Xx1T9C8Uq&a=cc_unsubscribe

3194

Age (days ago)

3390

Last active (days ago)

fonts-bugs@lists.fedoraproject.org

20 comments

1 participants

tags (0)

participants (1)

Red Hat Bugzilla