[Bug 1203718] New: CVE-2015-1803 libXfont: crash on invalid read in bdfReadCharacters

List overview All Threads
Download

newer

older

[Bug 1004717] Some characters are...

[Bug 1229198] New: [kn_IN]...

Red Hat Bugzilla

19 Mar 2015 19 Mar '15

9:11 a.m.

https://bugzilla.redhat.com/show_bug.cgi?id=1203718

Bug ID: 1203718 Summary: CVE-2015-1803 libXfont: crash on invalid read in bdfReadCharacters Product: Security Response Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team@redhat.com Reporter: mprpic@redhat.com CC: btissoir@redhat.com, fonts-bugs@lists.fedoraproject.org, sandmann@redhat.com

If the bdf parser failed to parse the data for the bitmap for any character, it would proceed with an invalid pointer to the bitmap data and later crash when trying to read the bitmap from that pointer.

A local user could exploit this issue to crash the X.Org server.

Upstream advisory:

http://seclists.org/oss-sec/2015/q1/865

Upstream patch:

http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=78c2e3d70d29698244f...

-- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=a6kgapYM62&a=cc_unsubscribe

Show replies by date

Red Hat Bugzilla

19 Mar 19 Mar

9:14 a.m.

New subject: [Bug 1203718] CVE-2015-1803 libXfont: crash on invalid read in bdfReadCharacters

https://bugzilla.redhat.com/show_bug.cgi?id=1203718

Martin Prpic mprpic@redhat.com changed:

What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1203720

Referenced Bugs:

https://bugzilla.redhat.com/show_bug.cgi?id=1203720 [Bug 1203720] CVE-2015-1802 libXfont: missing range check in bdfReadProperties [fedora-all]

-- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=o9QPO47XdO&a=cc_unsubscribe

Red Hat Bugzilla

9:15 a.m.

New subject: [Bug 1203718] CVE-2015-1803 libXfont: crash on invalid read in bdfReadCharacters

https://bugzilla.redhat.com/show_bug.cgi?id=1203718

--- Comment #1 from Martin Prpic mprpic@redhat.com ---

Created libXfont tracking bugs for this issue:

Affects: fedora-all [bug 1203720]

-- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=QMigIe7Cn5&a=cc_unsubscribe

Red Hat Bugzilla

9:17 a.m.

New subject: [Bug 1203718] CVE-2015-1803 libXfont: crash on invalid read in bdfReadCharacters

https://bugzilla.redhat.com/show_bug.cgi?id=1203718

Martin Prpic mprpic@redhat.com changed:

What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1203722

-- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=q3JCnix0gR&a=cc_unsubscribe

Red Hat Bugzilla

23 Mar 23 Mar

2:17 a.m.

New subject: [Bug 1203718] CVE-2015-1803 libXfont: crash on invalid read in bdfReadCharacters

https://bugzilla.redhat.com/show_bug.cgi?id=1203718 Bug 1203718 depends on bug 1203720, which changed state.

Bug 1203720 Summary: CVE-2015-1804 CVE-2015-1802 CVE-2015-1803 libXfont: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1203720

-- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=XhKHTLRNtW&a=cc_unsubscribe

Red Hat Bugzilla

2:17 a.m.

New subject: [Bug 1203718] CVE-2015-1803 libXfont: crash on invalid read in bdfReadCharacters

https://bugzilla.redhat.com/show_bug.cgi?id=1203718

--- Comment #2 from Fedora Update System updates@fedoraproject.org --- libXfont-1.5.1-1.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.

-- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=QrN9kH2CLO&a=cc_unsubscribe

Red Hat Bugzilla

4 Apr 4 Apr

9:14 a.m.

New subject: [Bug 1203718] CVE-2015-1803 libXfont: crash on invalid read in bdfReadCharacters

https://bugzilla.redhat.com/show_bug.cgi?id=1203718

Taylor Frazier tfrazier@redhat.com changed:

What |Removed |Added ---------------------------------------------------------------------------- CC| |tfrazier@redhat.com

-- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=5r1ZrJTBH4&a=cc_unsubscribe

Red Hat Bugzilla

9 Apr 9 Apr

5:25 a.m.

New subject: [Bug 1203718] CVE-2015-1803 libXfont: crash on invalid read in bdfReadCharacters

https://bugzilla.redhat.com/show_bug.cgi?id=1203718

--- Doc Text *updated* by Stefan Cornelius scorneli@redhat.com --- A NULL pointer dereference flaw was discovered in the way libXfont processed certain Glyph Bitmap Distribution Format (BDF) fonts. A malicious, local user could exploit this issue to crash the X.Org server.

-- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=odUlehXONw&a=cc_unsubscribe

Red Hat Bugzilla

5:44 a.m.

New subject: [Bug 1203718] CVE-2015-1803 libXfont: crash on invalid read in bdfReadCharacters

https://bugzilla.redhat.com/show_bug.cgi?id=1203718

Stefan Cornelius scorneli@redhat.com changed:

-- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=QkqEaLjLBY&a=cc_unsubscribe

Red Hat Bugzilla

10 Apr 10 Apr

8:26 a.m.

New subject: [Bug 1203718] CVE-2015-1803 libXfont: crash on invalid read in bdfReadCharacters

https://bugzilla.redhat.com/show_bug.cgi?id=1203718

--- Doc Text *updated* by Martin Prpic mprpic@redhat.com --- A NULL pointer dereference flaw was discovered in the way libXfont processed certain Glyph Bitmap Distribution Format (BDF) fonts. A malicious, local user could use this flaw to crash the X.Org server.

-- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=UdB9kRQmMx&a=cc_unsubscribe

Red Hat Bugzilla

1 Sep 1 Sep

8:18 a.m.

New subject: [Bug 1203718] CVE-2015-1803 libXfont: crash on invalid read in bdfReadCharacters

https://bugzilla.redhat.com/show_bug.cgi?id=1203718

Stefan Cornelius scorneli@redhat.com changed:

What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1258892

-- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=QCAm9ls8FA&a=cc_unsubscribe _______________________________________________ fonts-bugs mailing list fonts-bugs@lists.fedoraproject.org http://lists.fedoraproject.org/postorius/fonts-bugs@lists.fedoraproject.org

Red Hat Bugzilla

8:18 a.m.

New subject: [Bug 1203718] CVE-2015-1803 libXfont: crash on invalid read in bdfReadCharacters

https://bugzilla.redhat.com/show_bug.cgi?id=1203718

Stefan Cornelius scorneli@redhat.com changed:

What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1258893

-- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=j9NlmUDvuU&a=cc_unsubscribe _______________________________________________ fonts-bugs mailing list fonts-bugs@lists.fedoraproject.org http://lists.fedoraproject.org/postorius/fonts-bugs@lists.fedoraproject.org

Red Hat Bugzilla

8:18 a.m.

New subject: [Bug 1203718] CVE-2015-1803 libXfont: crash on invalid read in bdfReadCharacters

https://bugzilla.redhat.com/show_bug.cgi?id=1203718

Stefan Cornelius scorneli@redhat.com changed:

What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1258894

-- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=oOcs1RV48t&a=cc_unsubscribe _______________________________________________ fonts-bugs mailing list fonts-bugs@lists.fedoraproject.org http://lists.fedoraproject.org/postorius/fonts-bugs@lists.fedoraproject.org

Red Hat Bugzilla

8:19 a.m.

New subject: [Bug 1203718] CVE-2015-1803 libXfont: crash on invalid read in bdfReadCharacters

https://bugzilla.redhat.com/show_bug.cgi?id=1203718

Stefan Cornelius scorneli@redhat.com changed:

What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1258895

-- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=2fHGW3l7Wb&a=cc_unsubscribe _______________________________________________ fonts-bugs mailing list fonts-bugs@lists.fedoraproject.org http://lists.fedoraproject.org/postorius/fonts-bugs@lists.fedoraproject.org

Red Hat Bugzilla

3 Sep 3 Sep

6:26 a.m.

New subject: [Bug 1203718] CVE-2015-1803 libXfont: crash on invalid read in bdfReadCharacters

https://bugzilla.redhat.com/show_bug.cgi?id=1203718

--- Comment #4 from errata-xmlrpc errata-xmlrpc@redhat.com --- This issue has been addressed in the following products:

Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 6

Via RHSA-2015:1708 https://rhn.redhat.com/errata/RHSA-2015-1708.html

-- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=OUbfYmeGY3&a=cc_unsubscribe _______________________________________________ fonts-bugs mailing list fonts-bugs@lists.fedoraproject.org http://lists.fedoraproject.org/postorius/fonts-bugs@lists.fedoraproject.org

Red Hat Bugzilla

7 Sep 7 Sep

12:07 a.m.

New subject: [Bug 1203718] CVE-2015-1803 libXfont: crash on invalid read in bdfReadCharacters

https://bugzilla.redhat.com/show_bug.cgi?id=1203718

ddu@redhat.com changed:

What |Removed |Added ---------------------------------------------------------------------------- CC| |ddu@redhat.com

--- Comment #5 from ddu@redhat.com --- Hi guys,

Does this problem CVE affect libXfont shipped with RHEL5?

Best regards, Dapeng

-- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=gk8XMuDFr9&a=cc_unsubscribe _______________________________________________ fonts-bugs mailing list fonts-bugs@lists.fedoraproject.org http://lists.fedoraproject.org/postorius/fonts-bugs@lists.fedoraproject.org

Red Hat Bugzilla

9:08 a.m.

New subject: [Bug 1203718] CVE-2015-1803 libXfont: crash on invalid read in bdfReadCharacters

https://bugzilla.redhat.com/show_bug.cgi?id=1203718

Matt Goldman magoldma@redhat.com changed:

What |Removed |Added ---------------------------------------------------------------------------- CC| |magoldma@redhat.com

--- Comment #6 from Matt Goldman magoldma@redhat.com --- Dapeng,

Yes, from the whiteboard RHEL 5 is affected:

rhel-5/libXfont=affected

However, RHEL 5 has entered Production Phase 3 as of January 31, 2014. As per our errata policy:

"During the Production 3 Phase, Critical impact Security Advisories (RHSAs) and selected Urgent Priority Bug Fix Advisories (RHBAs) may be released as they become available." Red Hat Enterprise Linux Life Cycle https://access.redhat.com/support/policy/updates/errata#Production_3_Phase

This means that Red Hat will not be addressing Low, Moderate, or Important impact CVE's in relation to RHEL 5.

-- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=EDqUeh1iQs&a=cc_unsubscribe _______________________________________________ fonts-bugs mailing list fonts-bugs@lists.fedoraproject.org http://lists.fedoraproject.org/postorius/fonts-bugs@lists.fedoraproject.org

Red Hat Bugzilla

8 Sep 8 Sep

12:07 a.m.

New subject: [Bug 1203718] CVE-2015-1803 libXfont: crash on invalid read in bdfReadCharacters

https://bugzilla.redhat.com/show_bug.cgi?id=1203718

--- Comment #7 from ddu@redhat.com --- Hi Matt,

Thank you for your comment.

So there is some possibility that this problem will be fixed in rhel5, right?

But we can not guarantee that.

-- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=5QXV6ynqms&a=cc_unsubscribe _______________________________________________ fonts-bugs mailing list fonts-bugs@lists.fedoraproject.org http://lists.fedoraproject.org/postorius/fonts-bugs@lists.fedoraproject.org

Red Hat Bugzilla

8:06 a.m.

New subject: [Bug 1203718] CVE-2015-1803 libXfont: crash on invalid read in bdfReadCharacters

https://bugzilla.redhat.com/show_bug.cgi?id=1203718

--- Comment #8 from Matt Goldman magoldma@redhat.com --- Dapeng,

Correct. Likely, this will not be fixed in RHEL 5.

-- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=zGrpDYr1qF&a=cc_unsubscribe _______________________________________________ fonts-bugs mailing list fonts-bugs@lists.fedoraproject.org http://lists.fedoraproject.org/postorius/fonts-bugs@lists.fedoraproject.org

3576

Age (days ago)

3749

Last active (days ago)

fonts-bugs@lists.fedoraproject.org

18 comments

1 participants

tags (0)

participants (1)

Red Hat Bugzilla