|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200609-07] LibXfont, monolithic X.org: Multiple integer overflows Vulnerability Scan
Vulnerability Scan Summary LibXfont, monolithic X.org: Multiple integer overflows
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200609-07
(LibXfont, monolithic X.org: Multiple integer overflows)
Several integer overflows have been found in the CID font parser.
Impact
A remote attacker could exploit this vulnerability by enticing a user
to load a malicious font file resulting in the execution of arbitrary
code with the permissions of the user running the X server which
typically is the root user. A local user could exploit this
vulnerability to gain elevated rights.
Workaround
Disable CID-encoded Type 1 fonts by removing the "type1" module and
replacing it with the "freetype" module in xorg.conf.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-3739
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-3740
Solution:
All libXfont users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-libs/libXfont-1.2.1"
All monolithic X.org users are advised to migrate to modular X.org.
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|