Security Advisory Important: libXfont security update

Advisory: RHSA-2007:0132-3
Type: Security Advisory
Severity: Important
Issued on: 2007-04-03
Last updated on: 2007-04-03
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
OVAL: com.redhat.rhsa-20070132.xml
CVEs (cve.mitre.org): CVE-2007-1351
CVE-2007-1352

Details

Updated X.org libXfont packages that fix a security issue are now available
for Red Hat Enterprise Linux 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

X.org is an open source implementation of the X Window System. It provides
the basic low-level functionality that full-fledged graphical user
interfaces are designed upon.

iDefense reported two integer overflows in the way X.org handled various
font files. A malicious local user could exploit these issues to
potentially execute arbitrary code with the privileges of the X.org server.
(CVE-2007-1351, CVE-2007-1352)

Users of X.org libXfont should upgrade to these updated packages, which
contain a backported patch and are not vulnerable to this issue.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

RHEL Desktop Workstation (v. 5 client)
SRPMS:
libXfont-1.2.2-1.0.2.el5.src.rpm
File outdated by:  RHSA-2008:0064		     cebbaf955689613a4da4a13e70048bc9
 
IA-32:
libXfont-devel-1.2.2-1.0.2.el5.i386.rpm
File outdated by:  RHSA-2008:0064		     a79829992fad2158b5b3f1f37e917d05
 
x86_64:
libXfont-devel-1.2.2-1.0.2.el5.i386.rpm
File outdated by:  RHSA-2008:0064		     a79829992fad2158b5b3f1f37e917d05
libXfont-devel-1.2.2-1.0.2.el5.x86_64.rpm
File outdated by:  RHSA-2008:0064		     a4f8fc9719241360073507e5ee4f71eb
 
Red Hat Enterprise Linux (v. 5 server)
SRPMS:
libXfont-1.2.2-1.0.2.el5.src.rpm
File outdated by:  RHSA-2008:0064		     cebbaf955689613a4da4a13e70048bc9
 
IA-32:
libXfont-1.2.2-1.0.2.el5.i386.rpm
File outdated by:  RHSA-2008:0064		     4353d56aeba21ccafa8f1bbf0c657a44
libXfont-devel-1.2.2-1.0.2.el5.i386.rpm
File outdated by:  RHSA-2008:0064		     a79829992fad2158b5b3f1f37e917d05
 
IA-64:
libXfont-1.2.2-1.0.2.el5.ia64.rpm
File outdated by:  RHSA-2008:0064		     816dec2b8f2a72d5ab47afad494ce128
libXfont-devel-1.2.2-1.0.2.el5.ia64.rpm
File outdated by:  RHSA-2008:0064		     b467c7ec1bd61bdfa55118c658d64c66
 
PPC:
libXfont-1.2.2-1.0.2.el5.ppc.rpm
File outdated by:  RHSA-2008:0064		     1d6311c46bd83b598083d415937adb2e
libXfont-1.2.2-1.0.2.el5.ppc64.rpm
File outdated by:  RHSA-2008:0064		     0331576de1d63b54159c16564d69c098
libXfont-devel-1.2.2-1.0.2.el5.ppc.rpm
File outdated by:  RHSA-2008:0064		     4eb2668a3160e080ba4cd5ea5b66f553
libXfont-devel-1.2.2-1.0.2.el5.ppc64.rpm
File outdated by:  RHSA-2008:0064		     537c0b1ce6e6fa60efa9e341fa056776
 
s390x:
libXfont-1.2.2-1.0.2.el5.s390.rpm
File outdated by:  RHSA-2008:0064		     2ec26a64f65361dc4586fe48a02aedd6
libXfont-1.2.2-1.0.2.el5.s390x.rpm
File outdated by:  RHSA-2008:0064		     ff4bab53c981c8da60911edebbf7b9c6
libXfont-devel-1.2.2-1.0.2.el5.s390.rpm
File outdated by:  RHSA-2008:0064		     10e487c8f8a608d5e73a5148789a44ce
libXfont-devel-1.2.2-1.0.2.el5.s390x.rpm
File outdated by:  RHSA-2008:0064		     3a87733755c9e8cd117aadee9eea56d1
 
x86_64:
libXfont-1.2.2-1.0.2.el5.i386.rpm
File outdated by:  RHSA-2008:0064		     4353d56aeba21ccafa8f1bbf0c657a44
libXfont-1.2.2-1.0.2.el5.x86_64.rpm
File outdated by:  RHSA-2008:0064		     8921098af8f63c467e03faf813de0501
libXfont-devel-1.2.2-1.0.2.el5.i386.rpm
File outdated by:  RHSA-2008:0064		     a79829992fad2158b5b3f1f37e917d05
libXfont-devel-1.2.2-1.0.2.el5.x86_64.rpm
File outdated by:  RHSA-2008:0064		     a4f8fc9719241360073507e5ee4f71eb
 
Red Hat Enterprise Linux Desktop (v. 5 client)
SRPMS:
libXfont-1.2.2-1.0.2.el5.src.rpm
File outdated by:  RHSA-2008:0064		     cebbaf955689613a4da4a13e70048bc9
 
IA-32:
libXfont-1.2.2-1.0.2.el5.i386.rpm
File outdated by:  RHSA-2008:0064		     4353d56aeba21ccafa8f1bbf0c657a44
 
x86_64:
libXfont-1.2.2-1.0.2.el5.i386.rpm
File outdated by:  RHSA-2008:0064		     4353d56aeba21ccafa8f1bbf0c657a44
libXfont-1.2.2-1.0.2.el5.x86_64.rpm
File outdated by:  RHSA-2008:0064		     8921098af8f63c467e03faf813de0501
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

234058 - CVE-2007-1351 Multiple font integer overflows (CVE-2007-1352)


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1351
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1352
http://www.redhat.com/security/updates/classification/#important

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/