Skip to navigation

Security Advisory Important: libXfont security update

Advisory: RHSA-2008:0064-5
Type: Security Advisory
Severity: Important
Issued on: 2008-01-17
Last updated on: 2008-01-17
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux EUS (v. 5.1.z server)
CVEs (cve.mitre.org): CVE-2008-0006

Details

An updated X.Org libXfont package that fixes a security issue is now
available for Red Hat Enterprise Linux 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

The libXfont package contains the X.Org X11 libXfont runtime library.

A heap based buffer overflow flaw was found in the way the X.Org server
handled malformed font files. A malicious local user could exploit this
issue to potentially execute arbitrary code with the privileges of the
X.Org server. (CVE-2008-0006)

Users of X.Org libXfont should upgrade to these updated packages, which
contain a backported patch to resolve this issue.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
libXfont-1.2.2-1.0.3.el5_1.src.rpm
File outdated by:  RHSA-2014:0018
    MD5: 0492a93edeea11bd29f587cf9360f698
 
IA-32:
libXfont-devel-1.2.2-1.0.3.el5_1.i386.rpm
File outdated by:  RHSA-2014:0018
    MD5: 503a70921dbe1c42d0d6b994c5185a88
 
x86_64:
libXfont-devel-1.2.2-1.0.3.el5_1.i386.rpm
File outdated by:  RHSA-2014:0018
    MD5: 503a70921dbe1c42d0d6b994c5185a88
libXfont-devel-1.2.2-1.0.3.el5_1.x86_64.rpm
File outdated by:  RHSA-2014:0018
    MD5: 7fbcf5b57c7cb1c68e20c2f86ff9268d
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
libXfont-1.2.2-1.0.3.el5_1.src.rpm
File outdated by:  RHSA-2014:0018
    MD5: 0492a93edeea11bd29f587cf9360f698
 
IA-32:
libXfont-1.2.2-1.0.3.el5_1.i386.rpm
File outdated by:  RHSA-2014:0018
    MD5: c9d7452db4224644ee0e598ae380f5b1
libXfont-devel-1.2.2-1.0.3.el5_1.i386.rpm
File outdated by:  RHSA-2014:0018
    MD5: 503a70921dbe1c42d0d6b994c5185a88
 
IA-64:
libXfont-1.2.2-1.0.3.el5_1.ia64.rpm
File outdated by:  RHSA-2014:0018
    MD5: 0a8f5550281549cd1d9b78bcfb4bffe7
libXfont-devel-1.2.2-1.0.3.el5_1.ia64.rpm
File outdated by:  RHSA-2014:0018
    MD5: b0eb40916cf6b63d6b9406e2dea44759
 
PPC:
libXfont-1.2.2-1.0.3.el5_1.ppc.rpm
File outdated by:  RHSA-2014:0018
    MD5: 9b4699ef5f446e9ab99fa0def66d7261
libXfont-1.2.2-1.0.3.el5_1.ppc64.rpm
File outdated by:  RHSA-2014:0018
    MD5: 80be7341879ab3a5294992239b975513
libXfont-devel-1.2.2-1.0.3.el5_1.ppc.rpm
File outdated by:  RHSA-2014:0018
    MD5: e0e22b97c99b3292f8395999b6c683b2
libXfont-devel-1.2.2-1.0.3.el5_1.ppc64.rpm
File outdated by:  RHSA-2014:0018
    MD5: 06ad724b7439bcd078bbe5848cdf369d
 
s390x:
libXfont-1.2.2-1.0.3.el5_1.s390.rpm
File outdated by:  RHSA-2014:0018
    MD5: 15b22dd75fa15212fa9a6a4e117fa496
libXfont-1.2.2-1.0.3.el5_1.s390x.rpm
File outdated by:  RHSA-2014:0018
    MD5: 021f357ddd4405073364ffcfa1ec94ef
libXfont-devel-1.2.2-1.0.3.el5_1.s390.rpm
File outdated by:  RHSA-2014:0018
    MD5: 20dd2604f5d149928503cb5668b80e57
libXfont-devel-1.2.2-1.0.3.el5_1.s390x.rpm
File outdated by:  RHSA-2014:0018
    MD5: 73170b10de857d0a42829f545d2a9781
 
x86_64:
libXfont-1.2.2-1.0.3.el5_1.i386.rpm
File outdated by:  RHSA-2014:0018
    MD5: c9d7452db4224644ee0e598ae380f5b1
libXfont-1.2.2-1.0.3.el5_1.x86_64.rpm
File outdated by:  RHSA-2014:0018
    MD5: 0f4dfe24f11dee8fbb1ade10e7c5a801
libXfont-devel-1.2.2-1.0.3.el5_1.i386.rpm
File outdated by:  RHSA-2014:0018
    MD5: 503a70921dbe1c42d0d6b994c5185a88
libXfont-devel-1.2.2-1.0.3.el5_1.x86_64.rpm
File outdated by:  RHSA-2014:0018
    MD5: 7fbcf5b57c7cb1c68e20c2f86ff9268d
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
libXfont-1.2.2-1.0.3.el5_1.src.rpm
File outdated by:  RHSA-2014:0018
    MD5: 0492a93edeea11bd29f587cf9360f698
 
IA-32:
libXfont-1.2.2-1.0.3.el5_1.i386.rpm
File outdated by:  RHSA-2014:0018
    MD5: c9d7452db4224644ee0e598ae380f5b1
 
x86_64:
libXfont-1.2.2-1.0.3.el5_1.i386.rpm
File outdated by:  RHSA-2014:0018
    MD5: c9d7452db4224644ee0e598ae380f5b1
libXfont-1.2.2-1.0.3.el5_1.x86_64.rpm
File outdated by:  RHSA-2014:0018
    MD5: 0f4dfe24f11dee8fbb1ade10e7c5a801
 
Red Hat Enterprise Linux EUS (v. 5.1.z server)

SRPMS:
libXfont-1.2.2-1.0.3.el5_1.src.rpm
File outdated by:  RHSA-2014:0018
    MD5: 0492a93edeea11bd29f587cf9360f698
 
IA-32:
libXfont-1.2.2-1.0.3.el5_1.i386.rpm     MD5: c9d7452db4224644ee0e598ae380f5b1
libXfont-devel-1.2.2-1.0.3.el5_1.i386.rpm     MD5: 503a70921dbe1c42d0d6b994c5185a88
 
IA-64:
libXfont-1.2.2-1.0.3.el5_1.ia64.rpm     MD5: 0a8f5550281549cd1d9b78bcfb4bffe7
libXfont-devel-1.2.2-1.0.3.el5_1.ia64.rpm     MD5: b0eb40916cf6b63d6b9406e2dea44759
 
PPC:
libXfont-1.2.2-1.0.3.el5_1.ppc.rpm     MD5: 9b4699ef5f446e9ab99fa0def66d7261
libXfont-1.2.2-1.0.3.el5_1.ppc64.rpm     MD5: 80be7341879ab3a5294992239b975513
libXfont-devel-1.2.2-1.0.3.el5_1.ppc.rpm     MD5: e0e22b97c99b3292f8395999b6c683b2
libXfont-devel-1.2.2-1.0.3.el5_1.ppc64.rpm     MD5: 06ad724b7439bcd078bbe5848cdf369d
 
s390x:
libXfont-1.2.2-1.0.3.el5_1.s390.rpm     MD5: 15b22dd75fa15212fa9a6a4e117fa496
libXfont-1.2.2-1.0.3.el5_1.s390x.rpm     MD5: 021f357ddd4405073364ffcfa1ec94ef
libXfont-devel-1.2.2-1.0.3.el5_1.s390.rpm     MD5: 20dd2604f5d149928503cb5668b80e57
libXfont-devel-1.2.2-1.0.3.el5_1.s390x.rpm     MD5: 73170b10de857d0a42829f545d2a9781
 
x86_64:
libXfont-1.2.2-1.0.3.el5_1.i386.rpm     MD5: c9d7452db4224644ee0e598ae380f5b1
libXfont-1.2.2-1.0.3.el5_1.x86_64.rpm     MD5: 0f4dfe24f11dee8fbb1ade10e7c5a801
libXfont-devel-1.2.2-1.0.3.el5_1.i386.rpm     MD5: 503a70921dbe1c42d0d6b994c5185a88
libXfont-devel-1.2.2-1.0.3.el5_1.x86_64.rpm     MD5: 7fbcf5b57c7cb1c68e20c2f86ff9268d
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

428044 - CVE-2008-0006 Xorg / XFree86 PCF font parser buffer overflow


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/