> -----Original Message----- > From: Burton, Ross [mailto:ross.bur...@intel.com] > Sent: Wednesday, July 23, 2014 4:27 PM > To: Huang, Jie (Jackie) > Cc: OE-core > Subject: Re: [OE-core] [PATCH] libxfont: fix for CVE-2014-0209 CVE-2014-0210 > CVE-2014-0211 > > On 23 July 2014 09:04, <jackie.hu...@windriver.com> wrote: > > 0001-CVE-2014-0209-integer-overflow-of-realloc-size-in-Fo.patch > > CVE-2014-0209: > > Multiple integer overflows in the (1) FontFileAddEntry and > > (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x > > before 1.4.99.901 might allow local users to gain privileges by adding > > a directory with a large fonts.dir or fonts.alias file to the font > > path, which triggers a heap-based buffer overflow, related to > > metadata. > > > > CVE-2014-0210: > > Multiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x > > before 1.4.99.901 allow remote font servers to execute arbitrary code > > via a crafted xfs protocol reply to the > > (1) _fs_recv_conn_setup, (2) fs_read_open_font, > > (3) fs_read_query_info, (4) fs_read_extent_info, > > (5) fs_read_glyphs, (6) fs_read_list, or > > (7) fs_read_list_info function. > > > > CVE-2014-0211: > > Multiple integer overflows in the (1) fs_get_reply, > > (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org > > libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font > > servers to execute arbitrary code via a crafted xfs reply, which > > triggers a buffer overflow. > > I sent an upgrade to 1.5.0 yesterday, which has all of these integrated.
Oh, sorry I didn't notice that, thanks for reminding. Thanks, Jackie > > Ross -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
