Overview

File _patchinfo of Package patchinfo.2823

<patchinfo>
  <issue id="857544" tracker="bnc">VUL-0: libxfont: multiple issues</issue>
  <issue id="CVE-2014-0211" tracker="cve" />
  <issue id="CVE-2014-0210" tracker="cve" />
  <issue id="CVE-2014-0209" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>michalsrb</packager>
  <description>libxfont was updated to fix multiple vulnerabilities:
- Integer overflow of allocations in font metadata file parsing (CVE-2014-0209).
- Unvalidated length fields when parsing xfs protocol replies (CVE-2014-0210).
- Integer overflows calculating memory needs for xfs replies (CVE-2014-0211).

These vulnerabilities could be used by a local, authenticated user to raise privileges
or by a remote attacker with control of the font server to execute code with the
privileges of the X server.
</description>
  <summary>libXfont: Fixed multiple vulnerabilities</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places