UbuntuUpdates.org

Package "libxfont1-dbg"

Name: libxfont1-dbg

Description:

X11 font rasterisation library (debug package)
Latest version: 1:1.4.7-1ubuntu0.4
Release: trusty (14.04)
Level: security
Repository: main
Head package: libxfont

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libxfont1-dbg"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "libxfont1-dbg" in Trusty

Repository Area Version
base main 1:1.4.7-1
updates main 1:1.4.7-1ubuntu0.4

Changelog

Version: 1:1.4.7-1ubuntu0.4 2017-11-29 19:06:44 UTC

  libxfont (1:1.4.7-1ubuntu0.4) trusty-security; urgency=medium

  * SECURITY UPDATE: non-privileged arbitrary file access
    - debian/patches/CVE-2017-16611-pre.patch: set close-on-exec for font
      file I/O in src/fontfile/fileio.c, src/fontfile/filewr.c.
    - debian/patches/CVE-2017-16611.patch: open files with O_NOFOLLOW in
      src/fontfile/dirfile.c, src/fontfile/fileio.c.
    - CVE-2017-16611

 -- Marc Deslauriers <email address hidden> Wed, 29 Nov 2017 09:48:10 -0500
Source diff to previous version
CVE-2017-16611 Open files with O_NOFOLLOW

Version: 1:1.4.7-1ubuntu0.3 2017-10-10 16:06:56 UTC

  libxfont (1:1.4.7-1ubuntu0.3) trusty-security; urgency=medium

  * SECURITY UPDATE: invalid memory read in PatternMatch
    - debian/patches/CVE-2017-13720.patch: check for end of string in
      src/fontfile/fontdir.c.
    - CVE-2017-13720
  * SECURITY UPDATE: DoS or info leak via malformed PCF file
    - debian/patches/CVE-2017-13722.patch: check string boundaries in
      src/bitmap/pcfread.c.
    - CVE-2017-13722

 -- Marc Deslauriers <email address hidden> Fri, 06 Oct 2017 11:45:05 -0400
Source diff to previous version
CVE-2017-1372 IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScri

Version: 1:1.4.7-1ubuntu0.2 2015-03-18 16:07:34 UTC

  libxfont (1:1.4.7-1ubuntu0.2) trusty-security; urgency=medium

  * SECURITY UPDATE: arbitrary code exection via invalid property count
    - debian/patches/CVE-2015-1802.patch: check for integer overflow in
      src/bitmap/bdfread.c.
    - CVE-2015-1802
  * SECURITY UPDATE: arbitrary code execution via bitmap data parse failure
    - debian/patches/CVE-2015-1803.patch: bail out if bitmap can't be read
      in src/bitmap/bdfread.c.
    - CVE-2015-1803
  * SECURITY UPDATE: arbitrary code execution via invalid metrics
    - debian/patches/CVE-2015-1804.patch: ensure metrics fit in struct in
      src/bitmap/bdfread.c.
    - CVE-2015-1804
  * Backport some commits from git to solve ftbfs with newer fontsproto:
    - debian/patches/ftbfs-new-fontsproto.patch
    - debian/patches/ftbfs-new-fontsproto-2.patch
 -- Marc Deslauriers <email address hidden> Wed, 18 Mar 2015 07:32:09 -0400
Source diff to previous version
CVE-2015-1802 bdfReadProperties: property count needs range check
CVE-2015-1803 bdfReadCharacters: bailout if a char's bitmap cannot be read
CVE-2015-1804 bdfReadCharacters: ensure metrics fit into xCharInfo struct

Version: 1:1.4.7-1ubuntu0.1 2014-05-14 15:07:21 UTC

  libxfont (1:1.4.7-1ubuntu0.1) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service and possible code execution via
    font metadata file parsing
    - debian/patches/CVE-2014-0209.patch: check for overflows in
      src/fontfile/dirfile.c, src/fontfile/fontdir.c.
    - CVE-2014-0209
  * SECURITY UPDATE: denial of service and possible code execution via
    xfs font server replies
    - debian/patches/CVE-2014-021x.patch: check lengths and sizes in
      src/fc/fsconvert.c, src/fc/fserve.c.
    - CVE-2014-0210
    - CVE-2014-0211
 -- Marc Deslauriers <email address hidden> Tue, 13 May 2014 11:57:20 -0400
CVE-2014-0209 integer overflow of allocations in font metadata file parsing
CVE-2014-0210 unvalidated length fields when parsing xfs protocol replies
CVE-2014-0211 integer overflows calculating memory needs for xfs replies


About   -   Send Feedback to @ubuntu_updates