__________________________________________________________
The U.S. Department of Energy
Computer Incident Advisory Capability
___ __ __ _ ___
/ | /_\ /
\___ __|__ / \ \___
__________________________________________________________
INFORMATION BULLETIN
libXfont Security Update
[Red Hat RHSA-2007:0132-3]
April 4, 2007 18:00 GMT Number R-196
[REVISED 19 Apr 2007]
[REVISED 10 Jan 2008]
______________________________________________________________________________
PROBLEM: There are two integer overflows in the way X.org handled
various font files.
PLATFORM: Red Hat Desktop (v. 3, v. 4)
Red Hat Enterprise Linux AS, ES, WS (v. 2.1, v. 3, v. 4)
RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
Debian GNU/Linux 4.0 (stable)
DAMAGE: Could potentially execute arbitrary code with the privileges of
the X.org server.
SOLUTION: Upgrade to the appropriate version.
______________________________________________________________________________
VULNERABILITY The risk is MEDIUM. A malicious local user could exploit these
ASSESSMENT: issues to potentially execute arbitrary code with the
privileges of the X.org server.
______________________________________________________________________________
LINKS:
CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/r-196.shtml
ORIGINAL BULLETIN: https://rhn.redhat.com/errata/RHSA-2007-0132.html
ADDITIONAL LINKS: https://rhn.redhat.com/errata/RHSA-2007-0150.html
http://www.debian.org/security/2008/dsa-1454
CVE: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=
CVE-2007-1351 CVE-2007-1352
______________________________________________________________________________
REVISION HISTORY:
04/19/2007 - revised R-196 to add a link to Red Hat RHSA-2007:0150-2 Red Hat Desktop
(v. 3, v. 4) , Red Hat Enterprise Linux AS, ES, WS (v. 2.1, v. 3, v. 4),
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor, RHEL
Desktop Workstation (v. 5 client), Red Hat Enterprise Linux (v. 5 server),
and Red Hat Enterprise Linux Desktop (v. 5 client).
01/10/2008 - revised R-196 to add a link to Debian Security Advisory DSA-1454-1 for
Debian GNU/Linux 4.0 (stable).
[***** Start Red Hat RHSA-2007:0132-3 *****]
Important: libXfont security update
Advisory: RHSA-2007:0132-3
Type: Security Advisory
Severity: Important
Issued on: 2007-04-03
Last updated on: 2007-04-03
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
OVAL: com.redhat.rhsa-20070132.xml
CVEs (cve.mitre.org): CVE-2007-1351
CVE-2007-1352
Details
Updated X.org libXfont packages that fix a security issue are now available
for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
X.org is an open source implementation of the X Window System. It provides
the basic low-level functionality that full-fledged graphical user
interfaces are designed upon.
iDefense reported two integer overflows in the way X.org handled various
font files. A malicious local user could exploit these issues to
potentially execute arbitrary code with the privileges of the X.org server.
(CVE-2007-1351, CVE-2007-1352)
Users of X.org libXfont should upgrade to these updated packages, which
contain a backported patch and are not vulnerable to this issue.
Solution
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188
Updated packages
RHEL Desktop Workstation (v. 5 client)
--------------------------------------------------------------------------------
IA-32:
libXfont-devel-1.2.2-1.0.2.el5.i386.rpm a79829992fad2158b5b3f1f37e917d05
x86_64:
libXfont-devel-1.2.2-1.0.2.el5.i386.rpm a79829992fad2158b5b3f1f37e917d05
libXfont-devel-1.2.2-1.0.2.el5.x86_64.rpm a4f8fc9719241360073507e5ee4f71eb
Red Hat Enterprise Linux (v. 5 server)
--------------------------------------------------------------------------------
SRPMS:
libXfont-1.2.2-1.0.2.el5.src.rpm cebbaf955689613a4da4a13e70048bc9
IA-32:
libXfont-1.2.2-1.0.2.el5.i386.rpm 4353d56aeba21ccafa8f1bbf0c657a44
libXfont-devel-1.2.2-1.0.2.el5.i386.rpm a79829992fad2158b5b3f1f37e917d05
IA-64:
libXfont-1.2.2-1.0.2.el5.ia64.rpm 816dec2b8f2a72d5ab47afad494ce128
libXfont-devel-1.2.2-1.0.2.el5.ia64.rpm b467c7ec1bd61bdfa55118c658d64c66
PPC:
libXfont-1.2.2-1.0.2.el5.ppc.rpm 1d6311c46bd83b598083d415937adb2e
libXfont-1.2.2-1.0.2.el5.ppc64.rpm 0331576de1d63b54159c16564d69c098
libXfont-devel-1.2.2-1.0.2.el5.ppc.rpm 4eb2668a3160e080ba4cd5ea5b66f553
libXfont-devel-1.2.2-1.0.2.el5.ppc64.rpm 537c0b1ce6e6fa60efa9e341fa056776
s390x:
libXfont-1.2.2-1.0.2.el5.s390.rpm 2ec26a64f65361dc4586fe48a02aedd6
libXfont-1.2.2-1.0.2.el5.s390x.rpm ff4bab53c981c8da60911edebbf7b9c6
libXfont-devel-1.2.2-1.0.2.el5.s390.rpm 10e487c8f8a608d5e73a5148789a44ce
libXfont-devel-1.2.2-1.0.2.el5.s390x.rpm 3a87733755c9e8cd117aadee9eea56d1
x86_64:
libXfont-1.2.2-1.0.2.el5.i386.rpm 4353d56aeba21ccafa8f1bbf0c657a44
libXfont-1.2.2-1.0.2.el5.x86_64.rpm 8921098af8f63c467e03faf813de0501
libXfont-devel-1.2.2-1.0.2.el5.i386.rpm a79829992fad2158b5b3f1f37e917d05
libXfont-devel-1.2.2-1.0.2.el5.x86_64.rpm a4f8fc9719241360073507e5ee4f71eb
Red Hat Enterprise Linux Desktop (v. 5 client)
--------------------------------------------------------------------------------
SRPMS:
libXfont-1.2.2-1.0.2.el5.src.rpm cebbaf955689613a4da4a13e70048bc9
IA-32:
libXfont-1.2.2-1.0.2.el5.i386.rpm 4353d56aeba21ccafa8f1bbf0c657a44
x86_64:
libXfont-1.2.2-1.0.2.el5.i386.rpm 4353d56aeba21ccafa8f1bbf0c657a44
libXfont-1.2.2-1.0.2.el5.x86_64.rpm 8921098af8f63c467e03faf813de0501
(The unlinked packages above are only available from the Red Hat Network)
Bugs fixed (see bugzilla for more information)
234058 - CVE-2007-1351 Multiple font integer overflows (CVE-2007-1352)
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1351
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1352
http://www.redhat.com/security/updates/classification/#important
--------------------------------------------------------------------------------
These packages are GPG signed by Red Hat for security. Our key and details on how
to verify the signature are available from:
https://www.redhat.com/security/team/key/#package
The Red Hat security contact is secalert@redhat.com. More contact details at
http://www.redhat.com/security/team/contact/
[***** End Red Hat RHSA-2007:0132-3 *****]
_______________________________________________________________________________
CIAC wishes to acknowledge the contributions of Red Hat for the
information contained in this bulletin.
_______________________________________________________________________________
CIAC, the Computer Incident Advisory Capability, is the computer
security incident response team for the U.S. Department of Energy
(DOE) and the emergency backup response team for the National
Institutes of Health (NIH). CIAC is located at the Lawrence Livermore
National Laboratory in Livermore, California. CIAC is also a founding
member of FIRST, the Forum of Incident Response and Security Teams, a
global organization established to foster cooperation and coordination
among computer security teams worldwide.
CIAC services are available to DOE, DOE contractors, and the NIH. CIAC
can be contacted at:
Voice: +1 925-422-8193 (7x24)
FAX: +1 925-423-8002
STU-III: +1 925-423-2604
E-mail: ciac@ciac.org
Previous CIAC notices, anti-virus software, and other information are
available from the CIAC Computer Security Archive.
World Wide Web: http://www.ciac.org/
Anonymous FTP: ftp.ciac.org
PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing
communities receive CIAC bulletins. If you are not part of these
communities, please contact your agency's response team to report
incidents. Your agency's team will coordinate with CIAC. The Forum of
Incident Response and Security Teams (FIRST) is a world-wide
organization. A list of FIRST member organizations and their
constituencies can be obtained via WWW at http://www.first.org/.
This document was prepared as an account of work sponsored by an
agency of the United States Government. Neither the United States
Government nor the University of California nor any of their
employees, makes any warranty, express or implied, or assumes any
legal liability or responsibility for the accuracy, completeness, or
usefulness of any information, apparatus, product, or process
disclosed, or represents that its use would not infringe privately
owned rights. Reference herein to any specific commercial products,
process, or service by trade name, trademark, manufacturer, or
otherwise, does not necessarily constitute or imply its endorsement,
recommendation or favoring by the United States Government or the
University of California. The views and opinions of authors expressed
herein do not necessarily state or reflect those of the United States
Government or the University of California, and shall not be used for
advertising or product endorsement purposes.
LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC)
R-186: Lookup-el
R-187: OpenOffice.org Security Update
R-188: InterActual Player SyscheckObject ActiveX Vulnerability
R-189: tcpdump Security Vulnerability
R-190: Network Audio System Vulnerabilties
R-191: Multiple Cisco Unified CallManager and Presence Server Denial of Service Vulnerabilities
R-192: Vulnerabilities in Graphics Rendering Engine (GDI)
R-193: krb5 Security Update
R-194: XFree86 Security Update
R-195: xorg-x11-server Security Update