USN-2211-1: libXfont vulnerabilities
14 May 2014
Several security issues were fixed in libXfont.
- libxfont - X11 font rasterisation library
Ilja van Sprundel discovered that libXfont incorrectly handled font
metadata file parsing. A local attacker could use this issue to cause
libXfont to crash, or possibly execute arbitrary code in order to gain
Ilja van Sprundel discovered that libXfont incorrectly handled X Font
Server replies. A malicious font server could return specially-crafted data
that could cause libXfont to crash, or possibly execute arbitrary code.
This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, Ubuntu 12.10
and Ubuntu 13.10. (CVE-2014-0210, CVE-2014-0211)
The problem can be corrected by updating your system to the following package versions:
After a standard system update you need to reboot your computer to make
all the necessary changes.