USN-2536-1: libXfont vulnerabilities

18 March 2015

libXfont could be made to crash or run programs as an administrator if it opened a specially crafted bdf font file.

Releases

Packages

  • libxfont - X11 font rasterisation library

Details

Ilja van Sprundel, Alan Coopersmith, and William Robinet discovered that
libXfont incorrectly handled malformed bdf fonts. A local attacker could
use this issue to cause libXfont to crash, or possibly execute arbitrary
code in order to gain privileges.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.10
Ubuntu 14.04
Ubuntu 12.04
Ubuntu 10.04

After a standard system update you need to reboot your computer to make
all the necessary changes.