Some buffer overflows were discovered in the CID font parser, potentially resulting in the execution of arbitrary code with elevated privileges.
|Package||x11-libs/libXfont on all architectures|
|Affected versions||< 1.2.1|
|Unaffected versions||>= 1.2.1|
|Package||x11-base/xorg-x11 on all architectures|
|Affected versions||< 7.0|
|Unaffected versions||>= 7.0|
libXfont is the X.Org Xfont library, some parts are based on the FreeType code base.
Several integer overflows have been found in the CID font parser.
A remote attacker could exploit this vulnerability by enticing a user to load a malicious font file resulting in the execution of arbitrary code with the permissions of the user running the X server which typically is the root user. A local user could exploit this vulnerability to gain elevated privileges.
Disable CID-encoded Type 1 fonts by removing the "type1" module and replacing it with the "freetype" module in xorg.conf.
All libXfont users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=x11-libs/libXfont-1.2.1"
All monolithic X.org users are advised to migrate to modular X.org.
September 13, 2006
September 13, 2006: 01
local and remote