Security Information / 2011 / Security Information -- DSA-2293-1 libxfont

Debian Security Advisory

DSA-2293-1 libxfont -- buffer overflow

Date Reported:

12 Aug 2011

Affected Packages:

libxfont

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2011-2895.

More information:

Tomas Hoger found a buffer overflow in the X.Org libXfont library, which may allow for a local privilege escalation through crafted font files.

For the oldstable distribution (lenny), this problem has been fixed in version 1.3.3-2.

For the stable distribution (squeeze), this problem has been fixed in version 1.4.1-3.

For the unstable distribution (sid), this problem has been fixed in version 1.4.4-1.

We recommend that you upgrade your libxfont packages.