Medium: libXfont

Issue Overview:

Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs reply, which triggers a buffer overflow.

Multiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs protocol reply to the (1) _fs_recv_conn_setup, (2) fs_read_open_font, (3) fs_read_query_info, (4) fs_read_extent_info, (5) fs_read_glyphs, (6) fs_read_list, or (7) fs_read_list_info function.

Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffer overflow, related to metadata.

Affected Packages:

libXfont

Issue Correction:
Run yum update libXfont to update your system.

New Packages:

i686:  
    libXfont-1.4.5-3.9.amzn1.i686  
    libXfont-devel-1.4.5-3.9.amzn1.i686  
    libXfont-debuginfo-1.4.5-3.9.amzn1.i686  
  
src:  
    libXfont-1.4.5-3.9.amzn1.src  
  
x86_64:  
    libXfont-1.4.5-3.9.amzn1.x86_64  
    libXfont-debuginfo-1.4.5-3.9.amzn1.x86_64  
    libXfont-devel-1.4.5-3.9.amzn1.x86_64  

Additional References

Red Hat: CVE-2014-0209, CVE-2014-0210, CVE-2014-0211

Mitre: CVE-2014-0209, CVE-2014-0210, CVE-2014-0211