CentOS Errata and Security Advisory CESA-2008:0064
The libXfont package contains the X.Org X11 libXfont runtime library.
A heap based buffer overflow flaw was found in the way the X.Org server handled malformed font files. A malicious local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. (CVE-2008-0006)
Users of X.Org libXfont should upgrade to these updated packages, which contain a backported patch to resolve this issue.
Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2008-January/014622.html http://lists.centos.org/pipermail/centos-announce/2008-January/014623.html
Affected packages: libXfont libXfont-devel
Upstream details at: https://rhn.redhat.com/errata/RHSA-2008-0064.html