libXfont -- X Font Service Protocol and Font metadata file handling issues

Alan Coopersmith reports:

Ilja van Sprundel, a security researcher with IOActive, has
discovered several issues in the way the libXfont library
handles the responses it receives from xfs servers, and has
worked with X.Org’s security team to analyze, confirm, and fix
these issues.
Most of these issues stem from libXfont trusting the font server
to send valid protocol data, and not verifying that the values
will not overflow or cause other damage. This code is commonly
called from the X server when an X Font Server is active in the
font path, so may be running in a setuid-root process depending
on the X server in use. Exploits of this path could be used by
a local, authenticated user to attempt to raise privileges; or
by a remote attacker who can control the font server to attempt
to execute code with the privileges of the X server.