9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.012 Low
EPSS
Percentile
83.6%
The libXfont packages provide the X.Org libXfont runtime library. X.Org is
an open source implementation of the X Window System.
A buffer overflow flaw was found in the way the libXfont library, used by
the X.Org server, handled malformed font files compressed using UNIX
compress. A malicious, local user could exploit this issue to potentially
execute arbitrary code with the privileges of the X.Org server.
(CVE-2011-2895)
Users of libXfont should upgrade to these updated packages, which contain a
backported patch to resolve this issue. All running X.Org server instances
must be restarted for the update to take effect.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 5 | i386 | libxfont-devel | < 1.2.2-1.0.3.el5_6 | libXfont-devel-1.2.2-1.0.3.el5_6.i386.rpm |
RedHat | 5 | ppc64 | libxfont-devel | < 1.2.2-1.0.3.el5_6 | libXfont-devel-1.2.2-1.0.3.el5_6.ppc64.rpm |
RedHat | 5 | s390x | libxfont-devel | < 1.2.2-1.0.3.el5_6 | libXfont-devel-1.2.2-1.0.3.el5_6.s390x.rpm |
RedHat | 5 | ppc64 | libxfont | < 1.2.2-1.0.3.el5_6 | libXfont-1.2.2-1.0.3.el5_6.ppc64.rpm |
RedHat | 5 | x86_64 | libxfont | < 1.2.2-1.0.3.el5_6 | libXfont-1.2.2-1.0.3.el5_6.x86_64.rpm |
RedHat | 5 | src | libxfont | < 1.2.2-1.0.3.el5_6 | libXfont-1.2.2-1.0.3.el5_6.src.rpm |
RedHat | 5 | s390x | libxfont | < 1.2.2-1.0.3.el5_6 | libXfont-1.2.2-1.0.3.el5_6.s390x.rpm |
RedHat | 5 | x86_64 | libxfont-devel | < 1.2.2-1.0.3.el5_6 | libXfont-devel-1.2.2-1.0.3.el5_6.x86_64.rpm |
RedHat | 5 | ppc | libxfont-devel | < 1.2.2-1.0.3.el5_6 | libXfont-devel-1.2.2-1.0.3.el5_6.ppc.rpm |
RedHat | 5 | ia64 | libxfont-devel | < 1.2.2-1.0.3.el5_6 | libXfont-devel-1.2.2-1.0.3.el5_6.ia64.rpm |