- ---------------------------------------------------------------------                   Red Hat Security Advisory

Synopsis:          Important: libXfont security update
Advisory ID:       RHSA-2007:0132-01
Advisory URL:      https://access.redhat.com/errata/RHSA-2007:0132.html
Issue date:        2007-04-03
Updated on:        2007-04-03
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2007-1351 CVE-2007-1352 
- ---------------------------------------------------------------------1. Summary:

Updated X.org libXfont packages that fix a security issue are now available
for Red Hat Enterprise Linux 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Problem description:

X.org is an open source implementation of the X Window System. It provides
the basic low-level functionality that full-fledged graphical user
interfaces are designed upon.

iDefense reported two integer overflows in the way X.org handled various
font files. A malicious local user could exploit these issues to
potentially execute arbitrary code with the privileges of the X.org server.
(CVE-2007-1351, CVE-2007-1352)

Users of X.org libXfont should upgrade to these updated packages, which
contain a backported patch and are not vulnerable to this issue.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  

This update is available via Red Hat Network.  Details on how to use 
the Red Hat Network to apply this update are available at

5. Bug IDs fixed (http://bugzilla.redhat.com/):

234058 - CVE-2007-1351 Multiple font integer overflows (CVE-2007-1352)

6. RPMs required:

Red Hat Enterprise Linux Desktop (v. 5 client):

SRPMS:
cebbaf955689613a4da4a13e70048bc9  libXfont-1.2.2-1.0.2.el5.src.rpm

i386:
4353d56aeba21ccafa8f1bbf0c657a44  libXfont-1.2.2-1.0.2.el5.i386.rpm
baec95cb7d9e1949b4ab1dfe4827720a  libXfont-debuginfo-1.2.2-1.0.2.el5.i386.rpm

x86_64:
4353d56aeba21ccafa8f1bbf0c657a44  libXfont-1.2.2-1.0.2.el5.i386.rpm
8921098af8f63c467e03faf813de0501  libXfont-1.2.2-1.0.2.el5.x86_64.rpm
baec95cb7d9e1949b4ab1dfe4827720a  libXfont-debuginfo-1.2.2-1.0.2.el5.i386.rpm
fe9f087eb1935ceb0ea544523d64abaa  libXfont-debuginfo-1.2.2-1.0.2.el5.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

SRPMS:
cebbaf955689613a4da4a13e70048bc9  libXfont-1.2.2-1.0.2.el5.src.rpm

i386:
baec95cb7d9e1949b4ab1dfe4827720a  libXfont-debuginfo-1.2.2-1.0.2.el5.i386.rpm
a79829992fad2158b5b3f1f37e917d05  libXfont-devel-1.2.2-1.0.2.el5.i386.rpm

x86_64:
baec95cb7d9e1949b4ab1dfe4827720a  libXfont-debuginfo-1.2.2-1.0.2.el5.i386.rpm
fe9f087eb1935ceb0ea544523d64abaa  libXfont-debuginfo-1.2.2-1.0.2.el5.x86_64.rpm
a79829992fad2158b5b3f1f37e917d05  libXfont-devel-1.2.2-1.0.2.el5.i386.rpm
a4f8fc9719241360073507e5ee4f71eb  libXfont-devel-1.2.2-1.0.2.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

SRPMS:
cebbaf955689613a4da4a13e70048bc9  libXfont-1.2.2-1.0.2.el5.src.rpm

i386:
4353d56aeba21ccafa8f1bbf0c657a44  libXfont-1.2.2-1.0.2.el5.i386.rpm
baec95cb7d9e1949b4ab1dfe4827720a  libXfont-debuginfo-1.2.2-1.0.2.el5.i386.rpm
a79829992fad2158b5b3f1f37e917d05  libXfont-devel-1.2.2-1.0.2.el5.i386.rpm

ia64:
816dec2b8f2a72d5ab47afad494ce128  libXfont-1.2.2-1.0.2.el5.ia64.rpm
58710dd335d8c9a88d23446ce73f48b9  libXfont-debuginfo-1.2.2-1.0.2.el5.ia64.rpm
b467c7ec1bd61bdfa55118c658d64c66  libXfont-devel-1.2.2-1.0.2.el5.ia64.rpm

ppc:
1d6311c46bd83b598083d415937adb2e  libXfont-1.2.2-1.0.2.el5.ppc.rpm
0331576de1d63b54159c16564d69c098  libXfont-1.2.2-1.0.2.el5.ppc64.rpm
4dd1bfc60a0a739cb9d786762b51ca69  libXfont-debuginfo-1.2.2-1.0.2.el5.ppc.rpm
1582d43ed5db3cb3682dc003ed392d84  libXfont-debuginfo-1.2.2-1.0.2.el5.ppc64.rpm
4eb2668a3160e080ba4cd5ea5b66f553  libXfont-devel-1.2.2-1.0.2.el5.ppc.rpm
537c0b1ce6e6fa60efa9e341fa056776  libXfont-devel-1.2.2-1.0.2.el5.ppc64.rpm

s390x:
2ec26a64f65361dc4586fe48a02aedd6  libXfont-1.2.2-1.0.2.el5.s390.rpm
ff4bab53c981c8da60911edebbf7b9c6  libXfont-1.2.2-1.0.2.el5.s390x.rpm
91716ea76da2c3e189ae5fd0dd498f06  libXfont-debuginfo-1.2.2-1.0.2.el5.s390.rpm
af4cedc903ffcee19430e73e026987ca  libXfont-debuginfo-1.2.2-1.0.2.el5.s390x.rpm
10e487c8f8a608d5e73a5148789a44ce  libXfont-devel-1.2.2-1.0.2.el5.s390.rpm
3a87733755c9e8cd117aadee9eea56d1  libXfont-devel-1.2.2-1.0.2.el5.s390x.rpm

x86_64:
4353d56aeba21ccafa8f1bbf0c657a44  libXfont-1.2.2-1.0.2.el5.i386.rpm
8921098af8f63c467e03faf813de0501  libXfont-1.2.2-1.0.2.el5.x86_64.rpm
baec95cb7d9e1949b4ab1dfe4827720a  libXfont-debuginfo-1.2.2-1.0.2.el5.i386.rpm
fe9f087eb1935ceb0ea544523d64abaa  libXfont-debuginfo-1.2.2-1.0.2.el5.x86_64.rpm
a79829992fad2158b5b3f1f37e917d05  libXfont-devel-1.2.2-1.0.2.el5.i386.rpm
a4f8fc9719241360073507e5ee4f71eb  libXfont-devel-1.2.2-1.0.2.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1351
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1352
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.

RedHat: Important: libXfont security update

Updated X.org libXfont packages that fix a security issue are now available for Red Hat Enterprise Linux 5

Summary



Summary

X.org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. iDefense reported two integer overflows in the way X.org handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.org server. (CVE-2007-1351, CVE-2007-1352) Users of X.org libXfont should upgrade to these updated packages, which contain a backported patch and are not vulnerable to this issue.


Solution

Before applying this update, make sure that all previously-released errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at
5. Bug IDs fixed (http://bugzilla.redhat.com/):
234058 - CVE-2007-1351 Multiple font integer overflows (CVE-2007-1352)
6. RPMs required:
Red Hat Enterprise Linux Desktop (v. 5 client):
SRPMS: cebbaf955689613a4da4a13e70048bc9 libXfont-1.2.2-1.0.2.el5.src.rpm
i386: 4353d56aeba21ccafa8f1bbf0c657a44 libXfont-1.2.2-1.0.2.el5.i386.rpm baec95cb7d9e1949b4ab1dfe4827720a libXfont-debuginfo-1.2.2-1.0.2.el5.i386.rpm
x86_64: 4353d56aeba21ccafa8f1bbf0c657a44 libXfont-1.2.2-1.0.2.el5.i386.rpm 8921098af8f63c467e03faf813de0501 libXfont-1.2.2-1.0.2.el5.x86_64.rpm baec95cb7d9e1949b4ab1dfe4827720a libXfont-debuginfo-1.2.2-1.0.2.el5.i386.rpm fe9f087eb1935ceb0ea544523d64abaa libXfont-debuginfo-1.2.2-1.0.2.el5.x86_64.rpm
RHEL Desktop Workstation (v. 5 client):
SRPMS: cebbaf955689613a4da4a13e70048bc9 libXfont-1.2.2-1.0.2.el5.src.rpm
i386: baec95cb7d9e1949b4ab1dfe4827720a libXfont-debuginfo-1.2.2-1.0.2.el5.i386.rpm a79829992fad2158b5b3f1f37e917d05 libXfont-devel-1.2.2-1.0.2.el5.i386.rpm
x86_64: baec95cb7d9e1949b4ab1dfe4827720a libXfont-debuginfo-1.2.2-1.0.2.el5.i386.rpm fe9f087eb1935ceb0ea544523d64abaa libXfont-debuginfo-1.2.2-1.0.2.el5.x86_64.rpm a79829992fad2158b5b3f1f37e917d05 libXfont-devel-1.2.2-1.0.2.el5.i386.rpm a4f8fc9719241360073507e5ee4f71eb libXfont-devel-1.2.2-1.0.2.el5.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
SRPMS: cebbaf955689613a4da4a13e70048bc9 libXfont-1.2.2-1.0.2.el5.src.rpm
i386: 4353d56aeba21ccafa8f1bbf0c657a44 libXfont-1.2.2-1.0.2.el5.i386.rpm baec95cb7d9e1949b4ab1dfe4827720a libXfont-debuginfo-1.2.2-1.0.2.el5.i386.rpm a79829992fad2158b5b3f1f37e917d05 libXfont-devel-1.2.2-1.0.2.el5.i386.rpm
ia64: 816dec2b8f2a72d5ab47afad494ce128 libXfont-1.2.2-1.0.2.el5.ia64.rpm 58710dd335d8c9a88d23446ce73f48b9 libXfont-debuginfo-1.2.2-1.0.2.el5.ia64.rpm b467c7ec1bd61bdfa55118c658d64c66 libXfont-devel-1.2.2-1.0.2.el5.ia64.rpm
ppc: 1d6311c46bd83b598083d415937adb2e libXfont-1.2.2-1.0.2.el5.ppc.rpm 0331576de1d63b54159c16564d69c098 libXfont-1.2.2-1.0.2.el5.ppc64.rpm 4dd1bfc60a0a739cb9d786762b51ca69 libXfont-debuginfo-1.2.2-1.0.2.el5.ppc.rpm 1582d43ed5db3cb3682dc003ed392d84 libXfont-debuginfo-1.2.2-1.0.2.el5.ppc64.rpm 4eb2668a3160e080ba4cd5ea5b66f553 libXfont-devel-1.2.2-1.0.2.el5.ppc.rpm 537c0b1ce6e6fa60efa9e341fa056776 libXfont-devel-1.2.2-1.0.2.el5.ppc64.rpm
s390x: 2ec26a64f65361dc4586fe48a02aedd6 libXfont-1.2.2-1.0.2.el5.s390.rpm ff4bab53c981c8da60911edebbf7b9c6 libXfont-1.2.2-1.0.2.el5.s390x.rpm 91716ea76da2c3e189ae5fd0dd498f06 libXfont-debuginfo-1.2.2-1.0.2.el5.s390.rpm af4cedc903ffcee19430e73e026987ca libXfont-debuginfo-1.2.2-1.0.2.el5.s390x.rpm 10e487c8f8a608d5e73a5148789a44ce libXfont-devel-1.2.2-1.0.2.el5.s390.rpm 3a87733755c9e8cd117aadee9eea56d1 libXfont-devel-1.2.2-1.0.2.el5.s390x.rpm
x86_64: 4353d56aeba21ccafa8f1bbf0c657a44 libXfont-1.2.2-1.0.2.el5.i386.rpm 8921098af8f63c467e03faf813de0501 libXfont-1.2.2-1.0.2.el5.x86_64.rpm baec95cb7d9e1949b4ab1dfe4827720a libXfont-debuginfo-1.2.2-1.0.2.el5.i386.rpm fe9f087eb1935ceb0ea544523d64abaa libXfont-debuginfo-1.2.2-1.0.2.el5.x86_64.rpm a79829992fad2158b5b3f1f37e917d05 libXfont-devel-1.2.2-1.0.2.el5.i386.rpm a4f8fc9719241360073507e5ee4f71eb libXfont-devel-1.2.2-1.0.2.el5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1351 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1352 http://www.redhat.com/security/updates/classification/#important

Package List


Severity
Advisory ID: RHSA-2007:0132-01
Advisory URL: https://access.redhat.com/errata/RHSA-2007:0132.html
Issued Date: : 2007-04-03
Updated on: 2007-04-03
Product: Red Hat Enterprise Linux
CVE Names: CVE-2007-1351 CVE-2007-1352 Updated X.org libXfont packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team.

Topic


Topic


 

Relevant Releases Architectures

Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

RHEL Desktop Workstation (v. 5 client) - i386, x86_64

Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64


Bugs Fixed


Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved