rhsa-2011_1834
Vulnerability from csaf_redhat
Published
2011-12-19 17:47
Modified
2024-11-22 04:34
Summary
Red Hat Security Advisory: libXfont security update
Notes
Topic
Updated libXfont packages that fix one security issue are now available for
Red Hat Enterprise Linux 5.6 Extended Update Support.
The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.
Details
The libXfont packages provide the X.Org libXfont runtime library. X.Org is
an open source implementation of the X Window System.
A buffer overflow flaw was found in the way the libXfont library, used by
the X.Org server, handled malformed font files compressed using UNIX
compress. A malicious, local user could exploit this issue to potentially
execute arbitrary code with the privileges of the X.Org server.
(CVE-2011-2895)
Users of libXfont should upgrade to these updated packages, which contain a
backported patch to resolve this issue. All running X.Org server instances
must be restarted for the update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated libXfont packages that fix one security issue are now available for\nRed Hat Enterprise Linux 5.6 Extended Update Support.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from the\nCVE link in the References section.", "title": "Topic" }, { "category": "general", "text": "The libXfont packages provide the X.Org libXfont runtime library. X.Org is\nan open source implementation of the X Window System.\n\nA buffer overflow flaw was found in the way the libXfont library, used by\nthe X.Org server, handled malformed font files compressed using UNIX\ncompress. A malicious, local user could exploit this issue to potentially\nexecute arbitrary code with the privileges of the X.Org server.\n(CVE-2011-2895)\n\nUsers of libXfont should upgrade to these updated packages, which contain a\nbackported patch to resolve this issue. All running X.Org server instances\nmust be restarted for the update to take effect.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2011:1834", "url": "https://access.redhat.com/errata/RHSA-2011:1834" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "725760", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=725760" }, { "category": "external", "summary": "727624", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=727624" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2011/rhsa-2011_1834.json" } ], "title": "Red Hat Security Advisory: libXfont security update", "tracking": { "current_release_date": "2024-11-22T04:34:12+00:00", "generator": { "date": "2024-11-22T04:34:12+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2011:1834", "initial_release_date": "2011-12-19T17:47:00+00:00", "revision_history": [ { "date": "2011-12-19T17:47:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2011-12-19T17:51:02+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T04:34:12+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux EUS (v. 5.6 server)", "product": { "name": "Red Hat Enterprise Linux EUS (v. 5.6 server)", "product_id": "5Server-5.6.EUS", "product_identification_helper": { "cpe": "cpe:/o:redhat:rhel_eus:5.6" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "libXfont-devel-0:1.2.2-1.0.3.el5_6.ia64", "product": { "name": "libXfont-devel-0:1.2.2-1.0.3.el5_6.ia64", "product_id": "libXfont-devel-0:1.2.2-1.0.3.el5_6.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libXfont-devel@1.2.2-1.0.3.el5_6?arch=ia64" } } }, { "category": "product_version", "name": "libXfont-debuginfo-0:1.2.2-1.0.3.el5_6.ia64", "product": { "name": "libXfont-debuginfo-0:1.2.2-1.0.3.el5_6.ia64", "product_id": "libXfont-debuginfo-0:1.2.2-1.0.3.el5_6.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libXfont-debuginfo@1.2.2-1.0.3.el5_6?arch=ia64" } } }, { "category": "product_version", "name": "libXfont-0:1.2.2-1.0.3.el5_6.ia64", "product": { "name": "libXfont-0:1.2.2-1.0.3.el5_6.ia64", "product_id": "libXfont-0:1.2.2-1.0.3.el5_6.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libXfont@1.2.2-1.0.3.el5_6?arch=ia64" } } } ], "category": "architecture", "name": "ia64" }, { "branches": [ { "category": "product_version", "name": "libXfont-devel-0:1.2.2-1.0.3.el5_6.ppc64", "product": { "name": "libXfont-devel-0:1.2.2-1.0.3.el5_6.ppc64", "product_id": "libXfont-devel-0:1.2.2-1.0.3.el5_6.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libXfont-devel@1.2.2-1.0.3.el5_6?arch=ppc64" } } }, { "category": "product_version", "name": "libXfont-debuginfo-0:1.2.2-1.0.3.el5_6.ppc64", "product": { "name": "libXfont-debuginfo-0:1.2.2-1.0.3.el5_6.ppc64", "product_id": "libXfont-debuginfo-0:1.2.2-1.0.3.el5_6.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libXfont-debuginfo@1.2.2-1.0.3.el5_6?arch=ppc64" } } }, { "category": "product_version", "name": "libXfont-0:1.2.2-1.0.3.el5_6.ppc64", "product": { "name": "libXfont-0:1.2.2-1.0.3.el5_6.ppc64", "product_id": "libXfont-0:1.2.2-1.0.3.el5_6.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libXfont@1.2.2-1.0.3.el5_6?arch=ppc64" } } } ], "category": "architecture", "name": "ppc64" }, { "branches": [ { "category": "product_version", "name": "libXfont-devel-0:1.2.2-1.0.3.el5_6.ppc", "product": { "name": "libXfont-devel-0:1.2.2-1.0.3.el5_6.ppc", "product_id": "libXfont-devel-0:1.2.2-1.0.3.el5_6.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/libXfont-devel@1.2.2-1.0.3.el5_6?arch=ppc" } } }, { "category": "product_version", "name": "libXfont-debuginfo-0:1.2.2-1.0.3.el5_6.ppc", "product": { "name": "libXfont-debuginfo-0:1.2.2-1.0.3.el5_6.ppc", "product_id": "libXfont-debuginfo-0:1.2.2-1.0.3.el5_6.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/libXfont-debuginfo@1.2.2-1.0.3.el5_6?arch=ppc" } } }, { "category": "product_version", "name": "libXfont-0:1.2.2-1.0.3.el5_6.ppc", "product": { "name": "libXfont-0:1.2.2-1.0.3.el5_6.ppc", "product_id": "libXfont-0:1.2.2-1.0.3.el5_6.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/libXfont@1.2.2-1.0.3.el5_6?arch=ppc" } } } ], "category": "architecture", "name": "ppc" }, { "branches": [ { "category": "product_version", "name": "libXfont-devel-0:1.2.2-1.0.3.el5_6.s390x", "product": { "name": "libXfont-devel-0:1.2.2-1.0.3.el5_6.s390x", "product_id": "libXfont-devel-0:1.2.2-1.0.3.el5_6.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/libXfont-devel@1.2.2-1.0.3.el5_6?arch=s390x" } } }, { "category": "product_version", "name": "libXfont-debuginfo-0:1.2.2-1.0.3.el5_6.s390x", "product": { "name": "libXfont-debuginfo-0:1.2.2-1.0.3.el5_6.s390x", "product_id": "libXfont-debuginfo-0:1.2.2-1.0.3.el5_6.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/libXfont-debuginfo@1.2.2-1.0.3.el5_6?arch=s390x" } } }, { "category": "product_version", "name": "libXfont-0:1.2.2-1.0.3.el5_6.s390x", "product": { "name": "libXfont-0:1.2.2-1.0.3.el5_6.s390x", "product_id": "libXfont-0:1.2.2-1.0.3.el5_6.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/libXfont@1.2.2-1.0.3.el5_6?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "libXfont-devel-0:1.2.2-1.0.3.el5_6.s390", "product": { "name": "libXfont-devel-0:1.2.2-1.0.3.el5_6.s390", "product_id": "libXfont-devel-0:1.2.2-1.0.3.el5_6.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/libXfont-devel@1.2.2-1.0.3.el5_6?arch=s390" } } }, { "category": "product_version", "name": "libXfont-debuginfo-0:1.2.2-1.0.3.el5_6.s390", "product": { "name": "libXfont-debuginfo-0:1.2.2-1.0.3.el5_6.s390", "product_id": "libXfont-debuginfo-0:1.2.2-1.0.3.el5_6.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/libXfont-debuginfo@1.2.2-1.0.3.el5_6?arch=s390" } } }, { "category": "product_version", "name": "libXfont-0:1.2.2-1.0.3.el5_6.s390", "product": { "name": "libXfont-0:1.2.2-1.0.3.el5_6.s390", "product_id": "libXfont-0:1.2.2-1.0.3.el5_6.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/libXfont@1.2.2-1.0.3.el5_6?arch=s390" } } } ], "category": "architecture", "name": "s390" }, { "branches": [ { "category": "product_version", "name": "libXfont-devel-0:1.2.2-1.0.3.el5_6.i386", "product": { "name": "libXfont-devel-0:1.2.2-1.0.3.el5_6.i386", "product_id": "libXfont-devel-0:1.2.2-1.0.3.el5_6.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/libXfont-devel@1.2.2-1.0.3.el5_6?arch=i386" } } }, { "category": "product_version", "name": "libXfont-debuginfo-0:1.2.2-1.0.3.el5_6.i386", "product": { "name": "libXfont-debuginfo-0:1.2.2-1.0.3.el5_6.i386", "product_id": "libXfont-debuginfo-0:1.2.2-1.0.3.el5_6.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/libXfont-debuginfo@1.2.2-1.0.3.el5_6?arch=i386" } } }, { "category": "product_version", "name": "libXfont-0:1.2.2-1.0.3.el5_6.i386", "product": { "name": "libXfont-0:1.2.2-1.0.3.el5_6.i386", "product_id": "libXfont-0:1.2.2-1.0.3.el5_6.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/libXfont@1.2.2-1.0.3.el5_6?arch=i386" } } } ], "category": "architecture", "name": "i386" }, { "branches": [ { "category": "product_version", "name": "libXfont-devel-0:1.2.2-1.0.3.el5_6.x86_64", "product": { "name": "libXfont-devel-0:1.2.2-1.0.3.el5_6.x86_64", "product_id": "libXfont-devel-0:1.2.2-1.0.3.el5_6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libXfont-devel@1.2.2-1.0.3.el5_6?arch=x86_64" } } }, { "category": "product_version", "name": "libXfont-debuginfo-0:1.2.2-1.0.3.el5_6.x86_64", "product": { "name": "libXfont-debuginfo-0:1.2.2-1.0.3.el5_6.x86_64", "product_id": "libXfont-debuginfo-0:1.2.2-1.0.3.el5_6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libXfont-debuginfo@1.2.2-1.0.3.el5_6?arch=x86_64" } } }, { "category": "product_version", "name": "libXfont-0:1.2.2-1.0.3.el5_6.x86_64", "product": { "name": "libXfont-0:1.2.2-1.0.3.el5_6.x86_64", "product_id": "libXfont-0:1.2.2-1.0.3.el5_6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libXfont@1.2.2-1.0.3.el5_6?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "libXfont-0:1.2.2-1.0.3.el5_6.src", "product": { "name": "libXfont-0:1.2.2-1.0.3.el5_6.src", "product_id": "libXfont-0:1.2.2-1.0.3.el5_6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/libXfont@1.2.2-1.0.3.el5_6?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "libXfont-0:1.2.2-1.0.3.el5_6.i386 as a component of Red Hat Enterprise Linux EUS (v. 5.6 server)", "product_id": "5Server-5.6.EUS:libXfont-0:1.2.2-1.0.3.el5_6.i386" }, "product_reference": "libXfont-0:1.2.2-1.0.3.el5_6.i386", "relates_to_product_reference": "5Server-5.6.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libXfont-0:1.2.2-1.0.3.el5_6.ia64 as a component of Red Hat Enterprise Linux EUS (v. 5.6 server)", "product_id": "5Server-5.6.EUS:libXfont-0:1.2.2-1.0.3.el5_6.ia64" }, "product_reference": "libXfont-0:1.2.2-1.0.3.el5_6.ia64", "relates_to_product_reference": "5Server-5.6.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libXfont-0:1.2.2-1.0.3.el5_6.ppc as a component of Red Hat Enterprise Linux EUS (v. 5.6 server)", "product_id": "5Server-5.6.EUS:libXfont-0:1.2.2-1.0.3.el5_6.ppc" }, "product_reference": "libXfont-0:1.2.2-1.0.3.el5_6.ppc", "relates_to_product_reference": "5Server-5.6.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libXfont-0:1.2.2-1.0.3.el5_6.ppc64 as a component of Red Hat Enterprise Linux EUS (v. 5.6 server)", "product_id": "5Server-5.6.EUS:libXfont-0:1.2.2-1.0.3.el5_6.ppc64" }, "product_reference": "libXfont-0:1.2.2-1.0.3.el5_6.ppc64", "relates_to_product_reference": "5Server-5.6.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libXfont-0:1.2.2-1.0.3.el5_6.s390 as a component of Red Hat Enterprise Linux EUS (v. 5.6 server)", "product_id": "5Server-5.6.EUS:libXfont-0:1.2.2-1.0.3.el5_6.s390" }, "product_reference": "libXfont-0:1.2.2-1.0.3.el5_6.s390", "relates_to_product_reference": "5Server-5.6.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libXfont-0:1.2.2-1.0.3.el5_6.s390x as a component of Red Hat Enterprise Linux EUS (v. 5.6 server)", "product_id": "5Server-5.6.EUS:libXfont-0:1.2.2-1.0.3.el5_6.s390x" }, "product_reference": "libXfont-0:1.2.2-1.0.3.el5_6.s390x", "relates_to_product_reference": "5Server-5.6.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libXfont-0:1.2.2-1.0.3.el5_6.src as a component of Red Hat Enterprise Linux EUS (v. 5.6 server)", "product_id": "5Server-5.6.EUS:libXfont-0:1.2.2-1.0.3.el5_6.src" }, "product_reference": "libXfont-0:1.2.2-1.0.3.el5_6.src", "relates_to_product_reference": "5Server-5.6.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libXfont-0:1.2.2-1.0.3.el5_6.x86_64 as a component of Red Hat Enterprise Linux EUS (v. 5.6 server)", "product_id": "5Server-5.6.EUS:libXfont-0:1.2.2-1.0.3.el5_6.x86_64" }, "product_reference": "libXfont-0:1.2.2-1.0.3.el5_6.x86_64", "relates_to_product_reference": "5Server-5.6.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libXfont-debuginfo-0:1.2.2-1.0.3.el5_6.i386 as a component of Red Hat Enterprise Linux EUS (v. 5.6 server)", "product_id": "5Server-5.6.EUS:libXfont-debuginfo-0:1.2.2-1.0.3.el5_6.i386" }, "product_reference": "libXfont-debuginfo-0:1.2.2-1.0.3.el5_6.i386", "relates_to_product_reference": "5Server-5.6.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libXfont-debuginfo-0:1.2.2-1.0.3.el5_6.ia64 as a component of Red Hat Enterprise Linux EUS (v. 5.6 server)", "product_id": "5Server-5.6.EUS:libXfont-debuginfo-0:1.2.2-1.0.3.el5_6.ia64" }, "product_reference": "libXfont-debuginfo-0:1.2.2-1.0.3.el5_6.ia64", "relates_to_product_reference": "5Server-5.6.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libXfont-debuginfo-0:1.2.2-1.0.3.el5_6.ppc as a component of Red Hat Enterprise Linux EUS (v. 5.6 server)", "product_id": "5Server-5.6.EUS:libXfont-debuginfo-0:1.2.2-1.0.3.el5_6.ppc" }, "product_reference": "libXfont-debuginfo-0:1.2.2-1.0.3.el5_6.ppc", "relates_to_product_reference": "5Server-5.6.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libXfont-debuginfo-0:1.2.2-1.0.3.el5_6.ppc64 as a component of Red Hat Enterprise Linux EUS (v. 5.6 server)", "product_id": "5Server-5.6.EUS:libXfont-debuginfo-0:1.2.2-1.0.3.el5_6.ppc64" }, "product_reference": "libXfont-debuginfo-0:1.2.2-1.0.3.el5_6.ppc64", "relates_to_product_reference": "5Server-5.6.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libXfont-debuginfo-0:1.2.2-1.0.3.el5_6.s390 as a component of Red Hat Enterprise Linux EUS (v. 5.6 server)", "product_id": "5Server-5.6.EUS:libXfont-debuginfo-0:1.2.2-1.0.3.el5_6.s390" }, "product_reference": "libXfont-debuginfo-0:1.2.2-1.0.3.el5_6.s390", "relates_to_product_reference": "5Server-5.6.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libXfont-debuginfo-0:1.2.2-1.0.3.el5_6.s390x as a component of Red Hat Enterprise Linux EUS (v. 5.6 server)", "product_id": "5Server-5.6.EUS:libXfont-debuginfo-0:1.2.2-1.0.3.el5_6.s390x" }, "product_reference": "libXfont-debuginfo-0:1.2.2-1.0.3.el5_6.s390x", "relates_to_product_reference": "5Server-5.6.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libXfont-debuginfo-0:1.2.2-1.0.3.el5_6.x86_64 as a component of Red Hat Enterprise Linux EUS (v. 5.6 server)", "product_id": "5Server-5.6.EUS:libXfont-debuginfo-0:1.2.2-1.0.3.el5_6.x86_64" }, "product_reference": "libXfont-debuginfo-0:1.2.2-1.0.3.el5_6.x86_64", "relates_to_product_reference": "5Server-5.6.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libXfont-devel-0:1.2.2-1.0.3.el5_6.i386 as a component of Red Hat Enterprise Linux EUS (v. 5.6 server)", "product_id": "5Server-5.6.EUS:libXfont-devel-0:1.2.2-1.0.3.el5_6.i386" }, "product_reference": "libXfont-devel-0:1.2.2-1.0.3.el5_6.i386", "relates_to_product_reference": "5Server-5.6.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libXfont-devel-0:1.2.2-1.0.3.el5_6.ia64 as a component of Red Hat Enterprise Linux EUS (v. 5.6 server)", "product_id": "5Server-5.6.EUS:libXfont-devel-0:1.2.2-1.0.3.el5_6.ia64" }, "product_reference": "libXfont-devel-0:1.2.2-1.0.3.el5_6.ia64", "relates_to_product_reference": "5Server-5.6.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libXfont-devel-0:1.2.2-1.0.3.el5_6.ppc as a component of Red Hat Enterprise Linux EUS (v. 5.6 server)", "product_id": "5Server-5.6.EUS:libXfont-devel-0:1.2.2-1.0.3.el5_6.ppc" }, "product_reference": "libXfont-devel-0:1.2.2-1.0.3.el5_6.ppc", "relates_to_product_reference": "5Server-5.6.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libXfont-devel-0:1.2.2-1.0.3.el5_6.ppc64 as a component of Red Hat Enterprise Linux EUS (v. 5.6 server)", "product_id": "5Server-5.6.EUS:libXfont-devel-0:1.2.2-1.0.3.el5_6.ppc64" }, "product_reference": "libXfont-devel-0:1.2.2-1.0.3.el5_6.ppc64", "relates_to_product_reference": "5Server-5.6.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libXfont-devel-0:1.2.2-1.0.3.el5_6.s390 as a component of Red Hat Enterprise Linux EUS (v. 5.6 server)", "product_id": "5Server-5.6.EUS:libXfont-devel-0:1.2.2-1.0.3.el5_6.s390" }, "product_reference": "libXfont-devel-0:1.2.2-1.0.3.el5_6.s390", "relates_to_product_reference": "5Server-5.6.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libXfont-devel-0:1.2.2-1.0.3.el5_6.s390x as a component of Red Hat Enterprise Linux EUS (v. 5.6 server)", "product_id": "5Server-5.6.EUS:libXfont-devel-0:1.2.2-1.0.3.el5_6.s390x" }, "product_reference": "libXfont-devel-0:1.2.2-1.0.3.el5_6.s390x", "relates_to_product_reference": "5Server-5.6.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libXfont-devel-0:1.2.2-1.0.3.el5_6.x86_64 as a component of Red Hat Enterprise Linux EUS (v. 5.6 server)", "product_id": "5Server-5.6.EUS:libXfont-devel-0:1.2.2-1.0.3.el5_6.x86_64" }, "product_reference": "libXfont-devel-0:1.2.2-1.0.3.el5_6.x86_64", "relates_to_product_reference": "5Server-5.6.EUS" } ] }, "vulnerabilities": [ { "cve": "CVE-2011-2895", "discovery_date": "2011-06-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "727624" } ], "notes": [ { "category": "description", "text": "The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896.", "title": "Vulnerability description" }, { "category": "summary", "text": "BSD compress LZW decoder buffer overflow", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-5.6.EUS:libXfont-0:1.2.2-1.0.3.el5_6.i386", "5Server-5.6.EUS:libXfont-0:1.2.2-1.0.3.el5_6.ia64", "5Server-5.6.EUS:libXfont-0:1.2.2-1.0.3.el5_6.ppc", "5Server-5.6.EUS:libXfont-0:1.2.2-1.0.3.el5_6.ppc64", "5Server-5.6.EUS:libXfont-0:1.2.2-1.0.3.el5_6.s390", "5Server-5.6.EUS:libXfont-0:1.2.2-1.0.3.el5_6.s390x", "5Server-5.6.EUS:libXfont-0:1.2.2-1.0.3.el5_6.src", "5Server-5.6.EUS:libXfont-0:1.2.2-1.0.3.el5_6.x86_64", "5Server-5.6.EUS:libXfont-debuginfo-0:1.2.2-1.0.3.el5_6.i386", "5Server-5.6.EUS:libXfont-debuginfo-0:1.2.2-1.0.3.el5_6.ia64", "5Server-5.6.EUS:libXfont-debuginfo-0:1.2.2-1.0.3.el5_6.ppc", "5Server-5.6.EUS:libXfont-debuginfo-0:1.2.2-1.0.3.el5_6.ppc64", "5Server-5.6.EUS:libXfont-debuginfo-0:1.2.2-1.0.3.el5_6.s390", "5Server-5.6.EUS:libXfont-debuginfo-0:1.2.2-1.0.3.el5_6.s390x", "5Server-5.6.EUS:libXfont-debuginfo-0:1.2.2-1.0.3.el5_6.x86_64", "5Server-5.6.EUS:libXfont-devel-0:1.2.2-1.0.3.el5_6.i386", "5Server-5.6.EUS:libXfont-devel-0:1.2.2-1.0.3.el5_6.ia64", "5Server-5.6.EUS:libXfont-devel-0:1.2.2-1.0.3.el5_6.ppc", "5Server-5.6.EUS:libXfont-devel-0:1.2.2-1.0.3.el5_6.ppc64", "5Server-5.6.EUS:libXfont-devel-0:1.2.2-1.0.3.el5_6.s390", "5Server-5.6.EUS:libXfont-devel-0:1.2.2-1.0.3.el5_6.s390x", "5Server-5.6.EUS:libXfont-devel-0:1.2.2-1.0.3.el5_6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-2895" }, { "category": "external", "summary": "RHBZ#727624", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=727624" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-2895", "url": "https://www.cve.org/CVERecord?id=CVE-2011-2895" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-2895", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2895" } ], "release_date": "2011-08-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-12-19T17:47:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", "product_ids": [ "5Server-5.6.EUS:libXfont-0:1.2.2-1.0.3.el5_6.i386", "5Server-5.6.EUS:libXfont-0:1.2.2-1.0.3.el5_6.ia64", "5Server-5.6.EUS:libXfont-0:1.2.2-1.0.3.el5_6.ppc", "5Server-5.6.EUS:libXfont-0:1.2.2-1.0.3.el5_6.ppc64", "5Server-5.6.EUS:libXfont-0:1.2.2-1.0.3.el5_6.s390", "5Server-5.6.EUS:libXfont-0:1.2.2-1.0.3.el5_6.s390x", "5Server-5.6.EUS:libXfont-0:1.2.2-1.0.3.el5_6.src", "5Server-5.6.EUS:libXfont-0:1.2.2-1.0.3.el5_6.x86_64", "5Server-5.6.EUS:libXfont-debuginfo-0:1.2.2-1.0.3.el5_6.i386", "5Server-5.6.EUS:libXfont-debuginfo-0:1.2.2-1.0.3.el5_6.ia64", "5Server-5.6.EUS:libXfont-debuginfo-0:1.2.2-1.0.3.el5_6.ppc", "5Server-5.6.EUS:libXfont-debuginfo-0:1.2.2-1.0.3.el5_6.ppc64", "5Server-5.6.EUS:libXfont-debuginfo-0:1.2.2-1.0.3.el5_6.s390", "5Server-5.6.EUS:libXfont-debuginfo-0:1.2.2-1.0.3.el5_6.s390x", "5Server-5.6.EUS:libXfont-debuginfo-0:1.2.2-1.0.3.el5_6.x86_64", "5Server-5.6.EUS:libXfont-devel-0:1.2.2-1.0.3.el5_6.i386", "5Server-5.6.EUS:libXfont-devel-0:1.2.2-1.0.3.el5_6.ia64", "5Server-5.6.EUS:libXfont-devel-0:1.2.2-1.0.3.el5_6.ppc", "5Server-5.6.EUS:libXfont-devel-0:1.2.2-1.0.3.el5_6.ppc64", "5Server-5.6.EUS:libXfont-devel-0:1.2.2-1.0.3.el5_6.s390", "5Server-5.6.EUS:libXfont-devel-0:1.2.2-1.0.3.el5_6.s390x", "5Server-5.6.EUS:libXfont-devel-0:1.2.2-1.0.3.el5_6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:1834" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "products": [ "5Server-5.6.EUS:libXfont-0:1.2.2-1.0.3.el5_6.i386", "5Server-5.6.EUS:libXfont-0:1.2.2-1.0.3.el5_6.ia64", "5Server-5.6.EUS:libXfont-0:1.2.2-1.0.3.el5_6.ppc", "5Server-5.6.EUS:libXfont-0:1.2.2-1.0.3.el5_6.ppc64", "5Server-5.6.EUS:libXfont-0:1.2.2-1.0.3.el5_6.s390", "5Server-5.6.EUS:libXfont-0:1.2.2-1.0.3.el5_6.s390x", "5Server-5.6.EUS:libXfont-0:1.2.2-1.0.3.el5_6.src", "5Server-5.6.EUS:libXfont-0:1.2.2-1.0.3.el5_6.x86_64", "5Server-5.6.EUS:libXfont-debuginfo-0:1.2.2-1.0.3.el5_6.i386", "5Server-5.6.EUS:libXfont-debuginfo-0:1.2.2-1.0.3.el5_6.ia64", "5Server-5.6.EUS:libXfont-debuginfo-0:1.2.2-1.0.3.el5_6.ppc", "5Server-5.6.EUS:libXfont-debuginfo-0:1.2.2-1.0.3.el5_6.ppc64", "5Server-5.6.EUS:libXfont-debuginfo-0:1.2.2-1.0.3.el5_6.s390", "5Server-5.6.EUS:libXfont-debuginfo-0:1.2.2-1.0.3.el5_6.s390x", "5Server-5.6.EUS:libXfont-debuginfo-0:1.2.2-1.0.3.el5_6.x86_64", "5Server-5.6.EUS:libXfont-devel-0:1.2.2-1.0.3.el5_6.i386", "5Server-5.6.EUS:libXfont-devel-0:1.2.2-1.0.3.el5_6.ia64", "5Server-5.6.EUS:libXfont-devel-0:1.2.2-1.0.3.el5_6.ppc", "5Server-5.6.EUS:libXfont-devel-0:1.2.2-1.0.3.el5_6.ppc64", "5Server-5.6.EUS:libXfont-devel-0:1.2.2-1.0.3.el5_6.s390", "5Server-5.6.EUS:libXfont-devel-0:1.2.2-1.0.3.el5_6.s390x", "5Server-5.6.EUS:libXfont-devel-0:1.2.2-1.0.3.el5_6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "BSD compress LZW decoder buffer overflow" } ] }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.