desktop-packages team mailing list archive
-
desktop-packages team
-
Mailing list archive
-
Message #107419
[Bug 1433214] Re: execution security issue
libxfont (1:1.4.99.901-1ubuntu1) vivid; urgency=medium
* SECURITY UPDATE: arbitrary code exection via invalid property count
- debian/patches/CVE-2015-1802.patch: check for integer overflow in
src/bitmap/bdfread.c.
- CVE-2015-1802
* SECURITY UPDATE: arbitrary code execution via bitmap data parse failure
- debian/patches/CVE-2015-1803.patch: bail out if bitmap can't be read
in src/bitmap/bdfread.c.
- CVE-2015-1803
* SECURITY UPDATE: arbitrary code execution via invalid metrics
- debian/patches/CVE-2015-1804.patch: ensure metrics fit in struct in
src/bitmap/bdfread.c.
- CVE-2015-1804
-- Marc Deslauriers <marc.deslauriers@xxxxxxxxxx> Wed, 18 Mar 2015
07:26:08 -0400
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1802
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1803
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1804
** Changed in: libxfont (Ubuntu)
Status: New => Fix Released
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to libxfont in Ubuntu.
https://bugs.launchpad.net/bugs/1433214
Title:
execution security issue
Status in libxfont package in Ubuntu:
Fix Released
Bug description:
This libXfont issue could allow attackers to execute privileges with the same rights as the X.Org Server, which is generally root. The advisory reads:
Ilja van Sprundel, a security researcher with IOActive, has discovered an issue in the parsing of BDF font files by libXfont. Additional testing by Alan Coopersmith and William Robinet with the American Fuzzy Lop (afl) tool uncovered two more issues in the parsing of BDF font files.
As libXfont is used by the X server to read font files, and an unprivileged user with access to the X server can tell the X server to read a given font file from a path of their choosing, these vulnerabilities have the potential to allow unprivileged users to run code with the privileges of the X server (often root access).
The resulting CVEs are "CVE-2015-1802: bdfReadProperties: property count needs range check", "CVE-2015-1803: bdfReadCharacters: bailout if a char's bitmap cannot be read", and "CVE-2015-1804: bdfReadCharacters: ensure metrics fit into xCharInfo struct."
http://www.phoronix.com/scan.php?page=news_item&px=BDF-File-Parsing-
libXfont
ProblemType: Bug
DistroRelease: Ubuntu 15.04
Package: libxfont1 1:1.4.99.901-1
ProcVersionSignature: Ubuntu 3.19.0-9.9-generic 3.19.1
Uname: Linux 3.19.0-9-generic i686
NonfreeKernelModules: nvidia
.proc.driver.nvidia.registry: Binary: ""
.proc.driver.nvidia.version:
NVRM version: NVIDIA UNIX x86 Kernel Module 346.47 Thu Feb 19 18:02:21 PST 2015
GCC version: gcc version 4.9.2 (Ubuntu 4.9.2-10ubuntu8)
ApportVersion: 2.16.2-0ubuntu3
Architecture: i386
CurrentDesktop: GNOME
Date: Tue Mar 17 18:05:30 2015
DistUpgraded: Fresh install
DistroCodename: vivid
DistroVariant: ubuntu
DkmsStatus:
nvidia-346, 346.47, 3.19.0-9-generic, i686: installed
vboxhost, 4.3.26, 3.19.0-9-generic, i686: installed
GraphicsCard:
NVIDIA Corporation GM107 [GeForce GTX 750] [10de:1381] (rev a2) (prog-if 00 [VGA controller])
Subsystem: Gigabyte Technology Co., Ltd Device [1458:362e]
Lsusb:
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 003 Device 002: ID 046d:c50e Logitech, Inc. Cordless Mouse Receiver
Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
MachineType: ASUSTEK COMPUTER INC P5W DH Deluxe
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.19.0-9-generic root=UUID=7b1f4a51-558f-468f-85e0-f815d2f791e1 ro
SourcePackage: libxfont
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 07/22/2010
dmi.bios.vendor: American Megatrends Inc.
dmi.bios.version: 3002
dmi.board.asset.tag: To Be Filled By O.E.M.
dmi.board.name: P5W DH Deluxe
dmi.board.vendor: ASUSTeK Computer INC.
dmi.board.version: Rev 1.xx
dmi.chassis.asset.tag: Asset-1234567890
dmi.chassis.type: 3
dmi.chassis.vendor: Chassis Manufacture
dmi.chassis.version: Chassis Version
dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvr3002:bd07/22/2010:svnASUSTEKCOMPUTERINC:pnP5WDHDeluxe:pvrSystemVersion:rvnASUSTeKComputerINC.:rnP5WDHDeluxe:rvrRev1.xx:cvnChassisManufacture:ct3:cvrChassisVersion:
dmi.product.name: P5W DH Deluxe
dmi.product.version: System Version
dmi.sys.vendor: ASUSTEK COMPUTER INC
version.compiz: compiz 1:0.9.12.1+15.04.20150303-0ubuntu1
version.libdrm2: libdrm2 2.4.59-0ubuntu1
version.libgl1-mesa-dri: libgl1-mesa-dri 10.5.0-0ubuntu1
version.libgl1-mesa-dri-experimental: libgl1-mesa-dri-experimental N/A
version.libgl1-mesa-glx: libgl1-mesa-glx 10.5.0-0ubuntu1
version.nvidia-graphics-drivers: nvidia-graphics-drivers N/A
version.xserver-xorg-core: xserver-xorg-core 2:1.17.1-0ubuntu2
version.xserver-xorg-input-evdev: xserver-xorg-input-evdev 1:2.9.0-1ubuntu2
version.xserver-xorg-video-ati: xserver-xorg-video-ati N/A
version.xserver-xorg-video-intel: xserver-xorg-video-intel N/A
version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau 1:1.0.11-1ubuntu2build1
xserver.bootTime: Tue Mar 17 07:28:42 2015
xserver.configfile: default
xserver.devices:
input Power Button KEYBOARD, id 6
input Power Button KEYBOARD, id 7
input Logitech USB RECEIVER MOUSE, id 8
input AT Translated Set 2 keyboard KEYBOARD, id 9
xserver.errors:
Failed to load module "fbdev" (module does not exist, 0)
Failed to load module "fbdev" (module does not exist, 0)
xserver.logfile: /var/log/Xorg.0.log
xserver.outputs:
xserver.version: 2:1.17.1-0ubuntu2
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libxfont/+bug/1433214/+subscriptions
References
