Detections
Analytics
openSUSE Security Update : libXfont (openSUSE-2015-266)
high Nessus Plugin ID 82424
Language:
Synopsis
The remote openSUSE host is missing a security update.Description
libXFont was updated to fix three vulnerabilities when parsing BDF files (bnc#921978)As libXfont is used by the X server to read font files, and an unprivileged user with access to the X server can tell the X server to read a given font file from a path of their choosing, these vulnerabilities have the potential to allow unprivileged users to run code with the privileges of the X server.
The following vulnerabilities were fixed :
- The BDF parser could allocate the a wrong buffer size, leading to out of bound writes (CVE-2015-1802)
- The BDF parser could crash when trying to read an invalid pointer (CVE-2015-1803)
- The BDF parser could read 32 bit metrics values into 16 bit integers, causing an out-of-bound memory access though integer overflow (CVE-2015-1804)
Solution
Update the affected libXfont packages.See Also
Plugin Details
Severity: High
ID: 82424
File Name: openSUSE-2015-266.nasl
Version: 1.3
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 3/30/2015
Updated: 1/19/2021
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 8.5
Vector: CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C
Vulnerability Information
CPE: p-cpe:/a:novell:opensuse:libxfont-debugsource, p-cpe:/a:novell:opensuse:libxfont-devel, p-cpe:/a:novell:opensuse:libxfont-devel-32bit, p-cpe:/a:novell:opensuse:libxfont1, p-cpe:/a:novell:opensuse:libxfont1-32bit, p-cpe:/a:novell:opensuse:libxfont1-debuginfo, p-cpe:/a:novell:opensuse:libxfont1-debuginfo-32bit, cpe:/o:novell:opensuse:13.1, cpe:/o:novell:opensuse:13.2
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Patch Publication Date: 3/20/2015