Reported to Red Hat by XFree86 on 2004Feb03 via
A malicious user may craft a malformed 'font.alias' file causing a
buffer overflow upon parsing, which could lead to execution of
arbitrary code as root on the server.
Embargoed. No date for public notification set; CVE applied for.
Patch available. Errata in progress.
XFree86-4.3.0-49 built for Fedora Core 1 now
Subsequently, iDefense found another issue in the same routine with
the same consequences which has been given CVE name CAN-2004-0083.
Additionally David Dawes discovered additional flaws in reading font
files. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0106 to these issues.
The XFree86 4.3.0-55 update for Fedora Core 1, fixes all of the
security issues outlined in the CVE (Common Vulnerabilities and
Exposures) advisories: CAN-2004-0083, CAN-2004-0084, and
All users are urged to upgrade to this latest update.
*** Bug 115569 has been marked as a duplicate of this bug. ***