428044 – (CVE-2008-0006) CVE-2008-0006 Xorg / XFree86 PCF font parser buffer overflow

Bug 428044 (CVE-2008-0006) - CVE-2008-0006 Xorg / XFree86 PCF font parser buffer overflow

Summary: CVE-2008-0006 Xorg / XFree86 PCF font parser buffer overflow

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2008-0006
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	428045 428046 428047 428048 428049 428050 429131 429132 429133 833924
Blocks:
TreeView+	depends on / blocked

Reported:	2008-01-08 21:35 UTC by Josh Bressers
Modified:	2022-05-16 10:18 UTC (History)
CC List:	8 users (show)
Fixed In Version:	1.3.1-2.fc8
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2008-01-22 15:40:15 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
FreeDesktop.org	13526	None	None	None	Never
Red Hat Product Errata	RHSA-2008:0029	normal	SHIPPED_LIVE	Important: XFree86 security update	2008-01-19 02:59:54 UTC
Red Hat Product Errata	RHSA-2008:0030	normal	SHIPPED_LIVE	Important: xorg-x11 security update	2008-01-19 02:20:50 UTC
Red Hat Product Errata	RHSA-2008:0064	normal	SHIPPED_LIVE	Important: libXfont security update	2008-01-17 20:00:37 UTC

Description Josh Bressers 2008-01-08 21:35:59 UTC

Takuya Shiozaki of CodeBlog discovered a heap based buffer overflow flaw in
X.org's PCF font handler.

This flaw is being tracked as VU#203220 by CERT.

Comment 16 Josh Bressers 2008-01-17 14:40:19 UTC

Lifting embargo:
http://lists.freedesktop.org/archives/xorg/2008-January/031918.html

Comment 18 Fedora Update System 2008-01-22 15:40:12 UTC

libXfont-1.3.1-2.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 19 Fedora Update System 2008-01-22 15:59:16 UTC

libXfont-1.2.9-3.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 20 Red Hat Product Security 2008-01-22 19:42:51 UTC

This issue was addressed in:

Red Hat Enterprise Linux:
  http://rhn.redhat.com/errata/RHSA-2008-0064.html
  http://rhn.redhat.com/errata/RHSA-2008-0030.html
  http://rhn.redhat.com/errata/RHSA-2008-0029.html

Fedora:
  https://admin.fedoraproject.org/updates/F7/FEDORA-2008-0891
  https://admin.fedoraproject.org/updates/F8/FEDORA-2008-0794

Note You need to log in before you can comment on or make changes to this bug.