A stack-based buffer overflow flaw was found in the way the libXfont library, used by the X.Org server, parsed Glyph Bitmap Distribution Format (BDF) fonts. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. Acknowledgements: Red Hat would like to thank the X.Org security team for reporting this issue.
This issue is now public, and is noted as being fixed in libXfont 1.4.7 via the following commit: http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=4d024ac10f964f6bd372ae0dd14f02772a6e5f63 It is also noted as affecting every version of X from X11R5 to libXfont 1.4.6. External References: http://lists.x.org/archives/xorg-announce/2014-January/002389.html
Created libXfont tracking bugs for this issue: Affects: fedora-all [bug 1049569]
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Via RHSA-2014:0018 https://rhn.redhat.com/errata/RHSA-2014-0018.html
Some media coverage: http://www.theregister.co.uk/2014/01/09/x11_has_privilege_escalation_bug/