__________________________________________________________ The U.S. Department of Energy Computer Incident Advisory Capability ___ __ __ _ ___ / | /_\ / \___ __|__ / \ \___ __________________________________________________________ INFORMATION BULLETIN libXfont Security Update [Red Hat RHSA-2007:0132-3] April 4, 2007 18:00 GMT Number R-196 [REVISED 19 Apr 2007] [REVISED 10 Jan 2008] ______________________________________________________________________________ PROBLEM: There are two integer overflows in the way X.org handled various font files. PLATFORM: Red Hat Desktop (v. 3, v. 4) Red Hat Enterprise Linux AS, ES, WS (v. 2.1, v. 3, v. 4) RHEL Desktop Workstation (v. 5 client) Red Hat Enterprise Linux (v. 5 server) Red Hat Enterprise Linux Desktop (v. 5 client) Debian GNU/Linux 4.0 (stable) DAMAGE: Could potentially execute arbitrary code with the privileges of the X.org server. SOLUTION: Upgrade to the appropriate version. ______________________________________________________________________________ VULNERABILITY The risk is MEDIUM. A malicious local user could exploit these ASSESSMENT: issues to potentially execute arbitrary code with the privileges of the X.org server. ______________________________________________________________________________ LINKS: CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/r-196.shtml ORIGINAL BULLETIN: https://rhn.redhat.com/errata/RHSA-2007-0132.html ADDITIONAL LINKS: https://rhn.redhat.com/errata/RHSA-2007-0150.html http://www.debian.org/security/2008/dsa-1454 CVE: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2007-1351 CVE-2007-1352 ______________________________________________________________________________ REVISION HISTORY: 04/19/2007 - revised R-196 to add a link to Red Hat RHSA-2007:0150-2 Red Hat Desktop (v. 3, v. 4) , Red Hat Enterprise Linux AS, ES, WS (v. 2.1, v. 3, v. 4), Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor, RHEL Desktop Workstation (v. 5 client), Red Hat Enterprise Linux (v. 5 server), and Red Hat Enterprise Linux Desktop (v. 5 client). 01/10/2008 - revised R-196 to add a link to Debian Security Advisory DSA-1454-1 for Debian GNU/Linux 4.0 (stable). [***** Start Red Hat RHSA-2007:0132-3 *****] Important: libXfont security update Advisory: RHSA-2007:0132-3 Type: Security Advisory Severity: Important Issued on: 2007-04-03 Last updated on: 2007-04-03 Affected Products: RHEL Desktop Workstation (v. 5 client) Red Hat Enterprise Linux (v. 5 server) Red Hat Enterprise Linux Desktop (v. 5 client) OVAL: com.redhat.rhsa-20070132.xml CVEs (cve.mitre.org): CVE-2007-1351 CVE-2007-1352 Details Updated X.org libXfont packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. X.org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. iDefense reported two integer overflows in the way X.org handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.org server. (CVE-2007-1351, CVE-2007-1352) Users of X.org libXfont should upgrade to these updated packages, which contain a backported patch and are not vulnerable to this issue. Solution Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 Updated packages RHEL Desktop Workstation (v. 5 client) -------------------------------------------------------------------------------- IA-32: libXfont-devel-1.2.2-1.0.2.el5.i386.rpm a79829992fad2158b5b3f1f37e917d05 x86_64: libXfont-devel-1.2.2-1.0.2.el5.i386.rpm a79829992fad2158b5b3f1f37e917d05 libXfont-devel-1.2.2-1.0.2.el5.x86_64.rpm a4f8fc9719241360073507e5ee4f71eb Red Hat Enterprise Linux (v. 5 server) -------------------------------------------------------------------------------- SRPMS: libXfont-1.2.2-1.0.2.el5.src.rpm cebbaf955689613a4da4a13e70048bc9 IA-32: libXfont-1.2.2-1.0.2.el5.i386.rpm 4353d56aeba21ccafa8f1bbf0c657a44 libXfont-devel-1.2.2-1.0.2.el5.i386.rpm a79829992fad2158b5b3f1f37e917d05 IA-64: libXfont-1.2.2-1.0.2.el5.ia64.rpm 816dec2b8f2a72d5ab47afad494ce128 libXfont-devel-1.2.2-1.0.2.el5.ia64.rpm b467c7ec1bd61bdfa55118c658d64c66 PPC: libXfont-1.2.2-1.0.2.el5.ppc.rpm 1d6311c46bd83b598083d415937adb2e libXfont-1.2.2-1.0.2.el5.ppc64.rpm 0331576de1d63b54159c16564d69c098 libXfont-devel-1.2.2-1.0.2.el5.ppc.rpm 4eb2668a3160e080ba4cd5ea5b66f553 libXfont-devel-1.2.2-1.0.2.el5.ppc64.rpm 537c0b1ce6e6fa60efa9e341fa056776 s390x: libXfont-1.2.2-1.0.2.el5.s390.rpm 2ec26a64f65361dc4586fe48a02aedd6 libXfont-1.2.2-1.0.2.el5.s390x.rpm ff4bab53c981c8da60911edebbf7b9c6 libXfont-devel-1.2.2-1.0.2.el5.s390.rpm 10e487c8f8a608d5e73a5148789a44ce libXfont-devel-1.2.2-1.0.2.el5.s390x.rpm 3a87733755c9e8cd117aadee9eea56d1 x86_64: libXfont-1.2.2-1.0.2.el5.i386.rpm 4353d56aeba21ccafa8f1bbf0c657a44 libXfont-1.2.2-1.0.2.el5.x86_64.rpm 8921098af8f63c467e03faf813de0501 libXfont-devel-1.2.2-1.0.2.el5.i386.rpm a79829992fad2158b5b3f1f37e917d05 libXfont-devel-1.2.2-1.0.2.el5.x86_64.rpm a4f8fc9719241360073507e5ee4f71eb Red Hat Enterprise Linux Desktop (v. 5 client) -------------------------------------------------------------------------------- SRPMS: libXfont-1.2.2-1.0.2.el5.src.rpm cebbaf955689613a4da4a13e70048bc9 IA-32: libXfont-1.2.2-1.0.2.el5.i386.rpm 4353d56aeba21ccafa8f1bbf0c657a44 x86_64: libXfont-1.2.2-1.0.2.el5.i386.rpm 4353d56aeba21ccafa8f1bbf0c657a44 libXfont-1.2.2-1.0.2.el5.x86_64.rpm 8921098af8f63c467e03faf813de0501 (The unlinked packages above are only available from the Red Hat Network) Bugs fixed (see bugzilla for more information) 234058 - CVE-2007-1351 Multiple font integer overflows (CVE-2007-1352) References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1351 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1352 http://www.redhat.com/security/updates/classification/#important -------------------------------------------------------------------------------- These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from: https://www.redhat.com/security/team/key/#package The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/ [***** End Red Hat RHSA-2007:0132-3 *****] _______________________________________________________________________________ CIAC wishes to acknowledge the contributions of Red Hat for the information contained in this bulletin. _______________________________________________________________________________ CIAC, the Computer Incident Advisory Capability, is the computer security incident response team for the U.S. Department of Energy (DOE) and the emergency backup response team for the National Institutes of Health (NIH). CIAC is located at the Lawrence Livermore National Laboratory in Livermore, California. CIAC is also a founding member of FIRST, the Forum of Incident Response and Security Teams, a global organization established to foster cooperation and coordination among computer security teams worldwide. CIAC services are available to DOE, DOE contractors, and the NIH. CIAC can be contacted at: Voice: +1 925-422-8193 (7x24) FAX: +1 925-423-8002 STU-III: +1 925-423-2604 E-mail: ciac@ciac.org Previous CIAC notices, anti-virus software, and other information are available from the CIAC Computer Security Archive. World Wide Web: http://www.ciac.org/ Anonymous FTP: ftp.ciac.org PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing communities receive CIAC bulletins. If you are not part of these communities, please contact your agency's response team to report incidents. Your agency's team will coordinate with CIAC. The Forum of Incident Response and Security Teams (FIRST) is a world-wide organization. A list of FIRST member organizations and their constituencies can be obtained via WWW at http://www.first.org/. This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes. LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC) R-186: Lookup-el R-187: OpenOffice.org Security Update R-188: InterActual Player SyscheckObject ActiveX Vulnerability R-189: tcpdump Security Vulnerability R-190: Network Audio System Vulnerabilties R-191: Multiple Cisco Unified CallManager and Presence Server Denial of Service Vulnerabilities R-192: Vulnerabilities in Graphics Rendering Engine (GDI) R-193: krb5 Security Update R-194: XFree86 Security Update R-195: xorg-x11-server Security Update