Bug 12237 - libxfont new security issue CVE-2013-6462
Summary: libxfont new security issue CVE-2013-6462
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 3
Hardware: i586 Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL: http://lwn.net/Vulnerabilities/579639/
Whiteboard: advisory mga3-32-OK mga3-64-OK
Keywords: validated_update
Depends on:
Blocks:
 
Reported: 2014-01-07 23:29 CET by David Walser
Modified: 2014-01-21 17:41 CET (History)
3 users (show)

See Also:
Source RPM: libxfont-1.4.5-3.mga3.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2014-01-07 23:29:25 CET
Debian has issued an advisory today (January 7):
https://lists.debian.org/debian-security-announce/2014/msg00006.html

More info, including a patch, is available in the upstream announcement:
http://permalink.gmane.org/gmane.comp.security.oss.general/11814

The issue is also fixed upstream in 1.4.7.

Reproducible: 

Steps to Reproduce:
David Walser 2014-01-07 23:29:40 CET

CC: (none) => thierry.vignaud
Whiteboard: (none) => MGA3TOO

Comment 1 David Walser 2014-01-08 22:28:42 CET
Better link for the upstream announcement:
http://lists.x.org/archives/xorg-announce/2014-January/002389.html
David Walser 2014-01-08 22:51:00 CET

URL: (none) => http://lwn.net/Vulnerabilities/579639/

Comment 2 Thierry Vignaud 2014-01-09 12:13:56 CET
Fix in progress
Comment 3 Thierry Vignaud 2014-01-09 16:17:16 CET
Done

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Comment 4 David Walser 2014-01-09 16:27:02 CET
libxfont-1.4.7-1.mga4 uploaded for Cauldron.

Not fixed yet, as there's still Mageia 3.

Status: RESOLVED => REOPENED
Version: Cauldron => 3
Resolution: FIXED => (none)
Whiteboard: MGA3TOO => (none)

Comment 5 David Walser 2014-01-09 17:40:27 CET
Patched package uploaded for Mageia 3.

Advisory:
========================

Updated libxfont packages fix security vulnerability:

It was discovered that a buffer overflow in the processing of Glyph Bitmap
Distribution fonts (BDF) could result in the execution of arbitrary code
(CVE-2013-6462).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6462
http://lists.x.org/archives/xorg-announce/2014-January/002389.html
http://www.debian.org/security/2014/dsa-2838
========================

Updated packages in core/updates_testing:
========================
libxfont1-1.4.5-3.1.mga3
libxfont1-devel-1.4.5-3.1.mga3
libxfont1-static-devel-1.4.5-3.1.mga3

from libxfont-1.4.5-3.1.mga3.src.rpm

Assignee: bugsquad => qa-bugs

Thierry Vignaud 2014-01-09 17:50:10 CET

CC: thierry.vignaud => (none)

Comment 6 David Walser 2014-01-09 21:32:25 CET
As noted in the Ubuntu advisory, the arbitrary code execution shouldn't actually be possible due to compiler options used to build this, so it's just a denial of service vulnerability (malicious font could cause the X server to crash).
http://www.ubuntu.com/usn/usn-2078-1/
Comment 7 David Walser 2014-01-17 14:50:29 CET
*** Bug 12339 has been marked as a duplicate of this bug. ***
Comment 8 Bill Wilkinson 2014-01-19 01:55:02 CET
Checked Securityfocus, no specific PoC, just "Attackers can use readily available tools to exploit this issue"

Testing mga3-32 for installation/general use.

CC: (none) => wrw105

Comment 9 Bill Wilkinson 2014-01-19 02:11:15 CET
Mga3-32 tested, no adverse effects on font display.

Whiteboard: (none) => mga3-32-OK

Comment 10 Bill Wilkinson 2014-01-19 02:24:35 CET
Mga3-64 tested, no adverse effects on font display.

This just needs advisory uploaded to svn.

Whiteboard: mga3-32-OK => mga3-32-OK mga3-64-OK

Comment 11 claire robinson 2014-01-20 09:12:51 CET
Advisory uploaded. Validating.

Could sysadmin please push from 3 core/updates_testing to updates

Thanks

Keywords: (none) => validated_update
Whiteboard: mga3-32-OK mga3-64-OK => advisory mga3-32-OK mga3-64-OK
CC: (none) => sysadmin-bugs

Comment 12 Thomas Backlund 2014-01-21 17:41:08 CET
Update pushed:
http://advisories.mageia.org/MGASA-2014-0020.html

Status: REOPENED => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.