[El-errata] ELSA-2014-1893 Important: Oracle Linux 5 libXfont security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Mon Nov 24 19:24:31 PST 2014


Oracle Linux Security Advisory ELSA-2014-1893

https://rhn.redhat.com/errata/RHSA-2014-1893.html

The following updated rpms for Oracle Linux 5 have been uploaded to the 
Unbreakable Linux Network:

i386:
libXfont-1.2.2-1.0.6.el5_11.i386.rpm
libXfont-devel-1.2.2-1.0.6.el5_11.i386.rpm

x86_64:
libXfont-1.2.2-1.0.6.el5_11.i386.rpm
libXfont-1.2.2-1.0.6.el5_11.x86_64.rpm
libXfont-devel-1.2.2-1.0.6.el5_11.i386.rpm
libXfont-devel-1.2.2-1.0.6.el5_11.x86_64.rpm

ia64:
libXfont-1.2.2-1.0.6.el5_11.ia64.rpm
libXfont-devel-1.2.2-1.0.6.el5_11.ia64.rpm


SRPMS:
http://oss.oracle.com/ol5/SRPMS-updates/libXfont-1.2.2-1.0.6.el5_11.src.rpm



Description of changes:

[1.2.2-1.0.6]
- CVE-2014-0209: integer overflow of allocations in font metadata file 
parsing (bug 1163602, bug 1163601)
- CVE-2014-0210: unvalidated length fields when parsing xfs protocol 
replies (bug 1163602, bug 1163601)
- CVE-2014-0211: integer overflows calculating memory needs for xfs 
replies (bug 1163602, bug 1163601)





More information about the El-errata mailing list