[Oraclevm-errata] OVMSA-2014-0080 Important: Oracle VM 3.3 libXfont security update

Errata Announcements for Oracle VM oraclevm-errata at oss.oracle.com
Mon Nov 24 10:55:53 PST 2014


Oracle VM Security Advisory OVMSA-2014-0080

The following updated rpms for Oracle VM 3.3 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
libXfont-1.4.5-4.el6_6.x86_64.rpm


SRPMS:
http://oss.oracle.com/oraclevm/server/3.3/SRPMS-updates/libXfont-1.4.5-4.el6_6.src.rpm



Description of changes:

[1.4.5-4]
- CVE-2014-0209: integer overflow of allocations in font metadata file 
parsing (bug 1163602, bug 1163601)
- CVE-2014-0210: unvalidated length fields when parsing xfs protocol 
replies (bug 1163602, bug 1163601)
- CVE-2014-0211: integer overflows calculating memory needs for xfs 
replies (bug 1163602, bug 1163601)

[1.4.5-3]
- cve-2013-6462.patch: sscanf overflow (bug 1049684)
- sscanf-hardening.patch: Some other sscanf hardening fixes (1049684)





More information about the Oraclevm-errata mailing list