Debian Security Advisory

DLA-183-1 libxfont -- LTS security update

Date Reported:
28 Mar 2015
Affected Packages:
libxfont
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2015-1802, CVE-2015-1803, CVE-2015-1804.
More information:

Ilja van Sprundel, Alan Coopersmith and William Robinet discovered multiple issues in libxfont's code to process BDF fonts, which might result in privilege escalation.

For Debian 6 Squeeze, these issues have been fixed in libxfont version 1:1.4.1-5+deb6u1