Debian Security Advisory

DSA-3194-1 libxfont -- security update

Date Reported:
17 Mar 2015
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2015-1802, CVE-2015-1803, CVE-2015-1804.
More information:

Ilja van Sprundel, Alan Coopersmith and William Robinet discovered multiple issues in libxfont's code to process BDF fonts, which might result in privilege escalation.

For the stable distribution (wheezy), these problems have been fixed in version 1.4.5-5.

For the unstable distribution (sid), these problems will be fixed soon.

We recommend that you upgrade your libxfont packages.