Ubuntu Security Notice USN-344-1
12th September, 2006
libxfont, xorg vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 6.06 LTS
- Ubuntu 5.10
- Ubuntu 5.04
Details
iDefense security researchers found several integer overflows in
X.org's font handling library. By using a specially crafted Type1 CID
font file, a local user could exploit these to crash the X server or
execute arbitrary code with root privileges.
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 6.06 LTS:
- libxfont1 1:1.0.0-0ubuntu3.2
- Ubuntu 5.10:
- libxfont1 1:0.99.0+cvs.20050909-1.2
- Ubuntu 5.04:
- libfs6 6.8.2-10.4
- xserver-xorg 6.8.2-10.4
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
After a standard system upgrade you need to restart your X session to
effect the necessary changes.