LibXfont, TightVNC: Multiple vulnerabilities

LibXfont, TightVNC: Multiple vulnerabilities Multiple vulnerabilities have been reported in libXfont and TightVNC, allowing for the execution of arbitrary code with root privileges. tightvnc, libxfont May 08, 2007 May 08, 2007: 01 172575 174200 local 1.2.9-r4 1.2.9-r4 1.2.7-r1 1.2.7-r1

LibXfont is the X.Org font library. TightVNC is a VNC client/server for X displays.

The libXfont code is prone to several integer overflows, in functions ProcXCMiscGetXIDList(), bdfReadCharacters() and FontFileInitTable(). TightVNC contains a local copy of this code and is also affected.

A local attacker could use a specially crafted BDF Font to gain root privileges on the vulnerable host.

There is no known workaround at this time.

All libXfont users should upgrade to the latest version:


    # emerge --sync
    # emerge --ask --oneshot --verbose ">=x11-libs/libXfont-1.2.7-r1"

All TightVNC users should upgrade to the latest version:


    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-misc/tightvnc-1.2.9-r4"

CVE-2007-1003 CVE-2007-1351 CVE-2007-1352 jaervosz vorlon p-y