漏洞信息详情

XFree86未名的Fontfile Buffer Overrun漏洞

• CNNVD编号：CNNVD-200403-028
• 危害等级： 高危
  
• CVE编号： CVE-2004-0106
• 漏洞类型： 边界条件错误
• 发布时间： 2004-03-03
• 威胁类型： 本地
• 更新时间： 2005-10-28
• 厂        商： openbsd
• 漏洞来源： Discovery of this ...

漏洞简介

XFree86 4.1.0到4.3.0版本存在多个未知的漏洞。该漏洞与字体文件的处理不当有关。

漏洞公告

SCO has released advisory SCOSA-2004.2 and updates to address this issue. Please see the referenced advisory for further details regarding obtaining and applying appropriate updates. OpenBSD Project has released fixes to address this issue. Fixes are linked below. SGI has released an advisory 20040203-01-U to address this and other issues in SGI ProPack 2.4 and ProPack 2.3. Please see the referenced advisory for more information. Fixes are available below. Turbolinux have released an advisory (TLSA-2004-5) and fixes to address this issue. Affected users are advised to apply the appropriate updates as soon as possible. Further information regarding obtaining and applying these updates can be found in the referenced advisory. Red Hat has released an advisory (RHSA-2004:060-16) and fixes to address this issue in enterprise products. Customers who are subscribed to the Red Hat Network may run "up2date" to obtain fixes. Further details pertaining to obtaining and applying appropriate fixes can be found in the referenced advisory. Red Hat has released a Fedora advisory (FEDORA-2004-069) and fixes to address this issue. Users who are running Fedora may run "up2date" to obtain fixes. Further details pertaining to obtaining and applying appropriate fixes can be found in the referenced advisory. Mandrake has released an advisory (MDKSA-2004:012) and fixes to address this issue. Further details pertaining to obtaining and applying appropriate fixes can be found in the referenced advisory. Slackware have released an advisory (SSA:2004-043-02) and fixes to address this issue. Please see referenced advisory for further details regarding the application of relevant fixes. Immunix have released an advisory (IMNX-2004-73-002-01) and fixes to address this issue. Customers who are running Immunix 7.3 may run "up2date -u", to obtain fixes. Further details pertaining to obtaining and applying appropriate fixes can be found in the referenced advisory. RedHat has released an advisory (RHSA-2004:059-01) and fixes to address this issue. See the referenced advisory for links to fixed packages. Debian has released an advisory (DSA 443-1) and fixes to address this issue. See the referenced advisory for fix information. Conectiva advisory CLA-2004:821 has bee released dealing with this issue. Please see the reference section for more information. SuSE has released advisory SuSE-SA:2004:006 to address this issue. Please see the attached advisory for details on obtaining and applying fixes. HP has released an advisory (HPSBUX01018) with fixes to address this issue. The advisory can be obtained from the following location, however, IT resource center authentication credentials are required: http://your.hp.com/m/S.asp?HB13370677735X3451007X362981 Fedora Legacy has released advisory FLSA-2005:2314 dealing with this and other issues for the Fedora Core 1 and RedHat Linux packages. Please see the referenced advisory for more information. OpenBSD OpenBSD 3.3

• OpenBSD 017_font.patch ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/017_font.patch

OpenBSD OpenBSD 3.4

• OpenBSD 012_font.patch ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/012_font.patch

HP HP-UX 11.0

• HP PHSS_30181Patch is available from: HP-UX Security Patch Matrix
• HP PHSS_30477Patch is available from: HP-UX Security Patch Matrix

HP HP-UX 11.0 4

• HP PHSS_30586Patch is available from: HP-UX Security Patch Matrix
• HP PHSS_30706Patch is available from: HP-UX Security Patch Matrix

HP HP-UX 11.11

• HP PHSS_30173 Patch is available from: HP-UX Security Patch Matrix
• HP PHSS_30478Patch is available from: HP-UX Security Patch Matrix

HP HP-UX 11.22

• HP PHSS_30172Patch is available from: HP-UX Security Patch Matrix
• HP PHSS_30479Patch is available from: HP-UX Security Patch Matrix

HP HP-UX 11.23

• HP PHSS_30171Patch is available from: HP-UX Security Patch Matrix
• HP PHSS_30480Patch is available from: HP-UX Security Patch Matrix

SGI ProPack 2.3

• SGI patch10051.tar.gz ftp://patches.sgi.com/support/free/security/patches/ProPack/2.3/patch1 0051.tar.gz

SGI ProPack 2.4

• SGI patch10051.tar.gz ftp://patches.sgi.com/support/free/security/patches/ProPack/2.4/patch1 0051.tar.gz

XFree86 X11R6 4.1 .0

• Debian lbxproxy_4.1.0-16woody2_mips.debDebian GNU/Linux 3.0 (woody) http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0- 16woody2_mips.deb
• Debian lbxproxy_4.1.0-16woody2_mipsel.debDebian GNU/Linux 3.0 (woody) http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0- 16woody2_mipsel.deb
• Debian lbxproxy_4.1.0-16woody3_alpha.debDebian GNU/Linux 3.0 (woody) http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0- 16woody3_alpha.deb
• Debian lbxproxy_4.1.0-16woody3_arm.debDebian GNU/Linux 3.0 (woody) http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0- 16woody3_arm.deb
• Debian lbxproxy_4.1.0-16woody3_hppa.debDebian GNU/Linux 3.0 (woody) http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0- 16woody3_hppa.deb
• Debian lbxproxy_4.1.0-16woody3_i386.debDebian GNU/Linux 3.0 (woody) http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0- 16woody3_i386.deb
• Debian lbxproxy_4.1.0-16woody3_ia64.debDebian GNU/Linux 3.0 (woody) http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0- 16woody3_ia64.deb
• Debian lbxproxy_4.1.0-16woody3_m68k.debDebian GNU/Linux 3.0 (woody) http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0- 16woody3_m68k.deb
• Debian lbxproxy_4.1.0-16woody3_powerpc.debDebian GNU/Linux 3.0 (woody) http://security.debian.org/pool/updates/main/x/xfree86

参考网址

来源: SLACKWARE 名称: SSA:2004-043 链接:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.405053 来源: REDHAT 名称: RHSA-2004:061 链接:http://www.redhat.com/support/errata/RHSA-2004-061.HTML 来源: REDHAT 名称: RHSA-2004:060 链接:http://www.redhat.com/support/errata/RHSA-2004-060.HTML 来源: XF 名称: xfree86-multiple-font-improper-handling(15206) 链接:http://xforce.iss.net/xforce/xfdb/15206 来源: REDHAT 名称: RHSA-2004:059 链接:http://www.redhat.com/support/errata/RHSA-2004-059.HTML 来源: SUSE 名称: SuSE-SA:2004:006 链接:http://www.novell.com/linux/security/advisories/2004_06_xf86.HTML 来源: DEBIAN 名称: DSA-443 链接:http://www.debian.org/security/2004/dsa-443 来源: OVAL 名称: oval:org.mitre.oval:def:11111 链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11111 来源: MANDRAKE 名称: MDKSA-2004:012 链接:http://www.mandriva.com/security/advisories?name=MDKSA-2004:012 来源: FEDORA 名称: FLSA:2314 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=110979666528890&w=2 来源: CONECTIVA 名称: CLA-2004:821 链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000821 来源: US Government Resource: oval:org.mitre.oval:def:832 名称: oval:org.mitre.oval:def:832 链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:832 来源: US Government Resource: oval:org.mitre.oval:def:809 名称: oval:org.mitre.oval:def:809 链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:809

受影响实体

• Openbsd Openbsd:3.3  
• Openbsd Openbsd:3.4  

补丁

暂无