Debian Security Advisory DSA 2293-1 (libxfont) Network Vulnerability

Summary

The remote host is missing an update to libxfont announced via advisory DSA 2293-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202293-1

Insight

Tomas Hoger found a buffer overflow in the X.Org libXfont library, which may allow for a local privilege escalation through crafted font files. For the oldstable distribution (lenny), this problem has been fixed in version 1.3.3-2. For the stable distribution (squeeze), this problem has been fixed in version 1.4.1-3. For the unstable distribution (sid), this problem has been fixed in version 1.4.4-1. We recommend that you upgrade your libxfont packages.

Severity

Classification

CVE CVE-2011-2895

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Debian Security Advisory DSA 099-1 (XChat)
Debian Security Advisory DSA 074-1 (wmaker)
Debian Security Advisory DSA 075-1 (netkit-telnet-ssl)
Debian Security Advisory DSA 009-1 (stunnel)
Debian Security Advisory DSA 1049-1 (ethereal)

Take action and discover your vulnerabilities