similar to: CESA-2015:1708 Important CentOS 7 libXfont Security Update

Send CentOS-announce mailing list submissions to centos-announce at centos.org To subscribe or unsubscribe via the World Wide Web, visit https://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-request at centos.org You can reach the person managing the list at centos-announce-owner at centos.org When

CentOS Errata and Security Advisory 2015:1708 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-1708.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 9856558ad51e2b739b307e54519434fd091a7eef0a3380d8e08f6bda984dbc09 libXfont-1.4.5-5.el6_7.i686.rpm

CentOS Errata and Security Advisory 2014:1870 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-1870.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 4db16b52f6e2005a48f611e2634fe0be85344f8fd63c8df546ac5aa805a146aa libXfont-1.4.7-2.el7_0.i686.rpm

CentOS Errata and Security Advisory 2014:0018 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-0018.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 5d177ebe7d19a7515f179bf06b534b16be5c3017b51dc32cef13f1ef45c94676 libXfont-1.2.2-1.0.5.el5_10.i386.rpm

CentOS Errata and Security Advisory 2014:0018 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-0018.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: e197f6ba7f88663d651ff7fece36f0ab4439063d7267738c9bbdc86d0c39ae5e libXfont-1.4.5-3.el6_5.i686.rpm

CentOS Errata and Security Advisory 2014:1870 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-1870.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 13834a3e7436e041b8455eb295055e10d6eb636d0b63ca52ca923505a46b95ac libXfont-1.4.5-4.el6_6.i686.rpm

CentOS Errata and Security Advisory 2014:1893 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-1893.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: b0d5d2c56dc2794ccd036623672af58746d121b5341744c2f7c16b30120faa5c libXfont-1.2.2-1.0.6.el5_11.i386.rpm

CentOS Errata and Security Advisory 2008:0064 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2008-0064.html The following updated files have been uploaded and are currently syncing to the mirrors: ( md5sum Filename ) x86_64: 58a6afa028e71b251b828d00dac83715 libXfont-1.2.2-1.0.3.el5_1.i386.rpm a0fc6a74d8307597032f9f275dfc3f4c libXfont-1.2.2-1.0.3.el5_1.x86_64.rpm

CentOS Errata and Security Advisory 2011:1154 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2011-1154.html The following updated files have been uploaded and are currently syncing to the mirrors: ( md5sum Filename ) x86_64: af716cc565a831e7ab6fa369c9dbacab libXfont-1.2.2-1.0.4.el5_7.i386.rpm 6be4f475ba1460cd0fe81dffb114248f libXfont-1.2.2-1.0.4.el5_7.x86_64.rpm

CentOS Errata and Security Advisory 2008:0064 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2008-0064.html The following updated files have been uploaded and are currently syncing to the mirrors: ( md5sum Filename ) i386: f1bdf132265bfd9e3b3d6f020a0ec99c libXfont-1.2.2-1.0.3.el5_1.i386.rpm 27c6b0c70afbdd2bce8513f675a7a039 libXfont-devel-1.2.2-1.0.3.el5_1.i386.rpm

CentOS Errata and Security Advisory 2011:1154 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2011-1154.html The following updated files have been uploaded and are currently syncing to the mirrors: ( md5sum Filename ) i386: c8be195b72f957b264035e998f19ec4d libXfont-1.2.2-1.0.4.el5_7.i386.rpm 106869c973f93ecddc4a2c3d3a5e7593 libXfont-devel-1.2.2-1.0.4.el5_7.i386.rpm

Matt Turner (1): libXfont 1.5.3 Michal Srb (2): Check for end of string in PatternMatch (CVE-2017-13720) pcfGetProperties: Check string boundaries (CVE-2017-13722) git tag: libXfont-1.5.3 https://xorg.freedesktop.org/archive/individual/lib/libXfont-1.5.3.tar.bz2 MD5: 9ba75bf38ba62a6ad52550ab716da9b3 libXfont-1.5.3.tar.bz2 SHA1: 628b8ca2207f09324b8926084318a2fa2edb16d1

Matthieu Herrb (1): libXfont 1.5.4 Michal Srb (1): Open files with O_NOFOLLOW. (CVE-2017-16611) git tag: libXfont-1.5.4 https://xorg.freedesktop.org/archive/individual/lib/libXfont-1.5.4.tar.bz2 MD5: 16eaf156edd79b68038b6a7c44aa9e9b libXfont-1.5.4.tar.bz2 SHA1: 9db050f63b9c4cb19e0dbb40575558ccb95719ca libXfont-1.5.4.tar.bz2 SHA256:

Maintenance branch release, primarily for bdftopcf's benefit as it's the only thing that really needs the Xfont1 API. (xfs uses it too, I believe, but could be ported to Xfont2). If someone wanted to step up and merge Xfont1 into bdtopcf directly, that'd be great. Adam Jackson (1):       libXfont 1.5.2 Alan Coopersmith (1):       doc: add a couple olinks to fsproto & xfs-design

Adam Jackson (1): libXfont 1.3.2 Jens Granseuer (1): fix build with gcc 2.95. Matthieu Herrb (3): catalogue.c: prevent a one character overflow ftsystem.c is not needed anymore. Fix for CVE-2008-0006 - PCF Font parser buffer overflow. Tilman Sauerbeck (1): Replaced one instance of bcopy() with memcpy(). git tag: libXfont-1.3.2

This release of libXfont provides the fixes for today's security advisory about BDF font parsing bugs. Like libXfont 1.5.0, it requires fontsproto 2.1.3 or later and will not build cleanly with older versions. Alan Coopersmith (6): Remove unneeded checks for #ifndef X_NOT_POSIX Use 'imdent' to realign cpp indentation levels in fslibos.h bdfReadProperties: property

This release of libXfont provides the fixes for today's security advisory about BDF font parsing bugs. Like libXfont 1.4.8, it requires fontsproto 2.1.2 or earlier and will not build cleanly with newer versions. Alan Coopersmith (4): bdfReadProperties: property count needs range check [CVE-2015-1802] bdfReadCharacters: bailout if a char's bitmap cannot be read [CVE-2015-1803]

X.Org Security Advisory: March 17, 2015 More BDF file parsing issues in libXfont ======================================== Description: ============ Ilja van Sprundel, a security researcher with IOActive, has discovered an issue in the parsing of BDF font files by libXfont. Additional testing by Alan Coopersmith and William Robinet with the American Fuzzy Lop (afl) tool uncovered two more

CentOS Errata and Security Advisory 2015:1135 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-1135.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 48e10bf983d8cb8920e562c5b9782ad0bcda1ed62d33c639817c53bbe95f4584 php-5.4.16-36.el7_1.x86_64.rpm

CentOS Errata and Security Advisory 2015:0809 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-0809.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 4fa9c6c27b9ade68bdb5f88352b1e5e059cb8d4a4f688407bfbb1ac2c32f9e0c java-1.8.0-openjdk-1.8.0.45-30.b13.el7_1.x86_64.rpm