hubertf's NetBSD Blog
Send interesting links to hubert at feyrer dot de!
 
[20140108] Two new NetBSD security advisories: ntpd, libXfont
Two new NetBSD security advisories have been published:
  • NetBSD Security Advisory 2014-001: Stack buffer overflow in libXfont:

    ``A stack buffer overflow in parsing of BDF font files in libXfont was found that can easily be used to crash X programs using libXfont, and likely could be exploited to run code with the privileges of the X program (most nostably, the X server, commonly running as root).

    This vulnerability has been assigned CVE-2013-6462.''

  • NetBSD Security Advisory 2014-002: ntpd used as DDoS amplifier:

    ``An administrative query function is getting used by attackers to use ntp servers as traffic amplifiers. The new version no longer offers this query option.''

See the advisories for technical details, workarounds and proper solutions to fix the problems. All this is fixed in NetBSD-current, patches are available for the NetBSD 5 and 6 releases with their corresponding development branches.

[Tags: , , ]


Disclaimer: All opinion expressed here is purely my own. No responsibility is taken for anything.

Access count: 36184259
Copyright (c) Hubert Feyrer