|
[20140108]
|
Two new NetBSD security advisories: ntpd, libXfont
Two new NetBSD security advisories have been published:
- NetBSD Security Advisory 2014-001: Stack buffer overflow in libXfont:
``A stack buffer overflow in parsing of BDF font files in libXfont was
found that can easily be used to crash X programs using libXfont,
and likely could be exploited to run code with the privileges of
the X program (most nostably, the X server, commonly running as root).
This vulnerability has been assigned CVE-2013-6462.''
- NetBSD Security Advisory 2014-002: ntpd used as DDoS amplifier:
``An administrative query function is getting used by
attackers to use ntp servers as traffic amplifiers.
The new version no longer offers this query option.''
See the advisories for technical details, workarounds and
proper solutions to fix the problems.
All this is fixed in NetBSD-current, patches are available
for the NetBSD 5 and 6 releases with their corresponding
development branches.
[Tags: ntp, Security, X]
|
|
