Two new NetBSD security advisories: ntpd, libXfont
Two new NetBSD security advisories have been published:
See the advisories for technical details, workarounds and
proper solutions to fix the problems.
All this is fixed in NetBSD-current, patches are available
for the NetBSD 5 and 6 releases with their corresponding
- NetBSD Security Advisory 2014-001: Stack buffer overflow in libXfont:
``A stack buffer overflow in parsing of BDF font files in libXfont was
found that can easily be used to crash X programs using libXfont,
and likely could be exploited to run code with the privileges of
the X program (most nostably, the X server, commonly running as root).
This vulnerability has been assigned CVE-2013-6462.''
- NetBSD Security Advisory 2014-002: ntpd used as DDoS amplifier:
``An administrative query function is getting used by
attackers to use ntp servers as traffic amplifiers.
The new version no longer offers this query option.''
[Tags: ntp, Security, X]