Описание
Security update for libXfont
This update for libXfont fixes several issues.
These security issues were fixed:
- CVE-2017-13720: Improper check for end of string in PatterMatch caused invalid reads (bsc#1054285)
- CVE-2017-13722: Malformed PCF file could have caused DoS or leak information (bsc#1049692)
- Prevent the X server from accessing arbitrary files as root. It is not possible to leak information, but special files can be touched allowing for causing side effects (bsc#1050459)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP3
SUSE Linux Enterprise Software Development Kit 12 SP2
SUSE Linux Enterprise Software Development Kit 12 SP3
Ссылки
- Link for SUSE-SU-2018:0334-1
- E-Mail link for SUSE-SU-2018:0334-1
- SUSE Security Ratings
- SUSE Bug 1049692
- SUSE Bug 1050459
- SUSE Bug 1054285
- SUSE CVE CVE-2017-13720 page
- SUSE CVE CVE-2017-13722 page
Описание
In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash (denial of service). This occurs because '\0' characters are incorrectly skipped in situations involving ? characters.
Затронутые продукты
Ссылки
- CVE-2017-13720
- SUSE Bug 1054285
- SUSE Bug 1159415
Описание
In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary check (for PCF files) could be used by local attackers authenticated to an Xserver for a buffer over-read, for information disclosure or a crash of the X server.
Затронутые продукты
Ссылки
- CVE-2017-13722
- SUSE Bug 1049692
- SUSE Bug 1159415