Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2017:3256-1

Опубликовано: 08 дек. 2017
Источник: suse-cvrf

Описание

Security update for libXfont

This update for libXfont fixes several issues.

These security issues were fixed:

  • CVE-2017-13720: Improper check for end of string in PatterMatch caused invalid reads (bsc#1054285)
  • CVE-2017-13722: Malformed PCF file could have caused DoS or leak information (bsc#1049692)
  • Prevent the X server from accessing arbitrary files as root. It is not possible to leak information, but special files can be touched allowing for causing side effects (bsc#1050459)

Список пакетов

openSUSE Leap 42.2
libXfont-1.5.1-9.3.1
libXfont-devel-1.5.1-9.3.1
libXfont-devel-32bit-1.5.1-9.3.1
libXfont1-1.5.1-9.3.1
libXfont1-32bit-1.5.1-9.3.1

Ссылки

Описание

In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash (denial of service). This occurs because '\0' characters are incorrectly skipped in situations involving ? characters.

Затронутые продукты
openSUSE Leap 42.2:libXfont-1.5.1-9.3.1
openSUSE Leap 42.2:libXfont-devel-1.5.1-9.3.1
openSUSE Leap 42.2:libXfont-devel-32bit-1.5.1-9.3.1
openSUSE Leap 42.2:libXfont1-1.5.1-9.3.1
Ссылки

Описание

In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary check (for PCF files) could be used by local attackers authenticated to an Xserver for a buffer over-read, for information disclosure or a crash of the X server.

Затронутые продукты
openSUSE Leap 42.2:libXfont-1.5.1-9.3.1
openSUSE Leap 42.2:libXfont-devel-1.5.1-9.3.1
openSUSE Leap 42.2:libXfont-devel-32bit-1.5.1-9.3.1
openSUSE Leap 42.2:libXfont1-1.5.1-9.3.1
Ссылки