Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2018:0343-1

Опубликовано: 01 фев. 2018
Источник: suse-cvrf

Описание

Security update for libXfont

This update for libXfont fixes several issues.

These security issues were fixed:

  • CVE-2017-13720: Improper check for end of string in PatterMatch caused invalid reads (bsc#1054285)
  • CVE-2017-13722: Malformed PCF file could have caused DoS or leak information (bsc#1049692)
  • Prevent the X server from accessing arbitrary files as root. It is not possible to leak information, but special files can be touched allowing for causing side effects (bsc#1050459)

This update was imported from the SUSE:SLE-12-SP2:Update update project.

Список пакетов

openSUSE Leap 42.3
libXfont-1.5.1-13.1
libXfont-devel-1.5.1-13.1
libXfont-devel-32bit-1.5.1-13.1
libXfont1-1.5.1-13.1
libXfont1-32bit-1.5.1-13.1

Ссылки

Описание

In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash (denial of service). This occurs because '\0' characters are incorrectly skipped in situations involving ? characters.

Затронутые продукты
openSUSE Leap 42.3:libXfont-1.5.1-13.1
openSUSE Leap 42.3:libXfont-devel-1.5.1-13.1
openSUSE Leap 42.3:libXfont-devel-32bit-1.5.1-13.1
openSUSE Leap 42.3:libXfont1-1.5.1-13.1
Ссылки

Описание

In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary check (for PCF files) could be used by local attackers authenticated to an Xserver for a buffer over-read, for information disclosure or a crash of the X server.

Затронутые продукты
openSUSE Leap 42.3:libXfont-1.5.1-13.1
openSUSE Leap 42.3:libXfont-devel-1.5.1-13.1
openSUSE Leap 42.3:libXfont-devel-32bit-1.5.1-13.1
openSUSE Leap 42.3:libXfont1-1.5.1-13.1
Ссылки