Bug#883929: libxfont: CVE-2017-16611: User can trigger reads on special files as root allowing for DoS

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#883929: libxfont: CVE-2017-16611: User can trigger reads on special files as root allowing for DoS
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Sat, 09 Dec 2017 14:41:44 +0100
Message-id: <[🔎] 151282690481.22546.15175872961987486387.reportbug@eldamar.local>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 883929@bugs.debian.org

Source: libxfont
Version: 1:2.0.1-1
Severity: important
Tags: patch security upstream

Hi,

the following vulnerability was published for libxfont.

CVE-2017-16611[0]:
| In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker
| can open (but not read) files on the system as root, triggering tape
| rewinds, watchdogs, or similar mechanisms that can be triggered by
| opening files.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-16611
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16611
[1] http://openwall.com/lists/oss-security/2017/11/28/7

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Reply to:

Prev by Date: libxcursor_1.1.14-1+deb9u1_multi.changes ACCEPTED into proposed-updates->stable-new, proposed-updates
Next by Date: Processed: found 883929 in 1:1.5.1-1
Previous by thread: libxcursor_1.1.14-1+deb9u1_multi.changes ACCEPTED into proposed-updates->stable-new, proposed-updates
Next by thread: Processed: found 883929 in 1:1.5.1-1
Index(es):
- Date
- Thread