532 matches found
GLSA-201801-10 : LibXfont, LibXfont2: Arbitrary file access
The remote host is affected by the vulnerability described in GLSA-201801-10 LibXfont, LibXfont2: Arbitrary file access It was discovered that libXfont incorrectly followed symlinks when opening font files. Impact : A local unprivileged user could use this flaw to cause the X server to access...
FreeBSD : libXfont -- permission bypass when opening files through symlinks (08a125f3-e35a-11e7-a293-54e1ad3d6335)
the freedesktop.org project reports : A non-privileged X client can instruct X server running under root to open any file by creating own directory with 'fonts.dir', 'fonts.alias' or any font file being a symbolic link to any other file in the system. X server will then open it. This can be issue...
FreeBSD : libXfont -- multiple memory leaks (3b9590a1-e358-11e7-a293-54e1ad3d6335)
The freedesktop.org project reports : If a pattern contains '?' character, any character in the string is skipped, even if it is '\0'. The rest of the matching then reads invalid memory. Without the checks a malformed PCF file can cause the library to make atom from random heap memory that was...
openSUSE Security Update : libXfont (openSUSE-2017-1357)
This update for libXfont fixes several issues. These security issues were fixed : - CVE-2017-13720: Improper check for end of string in PatterMatch caused invalid reads bsc1054285 - CVE-2017-13722: Malformed PCF file could have caused DoS or leak information bsc1049692 - Prevent the X server from...
MGASA-2017-0442 Updated libxfont/libxfont2 packages fix security vulnerability
Fixes open files with ONOFOLLOW. CVE-2017-16611...
Updated libxfont/libxfont2 packages fix security vulnerability
Fixes open files with ONOFOLLOW. CVE-2017-16611...
libXfont and libXfont2 Arbitrary File Access Vulnerabilities
libXfont and libXfont2 are both X.Org Foundation X font processing libraries for servers and utilities. A security vulnerability exists in libXfont versions prior to 1.5.4 and libXfont2 versions prior to 2.0.3. A local attacker could exploit this vulnerability to allow the X server to access...
Open redirect
In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open but not read files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files...
CVE-2017-16611
In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open but not read files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files...
CVE-2017-16611
In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open but not read files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files...
ALPINE-CVE-2017-16611
In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open but not read files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files...
CVE-2017-16611
In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open but not read files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files...
CVE-2017-16611
Summary: CVE-2017-16611 affects libXfont (<=1.5.4) and libXfont2 (
CVE-2017-16611
In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open but not read files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files...
CVE-2017-16611
In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open but not read files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files...
CVE-2017-16611
In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open but not read files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files...
Ubuntu 14.04 LTS / 16.04 LTS : libXfont vulnerability (USN-3500-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3500-1 advisory. It was discovered that libXfont incorrectly followed symlinks when opening font files. A local unprivileged user could use this issue to cause the X...
Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 : libXfont (SSA:2017-333-02)
New libXfont packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and 14.2 to fix a security issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2017-333-02. The text itse...
Ubuntu: Security Advisory (USN-3500-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-3500-1 libxfont, libxfont1, libxfont2 vulnerability
It was discovered that libXfont incorrectly followed symlinks when opening font files. A local unprivileged user could use this issue to cause the X server to access arbitrary files, including special device files...