532 matches found
[slackware-security] libXfont
New libXfont packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and 14.2 to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/libXfont-1.5.1-i486-2slack14.2.txz: Rebuilt. Open files with ONOFOLLOW. CVE-2017-16611 A non-privileged X...
UBUNTU-CVE-2017-16611
In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open but not read files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files...
libXfont -- permission bypass when opening files through symlinks
the freedesktop.org project reports: A non-privileged X client can instruct X server running under root to open any file by creating own directory with "fonts.dir", "fonts.alias" or any font file being a symbolic link to any other file in the system. X server will then open it. This can be issue...
Fedora Update for libXfont FEDORA-2017-b7c4334524
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for libXfont FEDORA-2017-2783ef2c63
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 25 : libXfont (2017-b7c4334524)
Security fix for CVE-2017-13720 and CVE-2017-13722 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
Fedora 26 : libXfont (2017-2783ef2c63)
Security fix for CVE-2017-13720 and CVE-2017-13722 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
[SECURITY] Fedora 26 Update: libXfont-1.5.2-5.fc26
X.Org X11 libXfont runtime library...
[SECURITY] Fedora 25 Update: libXfont-1.5.2-5.fc25
X.Org X11 libXfont runtime library...
MGASA-2017-0373 Updated libxfont packages fix security vulnerabilities
In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash denial of service. This occurs because '\0'...
Updated libxfont packages fix security vulnerabilities
In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash denial of service. This occurs because '\0'...
[SECURITY] Fedora 27 Update: libXfont-1.5.2-5.fc27
X.Org X11 libXfont runtime library...
libxfont Denial of Service Vulnerability (CNVD-2017-30425)
libXfont is an X font processing library for servers and utilities from the X.Org Foundation. A denial of service vulnerability exists in the 'pcfGetProperties' function of the bitmap/pcfread.c file in libXfont versions 1.5.2 and earlier, and version 2.x prior to 2.0.2, which stems from the...
CVE-2017-13722
In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary check for PCF files could be used by local attackers authenticated to an Xserver for a buffer over-read, for information disclosure or a crash of the X server...
Information disclosure
In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash denial of service. This occurs because '\0'...
CVE-2017-13722
In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary check for PCF files could be used by local attackers authenticated to an Xserver for a buffer over-read, for information disclosure or a crash of the X server...
CVE-2017-13720
In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash denial of service. This occurs because '\0'...
CVE-2017-13720
In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash denial of service. This occurs because '\0'...
CVE-2017-13722
In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary check for PCF files could be used by local attackers authenticated to an Xserver for a buffer over-read, for information disclosure or a crash of the X server...
CVE-2017-13720
Summary: LibXfont (libXfont and libXfont2) contains a vulnerability in the PatternMatch function (fontfile/fontdir.c). The flaw allows a buffer over-read during font pattern matching, potentially leading to information disclosure or a crash. It affects libXfont up to 1.5.2 and libXfont2 up to 2.x...