[gentoo-announce] [ GLSA 201711-08 ] LibXfont, LibXfont2: Multiple vulnerabilities - gentoo-announce

From:	Aaron Bauman <bman@g.o>
To:	gentoo-announce@l.g.o
Subject:	[gentoo-announce] [ GLSA 201711-08 ] LibXfont, LibXfont2: Multiple vulnerabilities
Date:	Sat, 11 Nov 2017 15:05:35
Message-Id:	`3666340.roH9fDyaCM@localhost.localdomain`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 201711-08

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                           https://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

 Severity: Normal

8

    Title: LibXfont, LibXfont2: Multiple vulnerabilities

9

     Date: November 11, 2017

10

     Bugs: #634044

11

       ID: 201711-08

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

Multiple vulnerabilities have been found in LibXfont and Libxfont2, the

19

worst of which could allow attackers to cause a Denial of Service

20

condition.

21

22

Background

23

==========

24

25

X.Org Xfont library 

26

27

Affected packages

28

=================

29

30

    -------------------------------------------------------------------

31

     Package              /     Vulnerable     /            Unaffected

32

    -------------------------------------------------------------------

33

  1  x11-libs/libXfont2           < 2.0.2                    >= 2.0.2 

34

  2  x11-libs/libXfont            < 1.5.3                    >= 1.5.3 

35

    -------------------------------------------------------------------

36

     2 affected packages

37

38

Description

39

===========

40

41

Multiple vulnerabilities have been discovered in LibXfont and

42

LibXfont2. Please review the referenced CVE identifiers for details.

43

44

Impact

45

======

46

47

Local attackers could obtain sensitive information or possibly cause a

48

Denial of Service condition.

49

50

Workaround

51

==========

52

53

There is no known workaround at this time.

54

55

Resolution

56

==========

57

58

All LibXfont2 users should upgrade to the latest version:

59

60

  # emerge --sync

61

  # emerge --ask --oneshot --verbose ">=x11-libs/libXfont2-2.0.2"

62

63

All LibXfont users should upgrade to the latest version:

64

65

  # emerge --sync

66

  # emerge --ask --oneshot --verbose ">=x11-libs/libXfont-1.5.3"

67

68

References

69

==========

70

71

[ 1 ] CVE-2017-13720

72

      https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13720

73

[ 2 ] CVE-2017-13722

74

      https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13722

75

76

Availability

77

============

78

79

This GLSA and any updates to it are available for viewing at

80

the Gentoo Security Website:

81

82

 https://security.gentoo.org/glsa/201711-08

83

84

Concerns?

Gentoo Archives: gentoo-announce

Attachments

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 201711-08
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	https://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: Normal
8	Title: LibXfont, LibXfont2: Multiple vulnerabilities
9	Date: November 11, 2017
10	Bugs: #634044
11	ID: 201711-08
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	Multiple vulnerabilities have been found in LibXfont and Libxfont2, the
19	worst of which could allow attackers to cause a Denial of Service
20	condition.
21
22	Background
23	==========
24
25	X.Org Xfont library
26
27	Affected packages
28	=================
29
30	-------------------------------------------------------------------
31	Package / Vulnerable / Unaffected
32	-------------------------------------------------------------------
33	1 x11-libs/libXfont2 < 2.0.2 >= 2.0.2
34	2 x11-libs/libXfont < 1.5.3 >= 1.5.3
35	-------------------------------------------------------------------
36	2 affected packages
37
38	Description
39	===========
40
41	Multiple vulnerabilities have been discovered in LibXfont and
42	LibXfont2. Please review the referenced CVE identifiers for details.
43
44	Impact
45	======
46
47	Local attackers could obtain sensitive information or possibly cause a
48	Denial of Service condition.
49
50	Workaround
51	==========
52
53	There is no known workaround at this time.
54
55	Resolution
56	==========
57
58	All LibXfont2 users should upgrade to the latest version:
59
60	# emerge --sync
61	# emerge --ask --oneshot --verbose ">=x11-libs/libXfont2-2.0.2"
62
63	All LibXfont users should upgrade to the latest version:
64
65	# emerge --sync
66	# emerge --ask --oneshot --verbose ">=x11-libs/libXfont-1.5.3"
67
68	References
69	==========
70
71	[ 1 ] CVE-2017-13720
72	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13720
73	[ 2 ] CVE-2017-13722
74	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13722
75
76	Availability
77	============
78
79	This GLSA and any updates to it are available for viewing at
80	the Gentoo Security Website:
81
82	https://security.gentoo.org/glsa/201711-08
83
84	Concerns?