Bug 1050459 (CVE-2017-16611)

Summary:	VUL-1: CVE-2017-16611: libXfont,xorg-x11-libs:: User can trigger reads on special files as root allowing for DoS
Product:	[Novell Products] SUSE Security Incidents	Reporter:	Johannes Segitz <jsegitz>
Component:	Incidents	Assignee:	Security Team bot <security-team>
Status:	RESOLVED FIXED	QA Contact:	Security Team bot <security-team>
Severity:	Normal
Priority:	P4 - Low	CC:	meissner, msrb, tyuan
Version:	unspecified
Target Milestone:	---
Hardware:	Other
OS:	Other
Whiteboard:	CVSSv2:SUSE:CVE-2017-16611:2.1:(AV:L/AC:L/Au:N/C:N/I:N/A:P) CVSSv3:SUSE:CVE-2017-16611:3.3:(AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)
Found By:	---	Services Priority:
Business Priority:		Blocker:	---
Marketing QA Status:	---	IT Deployment:	---
Attachments:	Proposed patches

Comment 6 Michal Srb 2017-09-04 15:11:13 UTC

Submitted, reassigning to security team.

Comment 10 Johannes Segitz 2017-10-27 06:17:03 UTC

Created attachment 746103 [details]
Proposed patches

Comment 12 Marcus Meissner 2017-11-06 18:58:16 UTC

CVE-2017-16611

Comment 13 Tony Yuan 2017-11-14 07:07:26 UTC

I am testing the update for sle12sp2 ans sle12sp3:
	xorg-x11-server-7.6_1.18.3-76.6.1
	xorg-x11-server-sdk-7.6_1.18.3-76.6.1
	xorg-x11-server-extra-7.6_1.18.3-76.6.1 


The following steps is still triggering a reboot on all vm hosts after installing the news packages above.

mkdir /tmp/fakefonts
ln -s /dev/watchdog /tmp/fakefonts/fonts.dir
xset +fp /tmp/fakefonts


Does the patch fix the bug?

Comment 14 Michal Srb 2017-11-20 09:55:33 UTC

(In reply to Tony Yuan from comment #13)
> I am testing the update for sle12sp2 ans sle12sp3:
> 	xorg-x11-server-7.6_1.18.3-76.6.1
> 	xorg-x11-server-sdk-7.6_1.18.3-76.6.1
> 	xorg-x11-server-extra-7.6_1.18.3-76.6.1 

But the fix is in libXfont package on SLE12 and xorg-x11-libs package on SLE11...

Comment 15 Marcus Meissner 2017-11-20 10:08:40 UTC

I clarified this and adjusted the patchinfo to avoid this confusion.

Comment 17 Marcus Meissner 2017-11-25 11:47:03 UTC

CRD: 2017-11-28

Comment 18 Marcus Meissner 2017-11-28 15:05:44 UTC

https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=7b377456f95d2ec3ead40f4fb74ea620191f88c8


Open files with O_NOFOLLOW. (CVE-2017-16611)
A non-privileged X client can instruct X server running under root to open any
file by creating own directory with "fonts.dir", "fonts.alias" or any font file
being a symbolic link to any other file in the system. X server will then open
it. This can be issue with special files such as /dev/watchdog.

Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>

Comment 19 Michal Srb 2017-11-28 15:08:34 UTC

Submitted to OBS: https://build.opensuse.org/request/show/546248

Comment 20 Bernhard Wiedemann 2017-12-04 19:40:05 UTC

This is an autogenerated message for OBS integration:
This bug (1050459) was mentioned in
https://build.opensuse.org/request/show/548189 Factory / libXfont
https://build.opensuse.org/request/show/548190 Factory / libXfont2

Comment 21 Swamp Workflow Management 2017-12-08 23:10:37 UTC

openSUSE-SU-2017:3256-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1049692,1050459,1054285
CVE References: CVE-2017-13720,CVE-2017-13722
Sources used:
openSUSE Leap 42.2 (src):    libXfont-1.5.1-9.3.1

Comment 22 Swamp Workflow Management 2018-01-26 20:14:23 UTC

SUSE-SU-2018:0246-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1049692,1050459,1054285,1065386
CVE References: CVE-2017-13720,CVE-2017-13722,CVE-2017-16612
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    xorg-x11-libs-7.4-8.26.50.5.3
SUSE Linux Enterprise Server 11-SP4 (src):    xorg-x11-libs-7.4-8.26.50.5.3
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    xorg-x11-libs-7.4-8.26.50.5.3

Comment 23 Swamp Workflow Management 2018-02-01 14:10:27 UTC

SUSE-SU-2018:0334-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1049692,1050459,1054285
CVE References: CVE-2017-13720,CVE-2017-13722
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    libXfont-1.5.1-11.3.12
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    libXfont-1.5.1-11.3.12
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    libXfont-1.5.1-11.3.12
SUSE Linux Enterprise Server 12-SP3 (src):    libXfont-1.5.1-11.3.12
SUSE Linux Enterprise Server 12-SP2 (src):    libXfont-1.5.1-11.3.12
SUSE Linux Enterprise Desktop 12-SP3 (src):    libXfont-1.5.1-11.3.12
SUSE Linux Enterprise Desktop 12-SP2 (src):    libXfont-1.5.1-11.3.12

Comment 24 Marcus Meissner 2018-02-01 14:16:01 UTC

released

Comment 25 Swamp Workflow Management 2018-02-01 23:10:52 UTC

openSUSE-SU-2018:0343-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1049692,1050459,1054285
CVE References: CVE-2017-13720,CVE-2017-13722
Sources used:
openSUSE Leap 42.3 (src):    libXfont-1.5.1-13.1