Bug 1049692 (CVE-2017-13722) - VUL-0: CVE-2017-13722: libXfont: Missing boundary check in pcfGetProperties
Summary: VUL-0: CVE-2017-13722: libXfont: Missing boundary check in pcfGetProperties
Status: RESOLVED FIXED
Alias: CVE-2017-13722
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL:
Whiteboard: CVSSv3:RedHat:CVE-2017-13722:4.4:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2017-07-20 15:28 UTC by Johannes Segitz
Modified: 2018-03-23 15:42 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 3 Marcus Meissner 2017-08-29 09:20:27 UTC
Mitre assigned CVE-2017-13722.
Comment 5 Michal Srb 2017-09-04 15:11:04 UTC
Submitted, reassigning to security team.
Comment 8 Bernhard Wiedemann 2017-11-28 15:30:05 UTC
This is an autogenerated message for OBS integration:
This bug (1049692) was mentioned in
https://build.opensuse.org/request/show/546248 42.2+42.3 / libXfont
Comment 9 Swamp Workflow Management 2017-12-08 23:10:25 UTC
openSUSE-SU-2017:3256-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1049692,1050459,1054285
CVE References: CVE-2017-13720,CVE-2017-13722
Sources used:
openSUSE Leap 42.2 (src):    libXfont-1.5.1-9.3.1
Comment 10 Swamp Workflow Management 2018-01-26 20:14:13 UTC
SUSE-SU-2018:0246-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1049692,1050459,1054285,1065386
CVE References: CVE-2017-13720,CVE-2017-13722,CVE-2017-16612
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    xorg-x11-libs-7.4-8.26.50.5.3
SUSE Linux Enterprise Server 11-SP4 (src):    xorg-x11-libs-7.4-8.26.50.5.3
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    xorg-x11-libs-7.4-8.26.50.5.3
Comment 11 Swamp Workflow Management 2018-02-01 14:10:14 UTC
SUSE-SU-2018:0334-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1049692,1050459,1054285
CVE References: CVE-2017-13720,CVE-2017-13722
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    libXfont-1.5.1-11.3.12
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    libXfont-1.5.1-11.3.12
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    libXfont-1.5.1-11.3.12
SUSE Linux Enterprise Server 12-SP3 (src):    libXfont-1.5.1-11.3.12
SUSE Linux Enterprise Server 12-SP2 (src):    libXfont-1.5.1-11.3.12
SUSE Linux Enterprise Desktop 12-SP3 (src):    libXfont-1.5.1-11.3.12
SUSE Linux Enterprise Desktop 12-SP2 (src):    libXfont-1.5.1-11.3.12
Comment 12 Marcus Meissner 2018-02-01 14:15:42 UTC
released
Comment 13 Swamp Workflow Management 2018-02-01 23:10:41 UTC
openSUSE-SU-2018:0343-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1049692,1050459,1054285
CVE References: CVE-2017-13720,CVE-2017-13722
Sources used:
openSUSE Leap 42.3 (src):    libXfont-1.5.1-13.1