Bug 1050459 - (CVE-2017-16611) VUL-1: CVE-2017-16611: libXfont,xorg-x11-libs:: User can trigger reads on special files as root allowing for DoS
(CVE-2017-16611)
VUL-1: CVE-2017-16611: libXfont,xorg-x11-libs:: User can trigger reads on spe...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Normal
: ---
Assigned To: Security Team bot
Security Team bot
CVSSv2:SUSE:CVE-2017-16611:2.1:(AV:L/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-07-25 15:30 UTC by Johannes Segitz
Modified: 2020-07-27 10:13 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
Proposed patches (3.16 KB, patch)
2017-10-27 06:17 UTC, Johannes Segitz
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Comment 6 Michal Srb 2017-09-04 15:11:13 UTC
Submitted, reassigning to security team.
Comment 10 Johannes Segitz 2017-10-27 06:17:03 UTC
Created attachment 746103 [details]
Proposed patches
Comment 12 Marcus Meissner 2017-11-06 18:58:16 UTC
CVE-2017-16611
Comment 13 Tony Yuan 2017-11-14 07:07:26 UTC
I am testing the update for sle12sp2 ans sle12sp3:
	xorg-x11-server-7.6_1.18.3-76.6.1
	xorg-x11-server-sdk-7.6_1.18.3-76.6.1
	xorg-x11-server-extra-7.6_1.18.3-76.6.1 


The following steps is still triggering a reboot on all vm hosts after installing the news packages above.

mkdir /tmp/fakefonts
ln -s /dev/watchdog /tmp/fakefonts/fonts.dir
xset +fp /tmp/fakefonts


Does the patch fix the bug?
Comment 14 Michal Srb 2017-11-20 09:55:33 UTC
(In reply to Tony Yuan from comment #13)
> I am testing the update for sle12sp2 ans sle12sp3:
> 	xorg-x11-server-7.6_1.18.3-76.6.1
> 	xorg-x11-server-sdk-7.6_1.18.3-76.6.1
> 	xorg-x11-server-extra-7.6_1.18.3-76.6.1 

But the fix is in libXfont package on SLE12 and xorg-x11-libs package on SLE11...
Comment 15 Marcus Meissner 2017-11-20 10:08:40 UTC
I clarified this and adjusted the patchinfo to avoid this confusion.
Comment 17 Marcus Meissner 2017-11-25 11:47:03 UTC
CRD: 2017-11-28
Comment 18 Marcus Meissner 2017-11-28 15:05:44 UTC
https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=7b377456f95d2ec3ead40f4fb74ea620191f88c8


Open files with O_NOFOLLOW. (CVE-2017-16611)
A non-privileged X client can instruct X server running under root to open any
file by creating own directory with "fonts.dir", "fonts.alias" or any font file
being a symbolic link to any other file in the system. X server will then open
it. This can be issue with special files such as /dev/watchdog.

Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
Comment 19 Michal Srb 2017-11-28 15:08:34 UTC
Submitted to OBS: https://build.opensuse.org/request/show/546248
Comment 20 Bernhard Wiedemann 2017-12-04 19:40:05 UTC
This is an autogenerated message for OBS integration:
This bug (1050459) was mentioned in
https://build.opensuse.org/request/show/548189 Factory / libXfont
https://build.opensuse.org/request/show/548190 Factory / libXfont2
Comment 21 Swamp Workflow Management 2017-12-08 23:10:37 UTC
openSUSE-SU-2017:3256-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1049692,1050459,1054285
CVE References: CVE-2017-13720,CVE-2017-13722
Sources used:
openSUSE Leap 42.2 (src):    libXfont-1.5.1-9.3.1
Comment 22 Swamp Workflow Management 2018-01-26 20:14:23 UTC
SUSE-SU-2018:0246-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1049692,1050459,1054285,1065386
CVE References: CVE-2017-13720,CVE-2017-13722,CVE-2017-16612
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    xorg-x11-libs-7.4-8.26.50.5.3
SUSE Linux Enterprise Server 11-SP4 (src):    xorg-x11-libs-7.4-8.26.50.5.3
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    xorg-x11-libs-7.4-8.26.50.5.3
Comment 23 Swamp Workflow Management 2018-02-01 14:10:27 UTC
SUSE-SU-2018:0334-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1049692,1050459,1054285
CVE References: CVE-2017-13720,CVE-2017-13722
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    libXfont-1.5.1-11.3.12
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    libXfont-1.5.1-11.3.12
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    libXfont-1.5.1-11.3.12
SUSE Linux Enterprise Server 12-SP3 (src):    libXfont-1.5.1-11.3.12
SUSE Linux Enterprise Server 12-SP2 (src):    libXfont-1.5.1-11.3.12
SUSE Linux Enterprise Desktop 12-SP3 (src):    libXfont-1.5.1-11.3.12
SUSE Linux Enterprise Desktop 12-SP2 (src):    libXfont-1.5.1-11.3.12
Comment 24 Marcus Meissner 2018-02-01 14:16:01 UTC
released
Comment 25 Swamp Workflow Management 2018-02-01 23:10:52 UTC
openSUSE-SU-2018:0343-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1049692,1050459,1054285
CVE References: CVE-2017-13720,CVE-2017-13722
Sources used:
openSUSE Leap 42.3 (src):    libXfont-1.5.1-13.1