Bugzilla – Bug 1050459
VUL-1: CVE-2017-16611: libXfont,xorg-x11-libs:: User can trigger reads on special files as root allowing for DoS
Last modified: 2020-07-27 10:13:12 UTC
Submitted, reassigning to security team.
Created attachment 746103 [details] Proposed patches
CVE-2017-16611
I am testing the update for sle12sp2 ans sle12sp3: xorg-x11-server-7.6_1.18.3-76.6.1 xorg-x11-server-sdk-7.6_1.18.3-76.6.1 xorg-x11-server-extra-7.6_1.18.3-76.6.1 The following steps is still triggering a reboot on all vm hosts after installing the news packages above. mkdir /tmp/fakefonts ln -s /dev/watchdog /tmp/fakefonts/fonts.dir xset +fp /tmp/fakefonts Does the patch fix the bug?
(In reply to Tony Yuan from comment #13) > I am testing the update for sle12sp2 ans sle12sp3: > xorg-x11-server-7.6_1.18.3-76.6.1 > xorg-x11-server-sdk-7.6_1.18.3-76.6.1 > xorg-x11-server-extra-7.6_1.18.3-76.6.1 But the fix is in libXfont package on SLE12 and xorg-x11-libs package on SLE11...
I clarified this and adjusted the patchinfo to avoid this confusion.
CRD: 2017-11-28
https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=7b377456f95d2ec3ead40f4fb74ea620191f88c8 Open files with O_NOFOLLOW. (CVE-2017-16611) A non-privileged X client can instruct X server running under root to open any file by creating own directory with "fonts.dir", "fonts.alias" or any font file being a symbolic link to any other file in the system. X server will then open it. This can be issue with special files such as /dev/watchdog. Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
Submitted to OBS: https://build.opensuse.org/request/show/546248
This is an autogenerated message for OBS integration: This bug (1050459) was mentioned in https://build.opensuse.org/request/show/548189 Factory / libXfont https://build.opensuse.org/request/show/548190 Factory / libXfont2
openSUSE-SU-2017:3256-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1049692,1050459,1054285 CVE References: CVE-2017-13720,CVE-2017-13722 Sources used: openSUSE Leap 42.2 (src): libXfont-1.5.1-9.3.1
SUSE-SU-2018:0246-1: An update that solves three vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1049692,1050459,1054285,1065386 CVE References: CVE-2017-13720,CVE-2017-13722,CVE-2017-16612 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): xorg-x11-libs-7.4-8.26.50.5.3 SUSE Linux Enterprise Server 11-SP4 (src): xorg-x11-libs-7.4-8.26.50.5.3 SUSE Linux Enterprise Debuginfo 11-SP4 (src): xorg-x11-libs-7.4-8.26.50.5.3
SUSE-SU-2018:0334-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1049692,1050459,1054285 CVE References: CVE-2017-13720,CVE-2017-13722 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP3 (src): libXfont-1.5.1-11.3.12 SUSE Linux Enterprise Software Development Kit 12-SP2 (src): libXfont-1.5.1-11.3.12 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src): libXfont-1.5.1-11.3.12 SUSE Linux Enterprise Server 12-SP3 (src): libXfont-1.5.1-11.3.12 SUSE Linux Enterprise Server 12-SP2 (src): libXfont-1.5.1-11.3.12 SUSE Linux Enterprise Desktop 12-SP3 (src): libXfont-1.5.1-11.3.12 SUSE Linux Enterprise Desktop 12-SP2 (src): libXfont-1.5.1-11.3.12
released
openSUSE-SU-2018:0343-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1049692,1050459,1054285 CVE References: CVE-2017-13720,CVE-2017-13722 Sources used: openSUSE Leap 42.3 (src): libXfont-1.5.1-13.1