Security update for libXfont
This update for libXfont fixes several issues.
These security issues were fixed:
- CVE-2017-13720: Improper check for end of string in PatterMatch caused invalid reads (bsc#1054285)
- CVE-2017-13722: Malformed PCF file could have caused DoS or leak information (bsc#1049692)
- Prevent the X server from accessing arbitrary files as root. It is not possible to leak information, but special files can be touched allowing for causing side effects (bsc#1050459)
-
Submitted by
Michal Srb (michalsrb)
Fixed bugs
bnc#1054285
VUL-1: CVE-2017-13720: libXfont: string overread / Check for end of string in PatterMatch.
bnc#1050459
VUL-1: CVE-2017-16611: libXfont,xorg-x11-libs:: User can trigger reads on special files as root allowing for DoS
bnc#1049692
VUL-0: CVE-2017-13722: libXfont: Missing boundary check in pcfGetProperties
