Overview

File _patchinfo of Package patchinfo.5549

<patchinfo incident="5549">
  <issue id="1054285" tracker="bnc">VUL-1: CVE-2017-13720: libXfont: string overread / Check for end of string in PatterMatch.</issue>
  <issue id="1050459" tracker="bnc">VUL-1: EMBARGOED: xorg-x11-server: User can trigger reads on special files as root allowing for DoS</issue>
  <issue id="1049692" tracker="bnc">VUL-0: CVE-2017-13722: libXfont: Missing boundary check in pcfGetProperties</issue>
  <issue id="2017-13722" tracker="cve" />
  <issue id="2017-13720" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>michalsrb</packager>
  <description>This update for libXfont fixes several issues.

These security issues were fixed:

- CVE-2017-13720: Improper check for end of string in PatterMatch caused invalid reads (bsc#1054285)
- CVE-2017-13722: Malformed PCF file could have caused DoS or leak information (bsc#1049692)
- Prevent the X server from accessing arbitrary files as root. It is not possible to leak information, but special files can be touched allowing for causing side effects (bsc#1050459)
</description>
  <summary>Security update for libXfont</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places